Fixed Issues in Cloudera Manager 7.6.1 (CDP Private Cloud Base 7.1.7 SP1)

Fixed issues in Cloudera Manager 7.6.1

Cloudera Bug: OPSAPS-23472: Fix inaccuracies in Report Manager quota cache
Due to the inaccuracy of the HDFS quotas, the quota cache has been disabled. The modified quota will appear in the usage reports after the new HDFS fsimage is processed.
Cloudera Bug: OPSAPS-57366:Cloudera Manager Sessions with Oracle database are not getting freed up
When using Cloudera Manager 7.x with Oracle Databases, Cloudera Manager may cause a storage leak in the Oracle database Temporary Space pool. This will cause the Temporary Space to fill up, causing some queries from all applications using that Temporary Space to fail. This fix ensures that the Temporary Space used by Cloudera Manager is released after each query.
Cloudera Bug: OPSAPS-59359: Support secure web UIs without HDFS
It was not possible to enable the Secure WEB UI for Yarn if the cluster did not have the HDFS service. Now the Secure WEB UI can be enabled with any DFS service in the cluster, including Dell EMC PowerScale. Similarly, now the HTTP authentication cookie domain can be configured for any DFS service."
Cloudera Bug: OPSAPS-60943: Clicking on Historical Disk Usage by (User/Group) causes NPE
Fixed an issue on the Reports page in the Cloudera Manager Admin Console. When clicking the link for Historical Disk Usage by (User or Group) the following error, caused by a Null Pointer Exception, appears: Server Error A server error has occurred. See the Cloudera Manager Server log for details.
Cloudera Bug: OPSAPS-60949: Auto-TLS initialization should use FQDN instead of hostname
Hosts now use the fully-qualified domain name (FQDN) instead of the hostname for certificate generation when enabling Auto TLS.
Cloudera Bug: OPSAPS-61209: Alert publisher keeps logging "Connection Refused" for smtp server
Disabled email alerts by default in Alert Publisher, preventing exceptions from being logged when default mail server settings are unsuitable for the deployment. Email alerts, if desired, have to be enabled manually. Notably, this also includes upgrades from Cloudera Manager versions that enable them by default.
Cloudera Bug: OPSAPS-61235: Agent should run SS command only over IPv4
The Cloudera Manager Agent uses the 'ss' command to detect port conflicts. This command fails with a segmentation fault when IPv6 is disabled on the host and causes error messages to flood in the logs. This fix resolves the issue by limiting 'ss' to obtain only IPv4 information for port detection.
Cloudera Bug: OPSAPS-61286: Re-enable service log rotation after Cloudera Manager upgrade
Fixed a bug that occurs when upgrading Cloudera Manager agents that caused service logging to fail.
Cloudera Bug: OPSAPS-61326: Cluster installation on 7.1.7 with IBM PowerPC is failing while starting the Hive service
Fixed an issue that caused the Hive Metastore to fail unless the "hive.metastore.transactional.event.listeners" configuration in the Hive Metastore Server Safety Valve was set. That configuration is no longer required.
Cloudera Bug: OPSAPS-61408: KMS ACL rendering needs improvements
When the set of KMS ACLs is very large, editing it on the configuration page is not feasible. The ACLs editing page now displays a text area instead.
Cloudera Bug: OPSAPS-61482: Generate Credentials (MIT) script is hiding errors
Resolved issue where generating MIT Kerberos credentials may fail, but no script output is observed.
Cloudera Bug: OPSAPS-61549: Filter Hive ACID tables during Hive External replication
With this bug fix, Hive tables will be filtered out of replication. Specifically, if the table is specified by a REGEX, the REGEX filter only applies to (matches) non-managed tables. If the table is not a REGEX and refers to a managed table, an error will occur.
Cloudera Bug: OPSAPS-61656: Service monitor leaking Truststore reloader threads
Fixed an issue where the Service Monitor leaks Truststore reloader threads when the Atlas Server Canary is enabled.
Cloudera Bug: OPSAPS-61803: Remove Jetty version from error page for additional security
Removed the "Powered by Jetty" message displayed by the Cloudera Manager Event Server's Jetty error page for additional security.
Cloudera Bug: OPSAPS-61834: HBase replication not working with CDH 5
The following syntax error would occur when creating an HBase policy if the source HBase was CDH 5:
 NameError: uninitialized constant STATE const_missing at org/jruby/RubyModule.java:2647 (root) at /tmp/tmp.DFQlVU7GhI:1 load at org/jruby/RubyKernel.java:1087 (root) at /opt/app/cloudera/parcels/CDH-5.16.2-1.cdh5.16.2.p0.8/lib/hbase/bin/hirb.rb:177' 
This has been fixed now to generate a different add-peer syntax if the source HBase is running on CDH 5.
Cloudera Bug: OPSAPS-61835: Improve handling of empty command arguments
Corruption of the arguments of one command in the Cloudera Manager database would prevent all running and future commands from progressing. Now, the corrupted command errors out if necessary, instead of being retried, and other commands are not affected.
Cloudera Bug: OPSAPS-61846: Restrict krb5.conf path only when managed by Cloudera Manager

Prior to this fix, when upgrading Cloudera Manager, in situations where a custom path for krb5.conf is set via Advanced Configuration Snippets, Cloudera Manager would return an error in the Cloudera Manager Admin Console and cause the upgrade to fail. The workaround was to set the krb5.conf path to either /etc/krb5.conf or any path under /etc/hadoop.

