What's New in Cloudera Manager 7.11.3

New features

Zero Downtime Upgrades (ZDU)

Cloudera is reintroducing the concept of rolling upgrades in CDP 7.1.9 in an easier to use format called Zero Downtime Upgrades (ZDU). Zero Downtime Upgrades automates the process of performing rolling upgrades in an optimized format to allow for minimal to zero downtime depending on the services installed on a cluster. All future service packs and runtime upgrades will support ZDU. However, the enhancements brought by ZDU will be available on upgrades from CDP 7.1.7 and CDP 7.1.8. Before using this feature read the upgrade instructions. For more information, see the Zero Downtime upgrade documentation.

TLS 1.2 encryption support for secured database connections

Cloudera Manager supports TLS (Transport Layer Security) 1.2 encryption between the Cloudera Manager Server and the backend databases such as MySQL, PostgreSQL, and MariaDB.

Now you can enable TLS 1.2 on Database Server and Cloudera Manager Server in the database environment. See Configuring TLS 1.2 for Cloudera Manager.

Also, now you can enable TLS 1.2 on Reports Manager in the database environment. See Configuring TLS 1.2 for Reports Manager.

Cloudera recommends that you secure the network connection between the Cloudera Manager Server and the backend database using TLS 1.2 encryption.

The scm_prepare_database.sh script in Cloudera Manager now accepts the following two new optional parameters:

• -s|--ssl
• --jdbc-url

For more information on optional parameters, see Syntax for scm_prepare_database.sh.

TCPS support for connections to Oracle database

Cloudera Manager supports connections to backend Oracle database that are secured with Transmission Control Protocol with SSL (TCPS). This provides greater security for connections between Cloudera Manager Server and the backend Oracle database. For more information, see Enabling TCPS for Oracle Database Server.

Now you can enable TCPS on Reports Manager in the Oracle database environment. For more information, see Configuring TCPS for Reports Manager.

Python 3.8 (or 3.9 for RHEL 9.1) support for Cloudera Manager 7.11.3

Cloudera Manager 7.11.3 requires Python 3.8 on most of the supported operating systems. The exception is that on the RHEL 9.1 operating system, it supports Python 3.9 version only.

Cloudera Manager 7.11.3 does not work with Python 2.7. While using Cloudera Manager 7.11.3 with Cloudera Runtime 7.1.8 or 7.1.9 version, you may remove all Python 2 versions from the operating system, only when the operating system allows you to remove the Python 2 version.

If you are running Cloudera Runtime 7.1.7 SP2 or below versions with Cloudera Manager 7.11.3, then Python 2.7 is still required for the Cloudera Runtime components. In this scenario, you must install both Python 2.7 (for Cloudera Runtime components) and Python 3 (for Cloudera Manager 7.11.3).

You must install Python 3.8 (or 3.9 for RHEL 9.1) on all hosts before upgrading to Cloudera Manager 7.11.3. See Installing Python 3.

For more information about the operating systems that are supported when using Python 3.x with the Cloudera Manager Agents, see Platform support for Cloudera Manager 7.11.3.

Support for noexec option on the /tmp directory

Cloudera Manager functions normally when you enable the noexec option for the /tmp directory on cluster hosts.

The /tmp directory on Linux hosts is used by many applications to store non-persistent data and to execute transient scripts.

Users require this noexec option on /tmp directory to eliminate possible security risks by preventing the execution of binaries from the /tmp filesystem.

The noexec option prevents unintentional system modifications or corruption that may potentially lead to system instability or data theft.

Ability to modify existing Data Context and allow Ozone to be an option

Data Contexts in Cloudera Manager are used to access data in Cloudera Private Cloud Base environment. You can add or remove certain services to the Data Context. See About Data Context and Creating a Compute Cluster and Data Context.

Certify CM with HA Postgres databases with SSL enabled

Postgres HA support involves enabling Postgres HA and configuring Postgres HA behind a load balancer. See PostgresSQL High Availability.

Iceberg replication policies

You can create Iceberg replication policies in CDP Private Cloud Base Replication Manager to replicate Iceberg tables between CDP Private Cloud Base 7.1.9 or higher clusters using Cloudera Manager 7.11.3 or higher versions.

For more information, see Iceberg replication policies

Ranger replication policies

You can create Ranger replication policies in CDP Private Cloud Base Replication Manager. The Ranger replication policies migrate Ranger policies for HDFS, Hive, and HBase services between Kerberos-enabled CDP Private Cloud Base 7.1.9 or higher clusters using Cloudera Manager 7.11.3 or higher versions.

For more information, see Ranger replication policies.

Incremental replication of Ozone data using Ozone replication policies

You can choose the “Full file listing”, “Incremental only”, or “Incremental with fallback to full file listing” option as a Listing method during the Ozone replication policy creation process. The listing method determines the replication method that Ozone replication policy can use to replicate Ozone data.

For more information, see Ozone replication policies.

Ozone snapshot policies

You can create Ozone snapshot policies in CDP Private Cloud Base Replication Manager to take snapshots of Ozone buckets and volumes at regular intervals. Ozone replication policies leverage the snapshots to perform incremental replication. You can also restore an Ozone bucket to an earlier version using snapshots or restore the Ozone bucket to another bucket in Cloudera Manager.

For more information, see Ozone snapshot policies.

Collecting Heartbeat data from Cloudera Manager

Beginning with Cloudera Manager 7.11.3, a report containing basic cluster information will securely transmit to Cloudera periodically. This report contains cluster-related metadata to determine the version and size of each cluster. This information will assist Cloudera in gaining a clearer understanding of our customers' deployments so we can deliver more robust support and an improved customer experience.

Reports will be saved locally for Customers with infrastructure isolated from the public internet. For assistance, please open a General Administrative Assistance case on MyCloudera.

The generated report is human-readable for users and can be found under /var/lib/cloudera-scm-server/reports (configured as default).

Replicate Hive external tables in Dell EMC Isilon storage clusters using Hive external table replication policies

You can use Hive external table replication policies in CDP Private Cloud Base Replication Manager to replicate Hive external tables between Dell EMC Isilon storage clusters where the 7.1.9 clusters use Cloudera Manager 7.11.3 CHF1 or higher versions.

Changed or updated features

An UI for Credential Storage Provider (CSP) is introduced on Cloudera Manager interface

On Cloudera Manager UI, now you can enable and manage CSP. To find CSP, go to Administration > Security > Status tab.

From this release onwards, CSP is generally available (GA). CSP is used to encrypt the sensitive values by configuring a Secure Credential Store that stores an encryption key to encrypt and decrypt sensitive information. Later this sensitive information is stored in encrypted form only in the Cloudera Manager database. For more information about CSP, see Securing sensitive information using a Secure Credential Storage Provider.

Remove the SHA-1 hashing algorithm based GPG signing key and update them with the SHA-256 based GPG key

Cloudera Manager install packages (RPM and Deb) are now signed with the SHA-256 hashing algorithm. You must remove the SHA-1 hashing algorithm based GPG signing key and update them with the SHA-256 based GPG key.

From this release onwards, you must import a new GPG public key into the OS key ring when installing the Cloudera Manager Agent, Cloudera Manager Server, and Cloudera Manager Daemon packages. The SHA-256 based signing key is applicable to both the fresh installation and upgrade of Cloudera Manager (7.11.3 version). The new GPG keys are now signed with a more secure SHA-256 hashing algorithm.

Platform support for Cloudera Manager 7.11.3