Cloudera Manager 7.11.3 Cumulative hotfix 3

Know more about the Cloudera Manager 7.11.3 cumulative hotfixes 3.

This cumulative hotfix was released on February 23, 2024.

Following are the list of known issues and their corresponding workarounds that are shipped for Cloudera Manager 7.11.3 CHF3 (version: 7.11.3.4-50275000):
OPSAPS-68340: Zeppelin paragraph execution fails with the User not allowed to impersonate error.

Starting from Cloudera Manager 7.11.3, Cloudera Manager auto-configures the livy_admin_users configuration when Livy is run for the first time. If you add Zeppelin or Knox services later to the existing cluster and do not manually update the service user, the User not allowed to impersonate error is displayed.

If you add Zeppelin or Knox services later to the existing cluster, you must manually add the respective service user to the livy_admin_users configuration in the Livy configuration page.

OPSAPS-69342: Access issues identified in MariaDB 10.6 were causing discrepancies in High Availability (HA) mode

MariaDB 10.6, by default, includes the property require_secure_transport=ON in the configuration file (/etc/my.cnf), which is absent in MariaDB 10.4. This setting prohibits non-TLS connections, leading to access issues. This problem is observed in High Availability (HA) mode, where certain operations may not be using the same connection.

To resolve the issue temporarily, you can either comment out or disable the line require_secure_transport in the configuration file located at /etc/my.cnf.

OPSAPS-68452: Azul Open JDK 8 and 11 are not supported with Cloudera Manager

Azul Open JDK 8 and 11 are not supported with Cloudera Manager. To use Azul Open JDK 8 or 11 for Cloudera Manager RPM/DEBs, you must manually create a symlink between the Zulu JDK installation path and the default JDK path.

After installing Azul Open JDK8 or 11, you must run the following commands on all the hosts in the cluster:
Azul Open JDK 8
RHEL or SLES
# sudo ln -s /usr/lib/jvm/java-8-zulu-openjdk-jdk /usr/lib/jvm/java-8-openjdk
Ubuntu or Debian
# sudo ln -s /usr/lib/jvm/zulu-8-amd64 /usr/lib/jvm/java-8-openjdk
Azul Open JDK 11
For DEBs only
# sudo ln -s /usr/lib/jvm/zulu-11-amd64 /usr/lib/jvm/java-11
CDPD-62834: Status of the deleted table is seen as ACTIVE in Atlas after the completion of navigator2atlas migration process
The status of the deleted table displays as ACTIVE.
None
CDPD-62837: During the navigator2atlas process, the hive_storagedesc is incomplete in Atlas
For the hive_storagedesc entity, some of the attributes are not getting populated.
None
OPSAPS-69897: NPE in Ozone replication from CM 7.7.1 to CM 7.11.3
When you use source Cloudera Manager 7.7.1 and target Cloudera Manager 7.11.3 for Ozone replication policies, the policies fail with Failure during PreOzoneCopyListingCheck execution: null error. This is because the target Cloudera Manager 7.11.3 does not retrieve the required source bucket information for validation from the source Cloudera Manager 7.7.1 during the PreCopyListingCheck command phase. You come across this error when you use source Cloudera Manager versions lower than 7.10.1 and target Cloudera Manager versions higher than or equal to 7.10.1 in an Ozone replication policy.
Upgrade the source Cloudera Manager to 7.11.3 or higher version.
OPSAPS-69481: Some Kafka Connect metrics missing from Cloudera Manager due to conflicting definitions
The metric definitions for kafka_connect_connector_task_metrics_batch_size_avg and kafka_connect_connector_task_metrics_batch_size_max in recent Kafka CSDs conflict with previous definitions in other CSDs. This prevents Cloudera Manager from registering these metrics. It also results in SMM returning an error. The metrics also cannot be monitored in Cloudera Manager chart builder or queried using the Cloudera Manager API.
Contact Cloudera support for a workaround.
Following are the list of fixed issues that were shipped for Cloudera Manager 7.11.3 CHF3 (version: 7.11.3.4-50275000):
OPSAPS-69267: Extend Java opts for Impala to support JDK17 + Isilon

Impala no longer reports IllegalAccessErrors on sun.net.dns with Java 17 and Isilon.

OPSAPS-69485: Invalid mapred-site.xml due to double dash in comments

The string '--' is not allowed in XML comments. Cloudera Manager incorporates values from the safety valve into XML comments. Therefore, XML configuration file generation fails if the safety valve contains '--'.

Cloudera Manager replaces the '--' characters in XML configuration file comments with &#8212 which is the Unicode character of '--'.

CDPD-62464: Java process called by navatlas.sh tool fails on JDK-8 version
While running nav2atlas.sh script on OracleJDK 8 an error message is thrown and returns code 0 on an unsuccessful run.
OPSAPS-69340: Dlog4j.configurationFile annotation is not working with the log4j library of the Cloudera Manager Server.

The incorrect notation used in defining the log4j configuration file name (which is Dlog4j.configurationFile annotation) is preventing the Cloudera Manager Server from receiving updates made to thelog4j.properties file. This issue is fixed now.

