Cloudera Docs

Known Issues in Cloudera Manager 7.3.1

Learn about the known issues in Cloudera Manager 7.3.1, the impact or changes to the functionality, and the workaround.

Cloudera bug: OPSAPS-59764: Memory leak in the Cloudera Manager agent while downloading the parcels.

When using the M2Crpyto library in the Cloudera Manager agent to download parcels causes a memory leak.

The Cloudera Manager server requires parcels to install a cluster. If any of the URLs of parcels are modified, then the server provides information to all the Cloudera Manager agent processes that are installed on each cluster host.

The Cloudera Manager agent then starts checking for updates regularly by downloading the manifest file that is available under each of the URLs. However, if the URL is invalid or not reachable to download the parcel, then the Cloudera Manager agent shows a 404 error message and the memory of the Cloudera Manager agent process increases due to a memory leak in the file downloader code of the agent.

To prevent this memory leak, ensure all URLs of parcels in Cloudera Manager are reachable. To achieve this, delete all unused and unreachable parcels from the Cloudera Manager parcels page.

OPSAPS-59802 – Zeppelin and Livy roles should be co-located on the same host.
When installing or upgrading to CDP Private Cloud Base, you must co-locate all Zeppelin and Livy roles on the same cluster host due to an issue with certificate generation.
OPSAPS-59511 Cloudera Manager displays invalid roles when adding role instances to the Cloudera Management Service.
Known Issue Description: Cloudera Manager may display invalid roles when adding role instances to the Cloudera Management Service. Roles that have already been added to the Management Service may erroneously be displayed, but should not be selected.
Workaround: Ignore the extra services and continue to add the role instances.
OPSAPS-54299 – Installing Hive on Tez and HMS in the incorrect order causes HiveServer failure
You need to install Hive on Tez and HMS in the correct order; otherwise, HiveServer fails. You need to install additional HiveServer roles to Hive on Tez, not the Hive service; otherwise, HiveServer fails. See Installing Hive on Tez for the correct procedures.
Cloudera bug: OPSAPS-63881: When CDP Private Cloud Base is running on RHEL/CentOS/Oracle Linux 8.4, services fail to start because service directories under the /var/lib directory are created with 700 permission instead of 755.
Run the following command on all managed hosts to change the permissions to 755. Run the command for each directory under /var/lib:
chmod -R 755 [***path_to_service_dir***]
OPSAPS-63992 – Rolling restart unavailable for SRM
Initiating a rolling restart for the SRM service is not possible. Consequently, performing a rolling upgrade of the SRM service is also not possible.
None.
OPSAPS-65189: Accessing Cloudera Manager through Knox displays the following error:

Bad Message 431 reason: Request Header Fields Too Large

Workaround: Modify the Cloudera Manager Server configuration /etc/default/cloudera-scm-server file to increase the header size from 8 KB, which is the default value, to 65 KB in the Java options as shown below:
export CMF_JAVA_OPTS="...existing options...
-Dcom.cloudera.server.cmf.WebServerImpl.HTTP_HEADER_SIZE_BYTES=65536
-Dcom.cloudera.server.cmf.WebServerImpl.HTTPS_HEADER_SIZE_BYTES=65536"

Technical Service Bulletins

TSB 2021-481: Lineage is not extracted with Cloudera Manager 7.2.x and 7.3.1 managing CDH6 or CDH5
Cloudera Manager - Upgrade to Guava 28.1 to avoid CVE-2018-10237 triggered a Guava method version mismatch causing an exception in Navigator Metadata Server. As a result no new lineage and metadata is extracted with Cloudera Manager 7.2.4 and later with CDH6 and CDH5.
Impact
Lineage and metadata are no longer updated in Cloudera Navigator after upgrading to Cloudera Manager 7.2.x or Cloudera Manager 7.3.1 when managing CDH5 or CDH6.
Action required
Upgrade to the patched release of CM 7.3.1 available as PATCH-4822, or to an upcoming version later than 7.3.1. After upgrade, existing entities will have metadata extracted when extraction resumes and no lineage will be permanently lost.
Knowledge article
For the latest update on this issue see the corresponding Knowledge article:

Cloudera Customer Advisory-481: Lineage is not extracted with Cloudera Manager 7.2.x and 7.3.1 managing CDH 6 or CDH 5

TSB 2021-488: Cloudera Manager is vulnerable to Cross-Site-Scripting attack
Cloudera Manager may be vulnerable to Cross-Site-Scripting vulnerabilities identified by CVE-2021-29243 and CVE-2021-32482. A remote attacker can exploit this vulnerability and execute malicious code in the affected application.
CVE
  • CVE-2021-29243
  • CVE-2021-32482
Impact
This is an XSS issue. An administrator could be tricked to click on a link that may expose certain information such as session cookies.
Action required
  • Upgrade (recommended)
    Upgrade to a version containing the fix.
  • Workaround
    None
Knowledge article
For the latest update on this issue see the corresponding Knowledge article:

TSB 2021-488: Cloudera Manager vulnerable to Cross-Site-Scripting attack (CVE-2021-29243 and ​​CVE-2021-32482)

TSB 2021-530: Local File Inclusion (LFI) Vulnerability in Navigator
After successful user authentication to the Navigator Metadata Server and enabling dev mode of Navigator Metadata Server, local file inclusion can be performed through the Navigator’s embedded Solr web UI. All files can be accessed for reading which can be opened as cloudera-scm OS user. This is related to Apache Solr CVE-2020-13941.
Impact
  • Attackers can read files on the Navigator Metadata Server host with the OS user privileges running the Navigator Metadata Server.
  • How to confirm the vulnerability
    • Open https://<navigator_host>:<navigator_port>/debug

      Please check for Dev-mode status. To make the exploit work, dev-mode must be enabled. Please note that restarting the NMS automatically disables dev-mode.

Action required
  • Upgrade (recommended)
    • Upgrade to Cloudera Manager 7.4.4 or higher
    • Please contact Cloudera Support for patched version of Cloudera Manager 6.3.4
  • Workaround
    • For Cloudera Manager 6.x:
      • Login to the Navigator Metadata Server host and edit these files: 
        /opt/cloudera/cm/cloudera-navigator-server/search-schema/solr/2900/nav_elements/conf/solrconfig.xml
/opt/cloudera/cm/cloudera-navigator-server/search-schema/solr/2900/nav_relations/conf/solrconfig.xml
      • Remove the entry: 
        <requestHandler name="/replication" class="solr.ReplicationHandler" startup="lazy" />
    • For Cloudera Manager 5.x:
      • Login to the Navigator Metadata Server host and edit these files: 
        /usr/share/cmf/cloudera-navigator-server/search-schema/solr/2900/nav_elements/conf/solrconfig.xml
/usr/share/cmf/cloudera-navigator-server/search-schema/solr/2900/nav_relations/conf/solrconfig.xml
      • Remove the entry:
        <requestHandler name="/replication" class="solr.ReplicationHandler" startup="lazy" />
    • Restart Navigator Metadata Server
    • This is a temporary solution and has to be followed-up with the recommended long term solution below.
Knowledge article
For the latest update on this issue see the corresponding Knowledge article:

TSB 2021-530: CVE-2021-30131 - Local File Inclusion (LFI) Vulnerability in Navigator