Fixed Issues in Cloudera Manager 7.6.7 (CDP Private Cloud Base 7.1.7 SP2)

Fixed issues in Cloudera Manager 7.6.7

OPSAPS-59363: TLS 1.0 and 1.1 protocols are out-of-date and contain security vulnerabilities: This issue has been fixed by disabling the old TLS (1.0 and 1.1) protocols for every JVM started by Cloudera Manager and upgrading to a higher version of the protocol (1.2 or 1.3). Cloudera Manager now only supports TLS 1.2 for Java 8. For Java 11 and higher versions, Cloudera Manager supports TLS 1.2 and TLS 1.3.
OPSAPS-65040: ImpalaFileFormatAnalysisRule should only inspect SCAN_NODE: Fixed slow impala query processing by Cloudera Manager SMON. This fix improves the performance of ImpalaFileFormatAnalysisRule.
OPSAPS-65419: Hosts page takes too long to load on large clusters: The All Hosts page sometimes takes more than 10 seconds and is very slow when Cloudera Manager manages a very large cluster such as about a hundred hosts. This performance problem is fixed now by reducing the number of SQLs made to the database. The page load time is now reduced dramatically.
OPSAPS-64599: The Service Monitor logs are flooded with error messages during the CDH 5 cluster management: Fixed an issue where a dependency conflict prevents periodic HBase monitoring tasks, and Service Monitor logs are flooded with NoClassDefFoundError errors when Cloudera Manager is managing a CDH 5 cluster.
OPSAPS-64187: Cloudera Manager Event Server does not clean up old events: Fixed an issue where an Event Server cleanup did not work and was unable to clean the old events.
OPSAPS-63881: Permissions of user directories under /var/lib/ is 700 on RHEL 8.4: This issue applies only when RHEL 8.4 or higher is used. In these versions the /etc/login.defs file has HOME_MODE configured with 700 permissions. Due to this, service directories were incorrectly created with 700 permissions.
OPSAPS-63605: An Event Server cannot start after an upgrade due to a field type mismatch: Fixed an issue where, in case of sufficiently long event attributes, a deprecated field type is replaced with an incompatible field type in the backing data store as part of the Cloudera Manager upgrade. This prevents the Event Server from starting. This fix changes the field type to a compatible one.
OPSAPS-62805: Kafka role log file retrieval fails and diagnostic bundles do not contain the Kafka broker role logs: Fixed an issue where Kafka and Cruise Control role-level logs cannot be accessed due to a u'LOG4J2 issue. Added LOG4J2 in the log_search.py file to provide support to the LOG4J2 log type for accessing service logs through Cloudera Manager UI.
OPSAPS-60331: Active Directory creates invalid Service Principal Names(SPN) when generating Kerberos credentials: If Cloudera Manager is configured to use Active Directory as a Kerberos KDC, and is also configured to use /etc/cloudera-scm-server/cmf.keytab as the KDC admin credentials, you should no longer encounter errors when generating Kerberos credentials.
Cloudera Bug: OPSAPS-65104: Importing table column statistics for Hive replication is thread-safe but causes performance regression.: To resolve this issue, perform the following steps:

Go to the Cloudera Manager > Clusters > Hive service > Configuration tab.

Locate the hive_replication_env_safety_valve property,

Add only one of the following key-value pair depending on your requirement:

COLUMN_STATS_IMPORT_MULTI_THREADED=true
This ensures that the column statistics import operation is multi-threaded for Hive replication.

SKIP_COLUMN_STATS_IMPORT=true
This ensures that the column statistics import is skipped entirely.
Cloudera Bug: OPSAPS-63759: When the accumulated temporary file count in a HDFS temporary folder (snapshot diff-based HDFS replication synchronizes the deletes and renames through a temporary directory on the target cluster) crosses the HDFS directory entry count limit per directory of ~6.4 items, the incremental replication fails and the replication process falls back to bootstrap replication (that is, all the files are replicated).
OPSAPS-63759 introduces an optional direct delete behavior where delete operations are run directly without the intermediate moves into the common temporary directory. To enable this workaround:

Go to the target Cloudera Manager > Clusters > HDFS service > Configuration tab.

Search for the Cluster-wide Advanced Configuration Snippet (Safety Valve) for core-site.xml property.

Add the com.cloudera.enterprise.distcp.direct-rename-and-delete.enabled=true key-value pair.
This parameter activates the direct delete approach.
Optionally, you can set the com.cloudera.enterprise.distcp.direct-delete.log-interval=[***enter a value (n) greater than 0***] key-value pair to override the default (100000) delete count for each delete progress log message.

note
If you update these parameters after the HDFS file limit per directory is crossed, the next replication policy run is a bootstrap operation (that is, all the files are replicated and snapshot-diffs are not used). Snapshot diffs (or incremental replication) are used only after a successful bootstrap run. Note that the activation of this workaround can be followed in the logs printed by DistCp.