Fixed Issues in Cloudera Manager 7.3.1

Fixed issues in Cloudera Manager 7.3.1.

Cloudera Bug: OPSAPS-48440: Misleading SOLR monitoring warnings in the agent log

Eliminated the misleading SOLR monitoring-related warnings from the agent log file.

Cloudera Bug: OPSAPS-49837 Test Database Connection feature of ‘add service’ wizard now supports more MySQL variants

When adding a service, the Test Database Connection command now works when MySQL replication is enabled. This does not guarantee that the CDP service itself will work with MySQL replication using GTID, only that the DDL commands used to test the connection work with MySQL with GTID replication.

Note that cnn itself does not work with MySQL replication using GTID.

Cloudera Bug: OPSAPS-55872: New configuration properties in the Cruise Control service

The following properties were added to Cruise Control: self.healing.goals, hard.goals and anomaly.detection.goals.

Cloudera Bug: OPSAPS-56239: TEZ_JARS classpath directory configuration should not be hardcoded in hive.sh

The parcel root directory had initially been hardcoded in various locations, causing issues if a different path was utilized. The parcels root directory is no longer hardcoded, and is now dynamically set.

Cloudera Bug: OPSAPS-56328: Changing Kafka Connect port numbers to non-ephemeral ports

Kafka Connect default ports are now non-ephemeral ports.

Cloudera Bug: OPSAPS-56999: ranger.usersync.keystore.password is not overridden via safety valves

Fixed a bug where the ranger.usersync.keystore.password configuration property specified in an Advanced Configuration Snippet did not update the password.

Cloudera Bug: OPSAPS-57097: Disable Kerberos referrals by default for all roles

Fixed an issue that occurred when kerberos was enabled and hosts were running JDK 1.8u232 or later, JDK 11 or JDK 13. Startup of most services failed with impersonation errors. This resolves that issue by disabling kerberos referrals by default for all Java services.

Cloudera Bug: OPSAPS-57595: Unused Reports Manager tuning parameters have been removed

Parameters related to older Lucene versions have been removed.

Cloudera Bug: OPSAPS-57937: No alerts are generated when the Hbase process is in a hung state

HBase master monitoring (canary) showed green status even if the master did not initialize yet. Added an extra check to query HBase to see whether it is up and running.

Cloudera Bug: OPSAPS-58157: Schema Registry swagger page does not work due to CSP violation

The Swagger interface (API Explorer) for Schema Registry now correctly renders and the browser does not report a Content Security Policy violation error.

Cloudera Bug: OPSAPS-58617: cdp-proxy Knox topology is missing identity-assertion

Added identity-assertion provider into the cdp-proxy Knox topology.

Cloudera Bug: OPSAPS-58659: Create a new checkbox in Oozie configuration to control the Callback URL Kerberos enablement

A new configuration property “Oozie Callback Servlet Authentication” has been added to the Oozie service, requiring only Kerberos-authenticated connections to the callback servlet.

Cloudera Bug: OPSAPS-58661: Increasing default value of ZooKeeper Session Timeout in Kafka

The default value of the ZooKeeper Session Timeout in Kafka has been increased.

Cloudera Bug: OPSAPS-58700: Log directories aren't removed from Cruise Control metrics when a log directory is removed from Kafka

Fixed an issue where Cruise Control capacity bootstrapping ignores deleted log directories.

Cloudera Bug: OPSAPS-58708: Failed to log audit event in Ranger for Kafka in AutoTLS enabled cluster

Ranger plugin's audit logging now works with non-secure Zookeeper connection while Kafka itself still uses TLS connection to Zookeeper.

Cloudera Bug: OPSAPS-58805: Atlas hook principal configuration created with wrong principal when using multiple Hbase Masters

The Atlas hook principal value for atlas-application.properties is now correct for HA enabled HBase clusters

Cloudera Bug: OPSAPS-58819: Unable to set nullable fields to null with cluster template import

The restriction on importing cluster templates with null values has been removed.

Cloudera Bug: OPSAPS-58889: HttpFS Safety Valve configuration for core-site.xml incorrectly gets emitted to hdfs-site.xml

HttpFS Safety Valve configurations for core-site.xml should now correctly be added to HttpFS core-site.xml.

Cloudera Bug: OPSAPS-59021: FIPS mode Agent install reports SSL errors

When installing agents with FIPS mode enabled, you may see the following error message:

Error creating custom SSL Context for the configured trustStore. Using default Trust Store location

even though the agent installation succeeds. This has been fixed.

Cloudera Bug: OPSAPS-59081: Custom kerberos principal support for Knox

Fixes an issue where a Knox kerberos principal configured in the Cloudera Manager Admin Console does not take effect. It is now possible to define arbitrary Kerberos principals for Knox

Cloudera Bug: OPSAPS-59091: Upgrading from CDH->CDP sets --parquet-configurator-implementation to unsupported option Kite, which breaks all Sqoop commands

Fixed a bug that occurred when upgrading to CDP 7.x. Cloudera Manager now sets the parquetjob.configurator.implementation configuration property to "hadoop" for Sqoop, which is the only value supported

Cloudera Bug: OPSAPS-59124: Kafka fails to start when there are multiple Ranger Admin roles running

The Kafka control script in Cloudera Manager was extended to be able to handle the scenario when there are multiple Ranger Admin roles configured in the cluster and it can now correctly create the required policy repository in Ranger.

Cloudera Bug: OPSAPS-59143: Failed to create new KafkaAdminClient from Spark Atlas Connector on TLS enabled clusters

Fixed Atlas client configuration properties for Atlas gateway role for Atlas-Kafka SSL communication.

Cloudera Bug: OPSAPS-59184: Incorrect Log4J configuration in Knox's control.sh script

Fixed logging issues in Knox IDBroker and corrected log configuration file paths.

Cloudera Bug: OPSAPS-59227: Streams Messaging Manager and Schema Registry configuration does not support the "#" character in the truststore and keystore password

Streams Messaging Manager and Schema Registry now support the "#" character in truststore and keystore passwords.

Cloudera Bug: OPSAPS-59248: Add support for disabling DFS audit in Schema Registry Ranger plugin

The Schema Registry Ranger plugin no longer tries to send audits to HDFS when the ranger_plugin_hdfs_audit_enabled property is disabled in the Ranger configuration.

Cloudera Bug: OPSAPS-59249: Add support for disabling DFS audit in Streams Messaging Manager (uses Kafka's Ranger plugin)

Streams Messaging Manager's Ranger plugin no longer tries to send audits to HDFS when the ranger_plugin_hdfs_audit_enabled property is disabled in the Ranger configuration.

Cloudera Bug: OPSAPS-59299: SOLR has issues if impersonating principal has a hyphen in its name

Fixed a bug where the SOLR service had issues if the impersonating principal has a hyphen ("-") in its name.

Cloudera Bug: OPSAPS-59340: Trying to add an HDFS Nameservice resulted in 500 Internal server error

Fixed an issue where adding a Nameservice to HDFS via the Cloudera Manager Admin Console failed with a server error.

Cloudera Bug: OPSAPS-59431: Console errors and performance issues on Instances page

Improved the performance of the Select All checkbox on the Instances page for large clusters with a large number of role instances.

Cloudera Bug: OPSAPS-59642: Hbase Replication Policy suspend action is failing (former ticket number: DMX-1405)

Fixed an issue where suspending a Replication policy failed.

Cloudera Bug: OPSAPS-59150: Service users created by Cloudera Manager use /bin/bash as their user shell instead of /usr/sbin/nologin.

Service users are now created by Cloudera Manager with /usr/sbin/nologin and no longer use /bin/bash as their user shell.