Fixed Issues in Cloudera Manager 7.2.4

Fixed issues in Cloudera Manager 7.2.4.

Cloudera Bug: OPSAPS-58733: [SCM] Unable to upload diagnostic bundles when proxy username is blank
This change fixes the issue of Cloudera Manager being unable to upload the diagnostic bundle via proxy, if a proxy user name is not provided.
Cloudera Bug: OPSAPS-58732: Fix maintenance mode UI
Previously, a host that was commissioned but not in Maintenance Mode could not be taken out of Maintenance Mode via the CM UI. This issue has been fixed. Affects versions CM >= 7.2.4.
Cloudera Bug: OPSAPS-58729: Add Ranger to UI list that supports URL override in DbTestConnectionStep
Ranger supports overriding the JDBC URL override in Cloudera Runtime 7.1.5 and higher. The Add Service wizard in Cloudera Manager currently does not take into account the cluster version and will always display a JDBC URL override option for Ranger. However, overriding the JDBC URL for Ranger will only work for Cloudera Runtime 7.1.5 and higher.
Cloudera Bug: OPSAPS-58661: SSL-enabled Zookeeper session timeouts in Kafka
The default value for the ZooKeeper session timeout in Kafka has been increased.
Cloudera Bug: OPSAPS-58582: No Java JDK is detected on the host - regression caused by OPSAPS-42725
Previously, setting JAVA_HOME (CM->Hosts->Host Config->JAVA_HOME) to a custom location and restarting Cloudera Manager Agents on the hosts resulted in the configuration error "No Java JDK is detected on the host" under CM->Home->Configuration on Cloudera Manager. This issue has been fixed.
Cloudera Bug: OPSAPS-58488: SMM is missing from ranger users for SchemaRegistry
Fixed an issue where SMM could not connect to Ranger with CM 7.2.3 and CDH 7.1.5.
Cloudera Bug: OPSAPS-58397: Make the Schema Registry hashing algorithm configurable
Added new option to Schema Registry configuration where the users can change the hashing algorithm used to generate schema fingerprints. The default value is MD5.
Cloudera Bug: OPSAPS-58390: Zookeeper fails to start if trustStore.type is not set
In CM 7.2.4 and later, the keystore type (defaults to JKS) of the keystore and truststore files used for ZooKeeper TLS will be set in the generated zoo.cfg configuration file. If you use a custom keystore format for the KeyStore and TrustStore files on the cluster, change the keystore type in the global CM configuration, following these steps:
  • Open Cloudera Manager
  • Choose the "Administration" menu
  • Choose "Settings" menu
  • Search and set the configuration: "Java Keystore Type"

If for any reason you need to set a different keystore type only for ZooKeeper and you need to override the global CM configuration, then add the following configurations to your zoo.cfg safety valves in ZooKeeper configuration (in the example we are defining "JKS" format):

  • ssl.keyStore.type=JKS
  • ssl.trustStore.type=JKS
  • ssl.quorum.keyStore.type=JKS
  • ssl.quorum.trustStore.type=JKS
Cloudera Bug: OPSAPS-58374: Some parameters like "zeppelin.ssl.keystore.type" are not being written to zeppelin-site.xml
Fixes an issue where some parameters were not being written to zeppelin-site.xml.
Cloudera Bug: OPSAPS-58319: KafkaEntitiesInfoFetcher does not handle empty response from broker topics endpoint
During startup, Kafka brokers respond with an empty collection on the /api/topics endpoint. If topic names are fetched at this time, Kafka metrics may be wiped. This is due to the empty response not being handled correctly.
Cloudera Bug: OPSAPS-58277: Calls to the third-party ptrace_do library fail on Ubuntu 18
This issue has been fixed. Clusters no longer have to be stopped prior to CM upgrade on Ubuntu 18 when upgrading from CM 6.3.4 or higher, or CM 7.1.5 or higher.
Cloudera Bug: OPSAPS-58242: Improve secondary group lookup performance in supervisord

In environments using AD to manage user groups, service startup could be very slow if there are thousands of groups. This was due to CM agent downloading all the groups to check against the current service user every time a role is started.

The CM agent has been modified to use the system call to download only groups attached to a particular user, which should speed up role startup. This only applies in environments with python 2.7 or later. Environments using python 2.6 (ie Redhat 6 based OS) will fallback to the old behavior.

Cloudera Bug: OPSAPS-58206: HiveServer2 crashing due to the permission issue in loading ozone-site.xml

Fixed the permission issue of loading ozone-site.xml.

Cloudera Bug: OPSAPS-58157: Schema Registry swagger page does not work due to CSP violation
Schema Registry's swagger page now correctly renders and the browser does not report a Content Security Policy violation error.
Cloudera Bug: OPSAPS-58153: Schema Registry role log is not visible through CM UI
In versions before Cloudera Manager 7.2.3, Schema Registry logs were not displayed in the Cloudera Manager UI. The Schema Registry log format was changed to make it consistent with the log format of other CDP components. Schema Registry Server role logs are now correctly displayed in Cloudera Manager.

