Fixed Issues in Apache Oozie
Review the list of Oozie issues that are resolved in Cloudera Runtime 7.1.8.
- OPSAPS-61115: A new checkbox was implemented on the Oozie configuration page which can be used to turn off the Oozie UI completely. Meaning none of the Oozie UI resources will be served and thus if you are worried about JQuery vulnerabilities, etc. which cannot be fixed short term, you can use this feature to get rid of these by not exposing these at all.
- CDPD-34475: OOZIE-3646: Fixed a possible dead-lock in SignalXCommand.
- CDPD-33993: Oozie will not turn to HDFS NameNode to "resolve" the share lib's file entries one by one before starts the Yarn application. If somehow this causes fault then this functionality can be turned off via a Cloudera Manager Safety Valve: oozie.classpathutils.resolve=true.
- CDPD-30426: The oozie-default.xml had a default value for controlling the JPA retry wait time. The name of the property in the oozie-default.xml was: "oozie.service.JPAService.retry.maximum-wait-time.ms" however the Oozie server was looking for a property named "oozie.service.JPAService.maximum-wait-time.ms". This is now fixed and the oozie-default.xml and the Oozie server are now in sync. In case somebody already put an override as a safety-valve with a name "oozie.service.JPAService.maximum-wait-time.ms", then Oozie will prefer that.
- CDPD-28768: Fork node splits one path of execution into multiple concurrent paths of execution and the join node waits until every concurrent execution path of a previous fork node arrives to it. Given a scenario, when one of the paths [action] fails for some exotic reason - for example with an EL Error - then the workflow job itself will fail as well, however the other actions running parallelly under the same workflow job will stuck in RUNNING state until they are purged, which can lead to Oozie slow-down in extreme cases.
- CDPD-28593: When the Callback authentication was enabled Oozie failed to start up.
- CDPD-28080: Oozie web UI should not serve image from http://extjs.com/s.gif.
- CDPD-26335: Oozie did not accept a JDBC url if it contained special characters (e.g.: comma or curly brackets). This is fixed now so Oozie should accept special urls, for example a MySQL HA JDBC url where you typically use comma(s).
- OPSAPS-62127: Oozie namenode whitelist does not include ns1.
- This issue is resolved.
- OPSAPS-62019: [All form factors] Enabled thread level logging for Oozie server by adding "%t" in log4j properties in Oozie configs.
- OPSAPS-61768: The Console URL on the web UI is not a Knox URL (CM part).
- This issue is resolved.
- OPSAPS-57546: All form factors. When the Knox gateway is available on the cluster and it’s discovery is enabled for Oozie then the Web UI link of Oozie through Knox will appear among the direct links.
- OPSAPS-63537: Set the default log level of Jetty (org.eclipse.jetty) to INFO for Oozie.
- OPSAPS-62780: There are two Oozie UI disabling checkboxes among Oozie configuration.
- This issue is resolved.
- CDPD-19654: The Console URL for Yarn on the Oozie UI will be a Knox URL when the Oozie UI is accessed through Knox.
- CDPD-24942: The Oozie client now has a --insecure option which behaves like the curl command's --insecure parameter. With this there's no need to specify the -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword parameters when SSL is enabled in Oozie. The connection will still be encrypted, but the Oozie client will not validate the certification of the Oozie server.
- CDPD-14956: OOZIE-3602: When having a log4j.properties file under sharelib, Oozie set a invalid environment variable which failed the container
- CDPD-39134: OOZIE-3661: Oozie cannot handle environment variables with key=value content.
- CDPD-21874: Adding file system credentials to an Oozie workflow.
- CDPD-34649: OOZIE-3524: The following issue was fixed: fs:fileSize returned zero when the path was not normalized even if the file size was not zero.
- CDPD-30487: The Yarn application launched by Oozie creates a file for storing action related information which will be read by the Oozie server. In case the Yarn application is able to create this file, but won't be able to put the necessary data into it and so the file remains empty, the Oozie server will fail to parse this file. This error is now fixed.
- CDPD-30045: Oozie's ZooKeeper related codebase now has extra trace level logging entries so in case of any ZooKeeper related issues these can be enabled. Affected classes:
-
- org.apache.oozie.command.XCommand
- org.apache.oozie.service.ZKLocksService
- CDPD-27661: There is a new property named "oozie.ui.enabled" users can set for Oozie with a value true of false. By default it's set to true. When set to false, the Oozie UI will be complete disabled, the Oozie server will not even expose the UI resources, hence this can be a workaround for the JQuery vulnerabilities.
- CDPD-25864: Oozie's notification mechanism now supports the https://user:password@host:port/... format so it's capable of handling basic authentication.
- CDPD-30584: OOZIE-3422: The Oozie client will display the full stacktrace in case it fails to connect to the Oozie server.
- CDPD-16552: Users are now able to configure the Action directory path. For more information please see the Action Configuration section in the Oozie documentation.
- CDPD-30246: There were Jars missing from Oozie's Sqoop sharelib when a user wanted to import from RDBMS to HDFS/Hive into ORC file format or into HBase. The missing Jars are added now.
- CDPD-34593: Oozie's Spark action was unable to send lineage information to Atlas. We've added a new authentication / credential type called KafkaCredentials which will obtain a delegation token from Kafka. For more information please see the "Action Authentication" documentation in the official Oozie documentation which is accessible from the Oozie UI.
- CDPD-40326: mapreduce.job.acl-view-job property in Oozie workflow.xml not taking full effect.
- This issue is resolved.
Apache patch information
- OOZIE-3535
- OOZIE-3646
- OOZIE-3431
- OOZIE-2136