Cloudera Manager 7.7.1 Cumulative hotfix 5

Know more about the Cloudera Manager 7.7.1 cumulative hotfixes 5.

This cumulative hotfix was released on March 14, 2023.

Following are the list of known issues and their corresponding workarounds that are shipped for Cloudera Manager 7.7.1 CHF5 (version: 7.7.1-h2-38419853):
OPSAPS-68689: Unable to emit the LDAP Bind password in core-site.xml for client configurations

If the CDP cluster has LDAP group to OS group mapping enabled, then applications running in Spark or Yarn would fail to authenticate to the LDAP server when trying to use the LDAP bind account during the LDAP group search.

This is because the LDAP bind password was not passed to the /etc/hadoop/conf/core-site.xml file. This was intended behavior to prevent leaking the LDAP bind password in a clear text field.

Set the LDAP Bind password through the HDFS client configuration safety valve.
  1. On the Cloudera Manager UI, navigate to the HDFS service, by clicking on the HDFS service under the Cluster.
  2. Click the Configuration tab. Search for the HDFS Client Advanced Configuration Snippet (Safety Valve) for hdfs-site.xml configuration parameter.

  3. Add an entry with the following values:
    • Name =
    • Value = (Enter the LDAP bind password here)
    • Description = Password for LDAP bind account
  4. Then click the Save Changes button to save the safety valve entry.

  5. Perform the instructions from the Manually Redeploying Client Configuration Files to manually deploy client configuration files to the cluster.

OPSAPS-68452: Azul Open JDK 8 and 11 are not supported with Cloudera Manager

Azul Open JDK 8 and 11 are not supported with Cloudera Manager. To use Azul Open JDK 8 or 11 for Cloudera Manager RPM/DEBs, you must manually create a symlink between the Zulu JDK installation path and the default JDK path.

After installing Azul Open JDK8 or 11, you must run the following commands on all the hosts in the cluster:
Azul Open JDK 8
# sudo ln -s /usr/lib/jvm/java-8-zulu-openjdk-jdk /usr/lib/jvm/java-8-openjdk
Ubuntu or Debian
# sudo ln -s /usr/lib/jvm/zulu-8-amd64 /usr/lib/jvm/java-8-openjdk
Azul Open JDK 11
For DEBs only
# sudo ln -s /usr/lib/jvm/zulu-11-amd64 /usr/lib/jvm/java-11
Following are the list of fixes that were shipped for Cloudera Manager 7.7.1 CHF5 (version: 7.7.1-h2-38419853):
  • OPSAPS-61474: Knox token API call failed with a 404 error while fetching the Knox token using token API in the Knox homepage topology

    Fixed an issue where Knox's data/applications folder gets recreated every time when Knox service starts.

  • OPSAPS-51761: YARN task failures after upgrading to CDH 6.2.0 (Invalid arguments for cgroups resources: /var/log/hadoop-yarn/container)

    Fixed an issue during upgrade in YARN, where the upgraded container-executor binary is not copied due to the container-executor file being used by running applications.

  • OPSAPS-59363: TLS 1.0 and 1.1 protocols are out-of-date and contain security vulnerabilities
    This issue has been fixed by disabling the old TLS (1.0 and 1.1) protocols for every JVM started by Cloudera Manager and upgrading to a higher version of the protocol (1.2 or 1.3). Cloudera Manager now only supports TLS 1.2 for Java 8. For Java 11 and higher versions, Cloudera Manager supports TLS 1.2 and TLS 1.3.

    The repositories for Cloudera Manager 7.7.1-CHF5 are listed in the following table:

    Table 1. Cloudera Manager 7.7.1-CHF5
    Repository Type Repository Location
    RHEL 8 Compatible Repository:
    Repository File:
    RHEL 7 Compatible Repository:
    Repository File:
    SLES 12 Repository:
    Repository File:
    Ubuntu 20 Repository:
    Repository file:
    Ubuntu 18 Repository:
    Repository file: