What's New in Cloudera Manager 7.0.3
This topic describes new features in Cloudera Manager.
Apache Ranger
Apache Ranger provides auditing, authentication, and authorization functionality for your CDP - Data Center clusters. Apache Ranger provides a centralized framework for collecting access audit history and reporting data, including filtering on various parameters. Ranger enhances audit information obtained from Hadoop components and provides insights through this centralized reporting capability.
Apache Ranger also manages access control through a user interface that ensures consistent policy administration across CDP - Data Center components. Security administrators can define security policies at the database, table, column, and file levels, and can administer permissions for specific LDAP-based groups or individual users. Rules based on dynamic conditions such as time or geolocation can also be added to an existing policy rule. The Ranger authorization model is pluggable and can be easily extended to any data source using a service-based definition. For customers familiar with Cloudera Enterprise, Apache Ranger replaces the Sentry service.
Apache Atlas
-
Dynamic row filtering
-
Dynamic column masking
-
Attribute-based access control
-
SparkSQL fine-grained access control
Solr, HBase and Kudu on Compute Clusters
Creation of Solr, HBase and Kudu services on Compute Clusters is now enabled.
LDAP authentication for Kafka clients
You can now configure LDAP to allow Kafka clients to authenticate using LDAP.
OPSAPS-53093
Backup and Disaster Recovery is now called Replication Manager.
To access replication functionality in Cloudera Manager Admin Console select Replication from the left navigation menu.
Upgrade Domains
Upgrade Domains enable faster cluster restarts, faster Cloudera Runtime upgrades, and seamless OS patching & hardware upgrades across large clusters. Upgrade Domains provide an alternative to the default HDFS block placement policy, distributing data across a set of hosts (potentially larger than a single rack) that Cloudera Manager can upgrade/restart at once without compromising service and data availability. When you select Upgrade Domains as the block placement policy, you also assign an Upgrade Domain group to each DataNode host. The NameNode uses these groups to distribute blocks when writing data, and to orchestrate rolling restarts and upgrades. This feature is useful for very large clusters, or for clusters where rolling restarts happen frequently.
Cloudera Manager Upgrade Limitations
Upgrades from Cloudera Manager 5 or 6 to Cloudera Manager 7.x are not supported and will fail when Cloudera Manager server starts.
Core Configuration Service
The Core Configuration service allows you to create more types of clusters without having to include the HDFS service. Previously, the HDFS service was required in many cases even when data was not being stored in HDFS because some services like Sentry and Spark required cluster-wide configuration files that Cloudera Manager deploys within the HDFS service. The Core Configuration service provides this configuration in a standalone fashion and thus eliminates the need for an HDFS service for certain types of clusters where no HDFS storage is required (e.g. Kudu, Kafka, or ‘Compute’ clusters using exclusively object storage like S3 or ADLS). The Core Configuration service is also useful when creating a Compute cluster that accesses data on an HDFS service located in the Base cluster.
"Impala for Compute" and "Spark for Compute" no longer require HDFS. You can define the Core Configuration Service instead.
Metric Filtering
Metrics Filters allow you to limit the amount of metric data sent to the Cloudera Manager Service Monitor In large clusters, some services, such as Kudu, send a high volume of non-essential metrics data to the Service Monitor, which can overload it, causing gaps in the data reported from these metrics in charts/dashboards & metrics queries, and potentially limiting the ability for Cloudera Manager to effectively monitor cluster health . To mitigate this problem, you can configure Metric Filters that limit the amount of data sent to the Service Monitor and Host Monitor. You can configure Metric Filters for any service deployed in a cluster.
YARN Queue Manager and Capacity Scheduler
YARN Queue Manager is the queue management graphical user interface for Apache Hadoop YARN Capacity Scheduler. You can use the YARN Queue Manager to manage your cluster capacity using queues to balance resource requirements of multiple applications from various users. Using the YARN Queue Manager, you can set scheduler level-properties and queue-level properties. You can also view, sort, search, and filter queues. Queue Manager replaces Dynamic Resource pools (as used in CDH 5 and CDH 6 clusters). Capacity Scheduler is the new default scheduler for Cloudera Runtime 7 and higher.
HTTP Strict-Transport-Security
When TLS is enabled for the Cloudera Manager Admin Console, web requests now include the HTTP Strict-Transport-Security header. For more details about this header, see Strict-Transport-Security (Mozilla).
Ranger Service and Kafka
The Ranger service name for Kafka clusters is now configurable. The
default (and initialized) value is cm_kafka
.
Cloudera Manager Licensing
When the license key in Cloudera Manager expires, or the trial period expires, access to the Cloudera Manager Admin Console will be disabled. Cloudera Manager will still function, but users will be unable to interact with any features or their clusters from the Cloudera Manager Admin Console.
New Health Tests
- LDAP connections. The LDAP health check requires you to set a bind user to enable monitoring.
- Key Distribution Center (KDC) connections. The KDC health check requires Cloudera Manager Server to use Kerberos to enable monitoring.
New configuration parameters for Azure
Two new core-site configurations have been added to support delegation token collection on Azure cloud storage:
- fs.azure.identity.transformer.service.principal.substitution.list
- fs.azure.identity.transformer.service.principal.id
New Kafka Metric
A new metric has been added to the Kafka service for JVM Garbage
Collection Rate: kafka_jvm_gc_runs
.
New notification suppression parameters
Notification suppression parameters for role-level validators are now available.
Redaction in Cloudera Manager API
Previously redaction was opt-in through a JVM parameter, causing major security concerns. Customers relying on the API for backups now have a viable alternative that does not rely on exposing passwords via the API.
OPSAPS-51856, OPSAPS-52510: Single User Mode (SUM) is not supported in Cloudera Manager 7
Single User Mode is not supported for upgrades to Cloudera Manager 7.x.
Cloudera Manager User Interface Improvements
Cluster-level Configuration History
Configuration changes across all the services in a cluster are now shown in a single screen. The new configuration screen now has a search function and time-based filters.
Configuration Page Changes
- You can now toggle display of the filters on and off.
- When entering name/value pairs for environment Advanced Configuration Snippets has been enhanced with name and value fields.
- The Reason for change field is now populated automatically. You can override the field or add to the automatically-generated text.
- You can now use CNTRL + S to save configuration changes.
All Hosts Page
You can now toggle display of the filters on and off. There is a new refresh button and the page refreshes automatically every 90 seconds.
Global Search
The global search function (accessible from the left navigation menu) has been enhanced with improved sorting of results.
Enable Kerberos Wizard can now restart after errors
Previously, when user uses the Enable Kerberos wizard and there is an error with keytab retrieval, the wizard fails and there was no way to fix the problem. Cloudera Manager now allows you to resume the wizard and continue from where the error initially occurred.