Fixed Issues in Cloudera Manager 7.6.7 (CDP Private Cloud Base 7.1.7 SP2)

OPSAPS-69018: Cloudera Manager fails to support multiple SAML role values

When multiple values for the SAML role assignment attribute are returned in an assertion, Cloudera Manager only reads the first attribute value returned in an assertion list.

Since the attribute typically reflects a user’s LDAP groups, multiple values are common and can include any number of values which may or may not be mapped to roles in Cloudera Manager, in any order. This can cause authorization failures, or unexpected limited access rights in Cloudera Manager. This issue is fixed now.

OPSAPS-59363: TLS 1.0 and 1.1 protocols are out-of-date and contain security vulnerabilities

This issue has been fixed by disabling the old TLS (1.0 and 1.1) protocols for every JVM started by Cloudera Manager and upgrading to a higher version of the protocol (1.2 or 1.3). Cloudera Manager now only supports TLS 1.2 for Java 8. For Java 11 and higher versions, Cloudera Manager supports TLS 1.2 and TLS 1.3.

OPSAPS-65040: ImpalaFileFormatAnalysisRule should only inspect SCAN_NODE

Fixed slow impala query processing by Cloudera Manager SMON. This fix improves the performance of ImpalaFileFormatAnalysisRule.

OPSAPS-65419: Hosts page takes too long to load on large clusters

The All Hosts page sometimes takes more than 10 seconds and is very slow when Cloudera Manager manages a very large cluster such as about a hundred hosts. This performance problem is fixed now by reducing the number of SQLs made to the database. The page load time is now reduced dramatically.

OPSAPS-64599: The Service Monitor logs are flooded with error messages during the CDH 5 cluster management

Fixed an issue where a dependency conflict prevents periodic HBase monitoring tasks, and Service Monitor logs are flooded with NoClassDefFoundError errors when Cloudera Manager is managing a CDH 5 cluster.

OPSAPS-64187: Cloudera Manager Event Server does not clean up old events

Fixed an issue where an Event Server cleanup did not work and was unable to clean the old events.

OPSAPS-63881: Permissions of user directories under /var/lib/ is 700 on RHEL 8.4

This issue applies only when RHEL 8.4 or higher is used. In these versions the /etc/login.defs file has HOME_MODE configured with 700 permissions. Due to this, service directories were incorrectly created with 700 permissions.

OPSAPS-63605: An Event Server cannot start after an upgrade due to a field type mismatch

Fixed an issue where, in case of sufficiently long event attributes, a deprecated field type is replaced with an incompatible field type in the backing data store as part of the Cloudera Manager upgrade. This prevents the Event Server from starting. This fix changes the field type to a compatible one.

OPSAPS-62805: Kafka role log file retrieval fails and diagnostic bundles do not contain the Kafka broker role logs

Fixed an issue where Kafka and Cruise Control role-level logs cannot be accessed due to a u'LOG4J2 issue. Added LOG4J2 in the log_search.py file to provide support to the LOG4J2 log type for accessing service logs through Cloudera Manager UI.

OPSAPS-60331: Active Directory creates invalid Service Principal Names(SPN) when generating Kerberos credentials

If Cloudera Manager is configured to use Active Directory as a Kerberos KDC, and is also configured to use /etc/cloudera-scm-server/cmf.keytab as the KDC admin credentials, you should no longer encounter errors when generating Kerberos credentials.

OPSAPS-65104: Importing table column statistics for Hive replication is thread-safe but causes performance regression.

To resolve this issue, perform the following steps:

Go to the Cloudera Manager > Clusters > Hive service > Configuration tab.
Locate the hive_replication_env_safety_valve property,
Add only one of the following key-value pair depending on your requirement:
- COLUMN_STATS_IMPORT_MULTI_THREADED=true
  This ensures that the column statistics import operation is multi-threaded for Hive replication.
- SKIP_COLUMN_STATS_IMPORT=true
  This ensures that the column statistics import is skipped entirely.

OPSAPS-63759: Optional direct delete in DistCp snapshot-diff based replication

When the accumulated temporary file count in a HDFS temporary folder (snapshot diff-based HDFS replication synchronizes the deletes and renames through a temporary directory on the target cluster) crosses the HDFS directory entry count limit per directory of ~6.4 items, the incremental replication fails and the replication process falls back to bootstrap replication (that is, all the files are replicated).

OPSAPS-63759 introduces an optional direct delete behavior where delete operations are run directly without the intermediate moves into the common temporary directory. To enable this workaround:

Go to the target Cloudera Manager > Clusters > HDFS service > Configuration tab.
Search for the Cluster-wide Advanced Configuration Snippet (Safety Valve) for core-site.xml property.
Add the com.cloudera.enterprise.distcp.direct-rename-and-delete.enabled=true key-value pair.
This parameter activates the direct delete approach.
Optionally, you can set the com.cloudera.enterprise.distcp.direct-delete.log-interval=[***enter a value (n) greater than 0***] key-value pair to override the default (100000) delete count for each delete progress log message.

OPSAPS-62886: Replication Policies page takes a longer time to load when the replication policy count is high

When there are a large number of replication policies, the Cloudera Manager > Replication Manager > Replication Policies page takes a long time to load. This issue is fixed.