Cloudera Manager 7.11.3 Cumulative hotfix 6

Know more about the Cloudera Manager 7.11.3 cumulative hotfixes 6.

This cumulative hotfix was released on May 28, 2024.

New features and changed behavior for Cloudera Manager 7.11.3 CHF6 (version: 7.11.3.9-53216725):

ECS Update Ingress Controller Certificate action is now available through the API: You can now access the ECS Update Ingress Controller Certificate action through the API and the UI.
Password protection support for Ingress private key: Ingress certificate private key is now supported with password protection.
Deploy client configuration command timed-out on larger node clusters: The Deploy Client Config command is improved now. Previously, it could take long and time-out on large clusters. It is now leveraging multithreading and optimized for parallel execution. The command is now expected to complete much faster and should not cause timeouts.

Following are the list of known issues and their corresponding workarounds that are shipped for Cloudera Manager 7.11.3 CHF6 (version: 7.11.3.9-53216725):

OPSAPS-70583: File Descriptor leak from Cloudera Manager 7.11.3 CHF3 version to Cloudera Manager 7.11.3 CHF7

Unable to create NettyTransceiver due to Avro library upgrade which leads to File Descriptor leak. File Descriptor leak occurs in Cloudera Manager when a service tries to talk with Event Server over Avro.

To resolve this issue, disable the Enable Log Event Capture configuration on the Configuration page of a service.

OPSAPS-68845: Cloudera Manager Server fails to start after the Cloudera Manager upgrade

Starting from the Cloudera Manager 7.11.3 version up to the Cloudera Manager 7.11.3 CHF7 version, the Cloudera Manager Server fails to start after the Cloudera Manager upgrade due to Navigator user roles improperly handled in the upgrade in some scenarios.

None

OPSAPS-69806: Collection of YARN diagnostic bundle will fail

For any combinations of CM 7.11.3 version up to CM 7.11.3 CHF7 version, with CDP 7.1.7 through CDP 7.1.8, collection of the YARN diagnostic bundle will fail, and no data transmits occur.

Upgrade to CDP 7.1.9, or downgrade to Cloudera Manager 7.7.1.

OPSAPS-68340: Zeppelin paragraph execution fails with the User not allowed to impersonate error.

Starting from Cloudera Manager 7.11.3, Cloudera Manager auto-configures the livy_admin_users configuration when Livy is run for the first time. If you add Zeppelin or Knox services later to the existing cluster and do not manually update the service user, the User not allowed to impersonate error is displayed.

If you add Zeppelin or Knox services later to the existing cluster, you must manually add the respective service user to the livy_admin_users configuration in the Livy configuration page.

OPSAPS-69847:Replication policies might fail if source and target use different Kerberos encryption types

Replication policies might fail if the source and target Cloudera Manager instances use different encryption types in Kerberos because of different Java versions. For example, the Java 11 and higher versions might use the aes256-cts encryption type, and the versions lower than Java 11 might use the rc4-hmac encryption type.

Ensure that both the instances use the same Java version. If it is not possible to have the same Java versions on both the instances, ensure that they use the same encryption type for Kerberos. To check the encryption type in Cloudera Manager, search for krb_enc_types on the Cloudera Manager > Administration > Settings page.

OPSAPS-69342: Access issues identified in MariaDB 10.6 were causing discrepancies in High Availability (HA) mode

MariaDB 10.6, by default, includes the property require_secure_transport=ON in the configuration file (/etc/my.cnf), which is absent in MariaDB 10.4. This setting prohibits non-TLS connections, leading to access issues. This problem is observed in High Availability (HA) mode, where certain operations may not be using the same connection.

To resolve the issue temporarily, you can either comment out or disable the line require_secure_transport in the configuration file located at /etc/my.cnf.

OPSAPS-68452: Azul Open JDK 8 and 11 are not supported with Cloudera Manager

Azul Open JDK 8 and 11 are not supported with Cloudera Manager. To use Azul Open JDK 8 or 11 for Cloudera Manager RPM/DEBs, you must manually create a symlink between the Zulu JDK installation path and the default JDK path.

After installing Azul Open JDK8 or 11, you must run the following commands on all the hosts in the cluster:

Azul Open JDK 8

RHEL or SLES

# sudo ln -s /usr/lib/jvm/java-8-zulu-openjdk-jdk /usr/lib/jvm/java-8-openjdk

Ubuntu or Debian

# sudo ln -s /usr/lib/jvm/zulu-8-amd64 /usr/lib/jvm/java-8-openjdk

Azul Open JDK 11

For DEBs only

# sudo ln -s /usr/lib/jvm/zulu-11-amd64 /usr/lib/jvm/java-11

OPSAPS-69897: NPE in Ozone replication from CM 7.7.1 to CM 7.11.3

When you use source Cloudera Manager 7.7.1 and target Cloudera Manager 7.11.3 for Ozone replication policies, the policies fail with Failure during PreOzoneCopyListingCheck execution: null error. This is because the target Cloudera Manager 7.11.3 does not retrieve the required source bucket information for validation from the source Cloudera Manager 7.7.1 during the PreCopyListingCheck command phase. You come across this error when you use source Cloudera Manager versions lower than 7.10.1 and target Cloudera Manager versions higher than or equal to 7.10.1 in an Ozone replication policy.