Download full Schema Registry logs from Cloudera Manager and analyze logs using an external tool.

Cloudera Bug: OPSAPS-58146: CM doesn't consider version when creating application links
YarnWorkRelatedLinkGenerator was modified to consider the CDH/CDP version. For CDH releases the UI1 link will be generated, for CDP and later the UI2.
Cloudera Bug: OPSAPS-58071: CM - Solr Server Log Details page does not show log messages
Newer Solr Server role logs using decimal dots in their timestamps are shown correctly on the corresponding Role Log File page of Cloudera Manager.
Cloudera Bug: OPSAPS-58001: Yarn aggregation job is missing Yarn metric folders because of timezone issues
Fixed an issue where YarnUsageAggregation didn't find directories to aggregate for the IST timezone.
Cloudera Bug: OPSAPS-57942: Fix jobInputCandidateDirs debug logging in YarnUsageAggregator
YarnUsageAggregation candidate directory debug logging is fixed.
Cloudera Bug: OPSAPS-58107: CSD support to configure caching in SMM Authorizer
SMM request processing is sped up by introducing an authorization cache. The default TTL of the cache is 30 seconds and it is configurable in CM. Setting the TTL to 0 disables the cache entirely.
Cloudera Bug: OPSAPS-57907: Kafka metric collector adapter causing too high CPU load
Previously, if a large number of topic partitions are created on a cluster, the Cloudera Manager Agent could generate a high CPU load. This was caused by the Kafka metric collector adapter carrying out excessive regex matching.

The Cloudera Manager Agent no longer generates a high CPU load when fetching Kafka metrics.

Cloudera Bug: OPSAPS-57814: Implement CM upgrade handlers for Oozie 7.1.4 and 7.2.2 (was: 7.1.1 to 7.1.4 upgrade is failing when autoTLS is enabled)
CM will populate the newly introduced ZooKeeper SSL fields for Oozie when AutoTLS is enabled on the Cluster and SSL is enabled for ZooKeeper
Cloudera Bug: OPSAPS-57746: Implement FIPS config param
Cloudera Manager will support running under FIPS compliant mode. It is disabled by default. To enable it add the below to CMF_JAVA_OPTS in /etc/default/cloudera-scm-server of the server host:


Cloudera Bug: OPSAPS-58617: cdp-proxy topolgy is missing identity-assertion
Added identity-assertion provider into the cdp-proxy Knox topology.
Cloudera Bug: OPSAPS-57446: Make 'defaultFS' in Core Configuration service optional, fallback to local disk somewhere
New behavior: Strict validation requiring the Default Filesystem to be specified for the Core Configuration service in base clusters has been removed. Affects all CM versions.
Cloudera Bug: OPSAPS-57268: KDC Connectivity Test fails with AD_USE_SIMPLE_AUTH set to true
KDC Server Connection health check bug fixed, where it showed false alert, when CM was setup with simple auth.
Cloudera Bug: OPSAPS-57099: Selecting "No dependencies" incorrectly selects dependencies
Fixed the issue where selecting no optional dependencies for a new service in the Add Service wizard incorrectly set dependencies.
Cloudera Bug: OPSAPS-56650: Generate Missing Credentials Fails due to issue with 'ldapdelete' command
The components in DomainNames (DNs) viz. cn, dc, ou are valid even with whitespaces, due to which the generate missing credentials script in Cloudera Manager fails. This issue has been fixed.
Cloudera Bug: OPSAPS-56577: Customized principle name results in service start failure
Previously, if a Kerberos principal other than "yarn" is configured for the YARN service, then Cloudera Manager will erroneously skip adding the custom principal to the YARN keytab, causing YARN to fail to start due to a Kerberos authentication failure. This also affects Ambari to Cloudera Manager migrations, if Ambari was configured with a princpal other than "yarn" for the YARN service. A similar issue affected Hive, when using Hive LLAP.

This issue of the service restart failure while using the custom principal name has been fixed in CM>=7.2.4.

Note: Reset ACLs on YARN every time the yarn principal name is changed.

Cloudera Bug: OPSAPS-56437: Grant ranger hdfs policy on for configured hive group
CDP upgrade will grant Ranger HDFS permission to the Sentry Hive group name configured in HDFS configuration.
Cloudera Bug: OPSAPS-56239: TEZ_JARS classpath directory configuration should not be hardcoded in
This issue has been fixed.
Cloudera Bug: OPSAPS-58477: Support custom Kerberos principals for remaining CDP services that don't
This issue has been fixed.
Cloudera Bug: OPSAPS-58847: Remove TLSv1.2 from the list of disabled protocols in ATLAS by default
Atlas TLS protocol excludes changed to TLSv1 and TLSv1.1 instead of earlier TLSv1.2
Cloudera Bug: OPSAPS-58765: Allow customers to configure empty value for CDP Private Cloud repository
This issue has been fixed.