OPSAPS-69022: Rack Topology is not updated on Ozone DataNode.
Ozone, Kudu, and Cruise Control are rack aware services but topology mapping for the hosts containing roles from these services only are not updated in previous versions unless an HDFS or YARN role was present on these hosts. Fixed this issue in Cloudera Manager. Hosts containing Ozone, Kudu, and Cruise Control roles should now get the right topology mapping regardless of other roles present on the host.
OPSAPS-69414: Expose missing Ozone metrics to Cloudera Manager.
Three new Ozone metrics (number of datanodes, total capacity, and used space) are exposed to Cloudera Manager.
OPSAPS-69063: Concurrent policy creation to multiple targets
Sometimes, standard error or standard output retrieval of Cloudera Manager commands would fail because of a Java-related issue which affected the HTTPS connections using TLSv1.3 protocol. This resulted in different failures when the HBase replication commands were run remotely from the destination cluster on the source cluster. This issue is now resolved.
OPSAPS-69257: Zeppelin: Interpreter logs are not getting printed
A new parameter is added in SDL to pass the zeppelin log file name dynamically to the log4.properties file. This allows Zeppelin to log the interpreter logs in the CM Cluster.
OPSAPS-69131: Unable to install Zeppelin on CDP 7.1.9 with Spark 3 on RHEL 9
Zeppelin installation was failing on RHEL 9 because Spark 2 was configured as a mandatory dependency in the Zeppelin SDL file. Spark 2 could not be installed on RHEL 9 due to the python version incompatibility. This issue is now resolved.
OPSAPS-69194: JDK 17 support for HBase Indexer
This fix makes the KS-Indexer service JDK 17 compatible.
OPSAPS-69378: Increase default certificate lifetime
Default behaviour intact. Default expiry time - 1 year for all certs issued by RKE CA (except DB since it is not issued by RKE CA) Expiry time can be adjusted via CM parameter cluster_signing_duration. To apply the changes - Rolling restart for ECS and Rotate of Vault, DB, ecs webhook , ingress certs is required.
OPSAPS-69329: Configure higher 'worker-shutdown-timeout' value for nginx ingress controller
Updated rke-nginx-ingress-controller worker-shutdown-timeout config to 24 hrs.
OPSAPS-69250: ECS Server restart failed as it requires "yum install" from repo
The "yum install" line has been removed from the ECS Server startup script.
CDPD-62464: Java process called by navatlas.sh tool fails on JDK-8 version
Explicitly added eclipse-collections dependencies of version which is compatible with JDK-8 version.
OPSAPS-69245: Oozie issue in FIPS environments
In FIPS environment, Oozie needed the FIPS-related Java options to be present in HADOOP_CLIENT_OPTS in order to pick them up. Java options also needed to be added to container localizers. An admin option parameter for the localizers to pass these options has been created and will not to interfere with the user-defined options. This issue is now fixed.
OPSAPS-69406: Existing HDFS and HBase snapshot policy configuration can be edited
The Edit Configuration modal window appears when you click Actions > Edit Configuration on the Cloudera Manager > Replication > Snapshot Policies page for existing HDFS or HBase snapshot policies.

The repositories for Cloudera Manager 7.11.3-CHF3 are listed in the following table:

Table 1. Cloudera Manager 7.11.3-CHF3
Repository Type Repository Location
RHEL 9 Compatible Repository:
https://username:password@archive.cloudera.com/p/cm7/patch/7.11.3.4-50275000/redhat9/yum
Repository File:
https://username:password@archive.cloudera.com/p/cm7/patch/7.11.3.4-50275000/redhat9/yum/cloudera-manager.repo
RHEL 8 Compatible Repository:
https://username:password@archive.cloudera.com/p/cm7/patch/7.11.3.4-50275000/redhat8/yum
Repository File:
https://username:password@archive.cloudera.com/p/cm7/patch/7.11.3.4-50275000/redhat8/yum/cloudera-manager.repo
RHEL 7 Compatible Repository:
https://username:password@archive.cloudera.com/p/cm7/patch/7.11.3.4-50275000/redhat7/yum
Repository File:
https://username:password@archive.cloudera.com/p/cm7/patch/7.11.3.4-50275000/redhat7/yum/cloudera-manager.repo
SLES 15 Repository:
https://username:password@archive.cloudera.com/p/cm7/patch/7.11.3.4-50275000/sles15/yum
Repository File:
https://username:password@archive.cloudera.com/p/cm7/patch/7.11.3.4-50275000/sles15/yum/cloudera-manager.repo
SLES 12 Repository:
https://username:password@archive.cloudera.com/p/cm7/patch/7.11.3.4-50275000/sles12/yum
Repository File:
https://username:password@archive.cloudera.com/p/cm7/patch/7.11.3.4-50275000/sles12/yum/cloudera-manager.repo
Ubuntu 20 Repository:
https://username:password@archive.cloudera.com/p/cm7/patch/7.11.3.4-50275000/ubuntu2004/apt
Repository File:
https://username:password@archive.cloudera.com/p/cm7/patch/7.11.3.4-50275000/ubuntu2004/apt/cloudera-manager.list