Upgrade the source Cloudera Manager to 7.11.3 or higher version.

CDPD-62834: Status of the deleted table is seen as ACTIVE in Atlas after the completion of navigator2atlas migration process

The status of the deleted table displays as ACTIVE.

None

CDPD-62837: During the navigator2atlas process, the hive_storagedesc is incomplete in Atlas

For the hive_storagedesc entity, some of the attributes are not getting populated.

None

Following are the list of fixed issues that were shipped for Cloudera Manager 7.11.3 CHF6 (version: 7.11.3.9-53216725):

OPSAPS-70207: Cloudera Manager Agents sending the Impala profile data with an incorrect header: Fixed an issue where Impala query profile data was not visible in Cloudera Observability with Cloudera Manager Agents running on Python 3. This was caused by Cloudera Manager Agents sending the profile data with an incorrect Content-Type in the HTTP header. Telemetry Publisher responded to the issue with incorrect Content-Type stopping the data flow. The issue was fixed by correcting the Content-Type header. No further action is required.
OPSAPS-65460: The current RetryWrapper implementation does not work as expected when the transient database error appears: Hive replication policies no longer fail with the javax.persistence.OptimisticLockException error on the source cluster during the Hive export step.
OPSAPS-60832: Decommissioning process for HDFS DataNodes is not completed in Cloudera Manager: This issue has been fixed by renewing the Kerberos ticket, which addresses Kerberos expiration issues during the DataNode decommissioning process.
OPSAPS-68418: Partition missing during column statistics import operation: A data-race issue found during the Hive metadata export step during the Hive external table replication policy run has been fixed so that concurrent modifications made to the partitions during the export operation does not result in import failure.
OPSAPS-70079: NPE appears during the directory creation process in the Isilon clusters because the sourceRoleForKerberos value is null: After you configure the Dell EMC Isilon clusters, you must ensure that you configure the following options on the Cloudera Manager > Administration > Settings page:

Custom Kerberos Keytab Location (to be used for replication for secure clusters on this Cloudera Manager)

Custom Kerberos Principal Name (to be used for replication for secure clusters on this Cloudera Manager); tip
Use the configured Custom Kerberos Principal Name value in the Run As Username field during the replication policy creation process when using Isilon storage clusters. For more information, see How to resolve replication policies that fail with the “Custom keytab configuration is required for this service” error.

The repositories for Cloudera Manager 7.11.3-CHF6 are listed in the following table:

Table 1. Cloudera Manager 7.11.3-CHF6
Repository Type	Repository Location
RHEL 9 Compatible	Repository: `https://username:password@archive.cloudera.com/p/cm7/7.11.3.9/redhat9/yum` Repository File: `https://username:password@archive.cloudera.com/p/cm7/7.11.3.9/redhat9/yum/cloudera-manager.repo`
RHEL 8 Compatible	Repository: `https://username:password@archive.cloudera.com/p/cm7/7.11.3.9/redhat8/yum` Repository File: `https://username:password@archive.cloudera.com/p/cm7/7.11.3.9/redhat8/yum/cloudera-manager.repo`
RHEL 7 Compatible	Repository: `https://username:password@archive.cloudera.com/p/cm7/7.11.3.9/redhat7/yum` Repository File: `https://username:password@archive.cloudera.com/p/cm7/7.11.3.9/redhat7/yum/cloudera-manager.repo`
SLES 15	Repository: `https://username:password@archive.cloudera.com/p/cm7/7.11.3.9/sles15/yum` Repository File: `https://username:password@archive.cloudera.com/p/cm7/7.11.3.9/sles15/yum/cloudera-manager.repo`
SLES 12	Repository: `https://username:password@archive.cloudera.com/p/cm7/7.11.3.9/sles12/yum` Repository File: `https://username:password@archive.cloudera.com/p/cm7/7.11.3.9/sles12/yum/cloudera-manager.repo`
Ubuntu 20	Repository: `https://username:password@archive.cloudera.com/p/cm7/7.11.3.9/ubuntu2004/apt` Repository File: `https://username:password@archive.cloudera.com/p/cm7/7.11.3.9/ubuntu2004/apt/cloudera-manager.list`