What's New in Cloudera Manager 7.3.1
New features and changed behavior for Cloudera Manager 7.3.1.
- New Ranger Configuration Option for Audit Log Archival
- You can now use Cloudera Manager to configure the following:
Enable or disable Ranger Audit Log Archival (Ranger Plugin DFS Audit Enabled)
- OPSAPS-53564: New default for auth_to-local rules
- Default auth_to_local rule maps the first component of the principal name to the lowercase system user name. In case no rules are specified hadoop defaults to using DEFAULT.
- OPSAPS-55088: The reported hostname for the Cloudera Manager agent can now be configured using the Cloudera Manager API.
- When installing an agent via the Cloudera Manager API, the agent's
reported hostname can now be specified with the
agentReportedHostname
property. - OPSAPS-55800: Cruise Control should infer Kerberos and SSL settings
- The security.protocol property of CruiseControl has been removed, and now inferred from the Kafka broker configuration; affects CM >=7.2.1 and CDH >= 7.2.1, CM >= 7.3.0 and CDH >= 7.1.6
- OPSAPS-57492: Custom kerberos principal support for Cruise Control
- Custom kerberos principal is configurable for Cruise Control
- OPSAPS-57496: Custom kerberos principal support for Schema Registry
- Custom kerberos principal is configurable for Schema Registry
- OPSAPS-57497: Custom kerberos principal support for Streams Messaging Manager
- Custom kerberos principal is configurable for SMM
- OPSAPS-57621: New option for text-based metrics in Custom Service Descriptors (CSD)
- CSD-based services can now define and collect metrics based on enumerated text values.
- OPSAPS-57697: SMM Should Auto-Configure SRM In Cloudera Manager
- SMM auto-configures its SRM connection based on a service dependency, manual configuration options are removed; affects CM > 7.2.3 with CDH >= 7.2.3, CM >= 7.3.0 and CDH >= 7.1.6
- OPSAPS-57949: Omid (for HBase/Phoenix) is now configurable using Cloudera Manager
- There is a new CSD-based service for Omid and there is a new HBase configuration file for Omid clients.
- OPSAPS-57963: Expose new configuration properties for Streams Replication Manager metrics processing
- New configuration properties have been added to Cloudera Manager to
support tuning the metrics processing behavior of Streams Replication
Manager:
secondary->primary.metrics.period, metric.grace, and metric.retention
. - OPSAPS-58153: Schema Registry role log is not visible through the Cloudera Manager UI
- In versions before Cloudera Manager 7.2.3, Schema Registry logs are not displayed in the Cloudera Manager UI.
- OPSAPS-58397: Make the Schema Registry hashing algorithm configurable
- Added new option to Schema Registry configuration where you can change the hashing algorithm used to generate schema fingerprints. The default value is MD5.
- OPSAPS-58498: [SCM] Lower the frequency of Global Audit Commands in Cloudera Manager
- Cloudera Manager's Audit Evictor command will now run once every 23 hours.
- OPSAPS-58546: Rollback documentation is now available for upgrades from CDH 5 to CDP Private Cloud Base 7
- See Rolling Back a CDH 5 to CDP 7 Upgrade. Read all directions before attempting a rollback.
- OPSAPS-58598: Exporting cluster configuration alters the solr-infra instance name
- New behavior for Cloudera Manager 7.3.0 and later: When imported a cluster template, each service's name will be filled in with the refname defined in the template. Previous behavior was that the service name would be the service_type + a random number. The new behavior takes effect as long as there is no pre-existing service in Cloudera Manager with the same name. This applies to all services in Cloudera Manager across all clusters. If there is a pre-existing service with the same name, then the previous behavior takes effect, and the new service name will be the service_type + a random number.
- OPSAPS-57097 Kerberos referrals are now disabled by default
- Previously, if kerberos was enabled and hosts were running JDK 1.8u232 or JDK 11 , startup of most services failed with impersonation errors. Kerberos referrals are now disabled by default for all Java services.
- OPSAPS-58621: Custom kerberos principal support for SRM
- Custom kerberos principal is configurable for SRM
- OPSAPS-59067: Collect additional Kafka Consumer Metrics via HTTP endpoint
- New metrics about Kafka consumers are now available in the SMM service, and are now collected by Cloudera Manager from Kafka's HTTP metrics endpoint rather than being pushed from SMM into Cloudera Manager. Upon upgrade, staleness will be observed for the Kafka service's service-metrics.properties file. This is due to changes of internal representation of consumer metrics entity and will not affect changes to any existing functionality.
- OPSAPS-59119: he supported TLS protocol versions be defaulted to Hello and v1.2 for Oozie
- The default supported TLS versions for Oozie will become
SSLv2Hello,TLSv1.2
instead ofTLSv1,SSLv2Hello,TLSv1.1,TLSv1.2
. This configuration can be changed in Cloudera Manager if you would like to use to the old behavior. - OPSAPS-59190: SAML signature algorithm is now selectable
- You can now select a SAML signature algorithm that a SAML message is signed with. The supported algorithms are RSA-SHA1, RSA-SHA256, RSA-SHA384, and RSA-SHA512.
Third-party software updates
- OPSAPS-47379: Spring Framework Upgrade
- The Spring Framework used by Cloudera Manager has been upgraded to version 4.3.19.RELEASE.
- OPSAPS-53309: com.ning:async-http-client upgraded to version 2.12.1.
- AsyncHttpClient used by Cloudera Manager has been upgraded from version 1.9.40 to version 2.12.1.
- OPSAPS-54389: Upgrade Jython to 2.7.2
- the Jython library has been upgraded to 2.7.2.
- OPSAPS-56311: Lucene upgrade
- The Lucene version has been upgraded to 8.4.1. Due to the Lucene
API changes the following parameters for Reports Manager are no
longer available:
Maximum Index Writer Threads, Index Writer Thread Pool Queue Size, LUCENE_ENABLE_OPTIMIZE (Safety Valve)
. - OPSAPS-56938: Spring Data Commons for Security
- Spring Data Commons has been upgraded to 1.13.11.
- OPSAPS-59284: Upgrade org.apache.commons:commons-compress:1.18 due to CVE
- The Apache commons-compress library has been upgraded to 1.19.