Going forward, when Cloudera Manager manages the Kerberos configuration file location i.e. "Manage krb5.conf through Cloudera Manager" setting is enabled, the expected paths for the file are either at /etc/krb5.conf or any path under /etc/hadoop. When this setting is not enabled, the user can set any path for the krb5.conf file.

Cloudera Bug: OPSAPS-61905: Cloudera Runtime 7.1.7 compatible topology.py is not Python 3 compatible
Spark jobs being run in a Python 3 environment will not be able to run due to a topology.py file that is not compatible with Python 3. The error logged by the failing Spark job is similar to the following:
--- 21/11/19 16:20:50 WARN net.ScriptBasedMapping: Exception running /etc/hadoop/conf.cloudera.yarn/topology.py 10.164.155.57 ExitCodeException exitCode=1: File ""/etc/hadoop/conf.cloudera.yarn/topology.py"", line 60 print rack ^ SyntaxError: Missing parentheses in call to 'print'. Did you mean print(rack)? 
This problem will manifest if Cloudera Manager 7.4.4 is managing a cluster running Cloudera Runtime 7.1.7 or later, and the user attempts to launch a Spark job. The topology.py file has been updated to be compatible with python3. After upgrading to Cloudera Manager 7.6.1, restart the Spark service.
Cloudera Bug: OPSAPS-61939: Cloudera Manager agent fails to clean up stale client configurations
Fixed a bug where the Cloudera Manager agent failed to clean up directories under /var/run/cloudera-scm-agent/process/ccdeploy*
Cloudera Bug: OPSAPS-61965: Fix SAML SSO - VelocityEngine runtime failure
Fixed an issue where a user gets the following error when logging in to Cloudera Manager when using SAML SSO:
org.apache.velocity.exception.ResourceNotFoundException: Unable to find resource '/templates/saml2-post-binding.vm'
Cloudera Bug: OPSAPS-61972: HBase policy delete should clean up the policy details from a single peer
When deleting an HBase Replication policy, the table Column Families are removed from the HBase peer. When last policy is deleted, the HBase peer is also deleted.
Cloudera Bug: OPSAPS-62087: Upgrade ttorrent-core
The ttorrent-core dependency was removed due to CVE issues CVE-2008-0071, CVE-2008-0364, CVE-2008-4434, CVE-2008-7166, CVE-2014-8515, CVE-2015-5474
Cloudera Bug: OPSAPS-62296: Fix label for Knox Gateway UI link
There has been an issue where the "Knox Gateway UI" link from the service page of a service with Knox SSO enabled. The Cloudera Manager Admin Console was incorrectly opening the Knox service page in the Cloudera Manager Admin Console. The link now opens the Knox Gateway UI as expected.
Cloudera Bug: OPSAPS-62357: Atlas JDK 11 version check needs to be fixed
Atlas JDK version check has now been improved to check for JDK 11. After upgrading Cloudera Manager, configuration staleness for Atlas service is expected, users must ensure sufficient downtime and restart Atlas service.
Cloudera Bug: OPSAPS-62559: Delete Credentials is failing on RedHat8.2 with Active Directory KDC
On RedHat 8 and later, you may encounter an error when attempting to delete credentials if Active Directory is used as the Kerberos KDC. This has been fixed.
Cloudera Bug: OPSAPS-62581: Address CVE-2021-44228
CVE-2021-44228 has been addressed for log4j issues.
Cloudera Bug: OPSAPS-62708: API REST GET /externalUserMappings/{uuid} no results - ENGESC-11872
Fixed an issue where the Cloudera Manager API is throwing an HTTP 500 error due to a NullPointerException from the ExternalUserMappingManagerDaoImpl.getExternalUserMapping(uuid) method because the entity manager object is null.
Cloudera Bug: OPSAPS-62711: Support Ldap auth for cancelQueryAPI in 7.1.7 SP1
Impala queries cannot be canceled from the Cloudera Manager Admin Console or the impalaQueries API on a non-kerberized cluster if Cloudera Manager/impalad LDAP authentication is enabled. This fixes the issue by adding support for LDAP auth for cancelQueryAPI. Additionally, The administrator will need to add an LDAP username and password to the Cloudera Manager Impala configuration.
Cloudera Bug: OPSAPS-62843: Multiple stats by different engines cause Hive 3 external replication to fail
With this fix, Hive table column stats will now be correctly replicated between a CDP Private Cloud Base source cluster to a CDP Private Cloud Base destination cluster. With the above fix, administrators should not set the HIVE_REPL_STATS_ENGINE parameter in the Hive Replication Environment Advanced Configuration Snippet (Safety Valve)".
Cloudera Bug: OPSAPS-62976: HBase REST server does not catch its JVM properties from Cloudera Manager.
Fixed a typo in the hbase.sh script that prevented catching up on changes from the configuration of the HBase REST service.
Cloudera Bug: OPSAPS-63056, OPSAPS-63057: Add custom kerberos path to HADOOP_OPTS
When modifying the default path of the krb5.conf file in Cloudera Manager,the following issues were occurring:
  • The credential generation for roles are failing
  • KDC authentication with the Cloudera Manager server fails
  • Services are failing to authenticate with the Cloudera Manager agent once manually getting services up by applying hacks (i.e adding relevant JVM arguments or env variables)
  • Some services like HDFS, Livy, HiveServer and Knox are failing as they are unable to locate the new Kerberos path.
The above issues are fixed. For more information see this Knowledge Base article.