Known Issues in Cloudera Manager 7.1.4
- OOZIE-3549 Oozie fails to start when Cloudera Manager 7.x is used with Cloudera Runtime 6.x and Java 11 because Oozie does not set the trust-store password.
- The issue is fixed in OOZIE-3549 and is already included in CDP 7.x but not in CDH 6.x. If you are on CDH 6.x and want to upgrade to Java 11 or your Cloudera Manager to 7.x then you must request a patch.
- OPSAPS-58277 Cloudera Manager Upgrade Fails on Ubuntu 18
- On Ubuntu 18 only, if CDH daemon process are running, upgrading Cloudera Manager from version 7.1.4 or below, or from version 6.3.4 or below, will fail with a Segmentation fault. You must stop all clusters before upgrading Cloudera Manager 7.1.x .
- OPSAPS- 58269 Staleness in Private Cloud Base 7.1.1 cluster [Ranger, Atlas, Kudu, Spark, Livy, and Hive on Tez] after upgrading Cloudera Manager
- When you upgrade Cloudera Manager from 7.1.1 or 7.1.2 to 7.1.4, a staleness for Ranger service configurations is expected due to improvement in Cloudera Manager to capture the required values for Kafka brokers, Kafka security protocol configuration, and Logging Threshold for Atlas in addition to improvements for Atlas Gateway role deployment.
- CDPQE-238 Trial installer fails when using SLES 12 SP 5
-
Using the
cloudera-manager-installer.bin
(Trial installer) to install Cloudera Manager will fail when using the SLES 12 SP5 operating system. - CDPD-17603 Java version requirements for IBM PPC
- You must use OpenJDK version 8u161 or higher This version is not available from the Cloudera download site.
- TSB-431: Cloudera Manager 6.x issue with the service role Resume
- If a selected service role on a node is restarted and fails, and the customer clicks the "Resume" button in Cloudera Manager, the service role on all of the nodes will be restarted concurrently.
- OPSAPS-54299 – Installing Hive on Tez and HMS in the incorrect order causes HiveServer failure
- You need to install Hive on Tez and HMS in the correct order; otherwise, HiveServer fails. You need to install additional HiveServer roles to Hive on Tez, not the Hive service; otherwise, HiveServer fails. See Installing Hive on Tez for the correct procedures.
- OPSAPS-65189: Accessing Cloudera Manager through Knox displays the following error:
Bad Message 431 reason: Request Header Fields Too Large
Workaround: Modify the Cloudera Manager Server configuration /etc/default/cloudera-scm-server file to increase the header size from 8 KB, which is the default value, to 65 KB in the Java options as shown below:export CMF_JAVA_OPTS="...existing options... -Dcom.cloudera.server.cmf.WebServerImpl.HTTP_HEADER_SIZE_BYTES=65536 -Dcom.cloudera.server.cmf.WebServerImpl.HTTPS_HEADER_SIZE_BYTES=65536"
Technical Service Bulletins
- TSB 2021-488: Cloudera Manager is vulnerable to Cross-Site-Scripting attack
- Cloudera Manager may be vulnerable to Cross-Site-Scripting vulnerabilities identified by CVE-2021-29243 and CVE-2021-32482. A remote attacker can exploit this vulnerability and execute malicious code in the affected application.
- CVE
-
- CVE-2021-29243
- CVE-2021-32482
- Impact
- This is an XSS issue. An administrator could be tricked to click on a link that may expose certain information such as session cookies.
- Action required
-
-
- Upgrade (recommended)
- Upgrade to a version containing the fix.
-
- Workaround
- None
-
- Knowledge article
- For the latest update on this issue see the corresponding Knowledge article:
- TSB 2021-530: Local File Inclusion (LFI) Vulnerability in Navigator
- After successful user authentication to the Navigator Metadata Server and enabling dev mode of Navigator Metadata Server, local file inclusion can be performed through the Navigator’s embedded Solr web UI. All files can be accessed for reading which can be opened as cloudera-scm OS user. This is related to Apache Solr CVE-2020-13941.
- Impact
-
- Attackers can read files on the Navigator Metadata Server host with the OS user privileges running the Navigator Metadata Server.
- How to confirm the vulnerability
- Open
https://<navigator_host>:<navigator_port>/debug
Please check for Dev-mode status. To make the exploit work, dev-mode must be enabled. Please note that restarting the NMS automatically disables dev-mode.
- Open
- Action required
-
-
- Upgrade (recommended)
-
- Upgrade to Cloudera Manager 7.4.4 or higher
- Please contact Cloudera Support for patched version of Cloudera Manager 6.3.4
-
- Workaround
-
- For Cloudera Manager 6.x:
- Login to the Navigator Metadata Server host and edit these files:
/opt/cloudera/cm/cloudera-navigator-server/search-schema/solr/2900/nav_elements/conf/solrconfig.xml /opt/cloudera/cm/cloudera-navigator-server/search-schema/solr/2900/nav_relations/conf/solrconfig.xml
- Remove the entry:
<requestHandler name="/replication" class="solr.ReplicationHandler" startup="lazy" />
- Login to the Navigator Metadata Server host and edit these files:
- For Cloudera Manager 5.x:
- Login to the Navigator Metadata Server host and edit these files:
/usr/share/cmf/cloudera-navigator-server/search-schema/solr/2900/nav_elements/conf/solrconfig.xml /usr/share/cmf/cloudera-navigator-server/search-schema/solr/2900/nav_relations/conf/solrconfig.xml
- Remove the
entry:
<requestHandler name="/replication" class="solr.ReplicationHandler" startup="lazy" />
- Login to the Navigator Metadata Server host and edit these files:
- Restart Navigator Metadata Server
- This is a temporary solution and has to be followed-up with the recommended long term solution below.
- For Cloudera Manager 6.x:
-
- Knowledge article
- For the latest update on this issue see the corresponding Knowledge article:
TSB 2021-530: CVE-2021-30131 - Local File Inclusion (LFI) Vulnerability in Navigator