Cloudera Manager 7.11.3 Cumulative hotfix 5
Know more about the Cloudera Manager 7.11.3 cumulative hotfixes 5.
This cumulative hotfix was released on April 8, 2024.
- OPSAPS-70583: File Descriptor leak from Cloudera Manager 7.11.3 CHF3 version to Cloudera Manager 7.11.3 CHF7
-
Unable to create NettyTransceiver due to Avro library upgrade which leads to File Descriptor leak. File Descriptor leak occurs in Cloudera Manager when a service tries to talk with Event Server over Avro.
- OPSAPS-68845: Cloudera Manager Server fails to start after the Cloudera Manager upgrade
- Starting from the Cloudera Manager 7.11.3 version up to the Cloudera Manager 7.11.3 CHF7 version, the Cloudera Manager Server fails to start after the Cloudera Manager upgrade due to Navigator user roles improperly handled in the upgrade in some scenarios.
- OPSAPS-69806: Collection of YARN diagnostic bundle will fail
-
For any combinations of CM 7.11.3 version up to CM 7.11.3 CHF7 version, with CDP 7.1.7 through CDP 7.1.8, collection of the YARN diagnostic bundle will fail, and no data transmits occur.
- OPSAPS-68340: Zeppelin paragraph execution fails with the User not allowed to impersonate error.
-
Starting from Cloudera Manager 7.11.3, Cloudera Manager auto-configures the
livy_admin_usersconfiguration when Livy is run for the first time. If you add Zeppelin or Knox services later to the existing cluster and do not manually update the service user, the User not allowed to impersonate error is displayed. - OPSAPS-69847:Replication policies might fail if source and target use different Kerberos encryption types
-
Replication policies might fail if the source and target Cloudera Manager instances use different encryption types in Kerberos because of different Java versions. For example, the Java 11 and higher versions might use the aes256-cts encryption type, and the versions lower than Java 11 might use the rc4-hmac encryption type.
- OPSAPS-69342: Access issues identified in MariaDB 10.6 were causing discrepancies in High Availability (HA) mode
-
MariaDB 10.6, by default, includes the property
require_secure_transport=ONin the configuration file (/etc/my.cnf), which is absent in MariaDB 10.4. This setting prohibits non-TLS connections, leading to access issues. This problem is observed in High Availability (HA) mode, where certain operations may not be using the same connection. - OPSAPS-68452: Azul Open JDK 8 and 11 are not supported with Cloudera Manager
-
Azul Open JDK 8 and 11 are not supported with Cloudera Manager. To use Azul Open JDK 8 or 11 for Cloudera Manager RPM/DEBs, you must manually create a symlink between the Zulu JDK installation path and the default JDK path.
- OPSAPS-70207: Cloudera Manager Agents sending the Impala profile data with an incorrect header
- Cloudera Manager agent might send incorrect HTTP header
to Telemetry Publisher causing incorrect Content-Type error message resulting connection
error. This issue causes missing Impala profile on Observatory.
Impala profile data is not available on Observatory.
Telemetry Publisher logs show:
DEBUG org.apache.cxf.jaxrs.utils.JAXRSUtils: No method match, method name : addProfileEvent, request path : /cluster/impala2, method @Path : /{clusterName}/{serviceName}, HTTP Method : POST, method HTTP Method : POST, ContentType : application/x-www-form-urlencoded, method @Consumes : application/json,, Accept : */*,, method @Produces : application/json,.
Cloudera Manager agent logs on Impalad hosts report:
Error occurred when sending entry to server: HTTP Error 415: Unsupported Media Type, url: http://<telemetry_publisher_host>:<port>
- OPSAPS-69897: NPE in Ozone replication from CM 7.7.1 to CM 7.11.3
- When you use source Cloudera Manager 7.7.1 and target Cloudera Manager 7.11.3 for Ozone replication policies, the policies fail with Failure during PreOzoneCopyListingCheck execution: null error. This is because the target Cloudera Manager 7.11.3 does not retrieve the required source bucket information for validation from the source Cloudera Manager 7.7.1 during the PreCopyListingCheck command phase. You come across this error when you use source Cloudera Manager versions lower than 7.10.1 and target Cloudera Manager versions higher than or equal to 7.10.1 in an Ozone replication policy.
- CDPD-62834: Status of the deleted table is seen as ACTIVE in Atlas after the completion of navigator2atlas migration process
- The status of the deleted table displays as ACTIVE.
- CDPD-62837: During the navigator2atlas process, the hive_storagedesc is incomplete in Atlas
- For the hive_storagedesc entity, some of the attributes are not getting populated.
- OPSAPS-70084: Upgrade ingress controller cert command failed for DSA encrypted private key
- DSA has been dropped as a supported key type for ingress certificate private keys.
- OPSAPS-69808: Update AuthzMigrator GBN to point to latest non-expired GBN
- Users will now be able to export sentry data only for given Hive objects (databases, tables, and the respective URLs) by using the config authorization.migration.export.migration_objects during export.
- OPSAPS-69057: Customizable authorization-migration-site.xml for Sentry-to-Ranger migration
- You can now add additional arguments to override any
existing property in the authorization-migration-site.xml file. The
Sentry to Ranger migration process during the Hive replication policy run uses this
file. These additional arguments are used during the Sentry to Ranger migration process
for Sentry export on the source and Ranger import on the destination. You can enter the
arguments using the CM API body as shown in the following sample snippet:
“hiveArguments”: { ... “rangerImportProperties”: { “authorization.migration.destination.location.prefix”: “hdfs://nameservice”, “some.other.prop”: “some_property” }, “sentryExportProperties”: { “authorization.migration.role.permissions”: “true”, “export.prop”: “export_prop_sentry”, “authorization.migration.destination.location.prefix”: “hdfs://nameservice” }, ... } - OPSAPS-69207: Customizable authorization-migration-site.xml for Sentry-to-Ranger migration
- During the Hive external table replication creation process, you can modify the properties in the authorization-migration-site.xml file on the Sentry-Ranger Migration tab. This tab appears after you choose the If Sentry permissions were exported from the CDH cluster, import both Hive object and URL permissions or If Sentry permissions were exported from the CDH cluster, import only Hive object permissions option in the field.
- OPSAPS-69709: Set Sqoop Atlas hook to send notifications synchronously
- Sqoop has an Atlas hook which by default runs
asynchronously to send notifications to the Atlas server. In certain cases, the Java
Virtual Machine (JVM) in which Sqoop is running can shut down before the Kafka
notification of the Atlas hook is sent. This can result in lost notifications.
This issue is fixed by ensuring that the notifications are synchronous.
- OPSAPS-69759: Multiple TestDFSIO(Mapreduce job) failure during COD ZDU
- This issue has been fixed and Mapreduce job failures will no longer occur.
- OPSAPS-69846: Ozone multitenancy PutObject throws Internal Server Error with linked and encrypted bucket
- If Ozone is installed with custom Kerberos principals for its roles, operations on encrypted buckets can fail as Ranger KMS does not have its proxy users and groups configured for the custom s3 gateway user.
The repositories for Cloudera Manager 7.11.3-CHF5 are listed in the following table:
| Repository Type | Repository Location |
|---|---|
| RHEL 9 Compatible | Repository: |
| RHEL 8 Compatible | Repository: |
| RHEL 7 Compatible | Repository: |
| SLES 15 | Repository: |
| SLES 12 | Repository: |
| Ubuntu 20 | Repository: |
| IBM PowerPC RHEL 7 |
|
| IBM PowerPC RHEL 8 |
|
