Fixed Issues in Cloudera Manager 7.3.0
Fixed issues in Cloudera Manager 7.3.0.
- Cloudera Bug: OPSAPS-58659: Create a new checkbox in Oozie's Cloudera Manager configuration to control the Callback URL Kerberos enablement
- For more information, see https://jira.cloudera.com/browse/DOCS-7797
- Cloudera Bug: OPSAPS-56678: SRM client configuration (srm.properties) contains invalid properties
- New configuration resolvers added: file, system environment with default. (This change is backward compatible, old configuration works as usual.)
- Cloudera Bug: OPSAPS-56457: Schema Registry yaml file generation broken on Azure.
- When setting up the service the install script failed to properly set the
""fs.defaultFS"" property. Example:
core-site.xml:
registry.yaml: fsUrl: "abfs://bsari-azl.dfs.core.windows.net/bsari-srtest-az" Notice: the ""bsari-azl@"" part is missing. Fix: By using sed it can handle the ""@"" character well in replacement.<property> <name>fs.defaultFS/name> <value>abfs://bsari-azl@msisan.dfs.core.windows.net/bsari-srtest-az</value> </property> - Cloudera Bug: OPSAPS-53309: Upgrade com.ning:async-http-client:1.9.40 due to CVE
- AsyncHttpClient used by Cloudera Manager is upgraded to org.asynchttpclient.async-http-client version 2.12.1.
- Cloudera Bug: OPSAPS-56286: Schema Registry Health Check broken with multiple instances
- Health State fixed for Schema Registry when having multiple instances
- Cloudera Bug: OPSAPS-57411: Configuration for metrics fetching in group or separately
- Configurable SMM metrics fetching mode
- Cloudera Bug: OPSAPS-57539: Sometimes SMM UI process does not get killed and prevents restarting it
- The SMM UI stop script has been improved, so that it will kill the child processes to prevent the SMM UI process from being stuck.
- Cloudera Bug: OPSAPS-58661: Increasing default value of ZooKeeper Session Timeout in Kafka
- Increasing default value of ZooKeeper Session Timeout in Kafka for 7.1.5 runtime version.
- Cloudera Bug: OPSAPS-58708: Failed to log audit event in Ranger for Kafka in AutoTLS enabled cluster
- Ranger plugin's audit logging works with non-secure Zookeeper connection while Kafka itself still uses TLS connection to Zookeeper.
- Cloudera Bug: OPSAPS-56239: TEZ_JARS classpath directory configuration should not be hardcoded in hive.sh
- The parcel root directory had initially been hardcoded in various locations, causing issues if a different path was utilized. The parcels root directory is no longer hardcoded, and is now dynamically set.
- Cloudera Bug: OPSAPS-58107: CSD support to configure caching in SMM Authorizer
- SMM request processing is sped up by introducing an authorization cache. The default TTL of the cache is 30 seconds and it is configurable in CM. Setting the TTL to 0 disables the cache entirely.
- Cloudera Bug: OPSAPS-57745: SMM UI Server failed to start but status in CM still show green
- Cloudera Manager now correctly displays role status when the SMM UI process fails/stops.
- Cloudera Bug: OPSAPS-58990: SMM and Schema Registry Ranger plugin Solr audits fails with HTTP 403
- Fixed SMM Ranger plugin authorization issue with Solr. Audit events can now be logged to Solr.
- Cloudera Bug: OPSAPS-56345: Issues with Schema Registry's Ranger repo handling
- Ranger init script was rewritten to generate the repo name with a unique name. It will also not fail in case the repo already exists.
- Cloudera Bug: OPSAPS-57317: Ranger user cannot send requests to SchemaRegistry
- Added user rangerlookup to the default list of users when creating the schemaregistry policy in ranger
- Cloudera Bug: OPSAPS-57294: Schema Registry first run fails when multiple Ranger Admin services are configured
- Schema Registry startup script now can handle the case when multiple Ranger Admin services are configured.
- Cloudera Bug: OPSAPS-57444: SMM throws an error if keystore and private key password are not the same
- SMM secure configuration now supports non-matching key and keystore passwords; affects CDH >= 7.2.2 and CDH >= 7.1.4
- Cloudera Bug: OPSAPS-58819: Unable to set nullable fields with template import
- A restriction was placed to import cluster templates with null values prior to this Cloudera Manager Version. That is causing issues when users import a template generated by a previous CM version. As it used to allow setting null to the configuration field value. With this fix, that restriction has been removed.
- Cloudera Bug: OPSAPS-58731: Add CM configurations for raz-s3
- Emitting Ranger Raz configs for S3 to HDFS core-site.xml and to RAZ raz-site.xml
- Cloudera Bug: OPSAPS-59219: [ranger-raz] Add ranger.raz.service-type.s3.super.users to fix cluster template init failure
- Cloudera Bug: OPSAPS-59012: Telemetry Publisher is broken
- Telemetry publisher no longer throws ClassDefNotFoundException
- Cloudera Bug: OPSAPS-56328: Changing port numbers to non-ephemeral ports
- Setting Kafka Connect default ports to be non ephemeral ports.
- Cloudera Bug: OPSAPS-58728: Specify JDBC override param in Ranger CSD
- Tested only JDBC url override for postgres database type for Ranger CSD supporting CDPD - 7.1.5 installation.
- Cloudera Bug: OPSAPS-57410: Add Security related headers to SMM Rest API Server responses
- Added Security-Related Headers to SMM Rest API respones: - Strict-Transport-Security - Cache-Control
- Cloudera Bug: OPSAPS-57409: Add security related header controls to all Schema Registry responses.
- Added the following HTTP headers to ScemaRegistry HTTP responses: -Content-Security-Policy -XSS-Protection -X-Frame options -Content-Type-Options -Cache-control
- Cloudera Bug: OPSAPS-58541: Code to disable repeat for HBase schedules
- Disabled repeat for HBase replication schedule, similar to Hive3
- Cloudera Bug: OPSAPS-58435: Implement remove_peer for HBase replication
- Cloudera Bug: OPSAPS-58751: Disable table for HBase replication
- Implemented disable table replication for HBase schedules when removing a table from the HBase peer's tableCFs list.
- Cloudera Bug: OPSAPS-58473: Implement enable_peer/disable_peer for HBase replication
- Implemented enable_peer/disable_peer for HBase replication
- Cloudera Bug: OPSAPS-58628: [JUnit testing] Implement enable_peer/disable_peer for HBase replication
- Created JUnit tests for OPSAPS-58473: Implement enable_peer/disable_peer for HBase replication
- Cloudera Bug: OPSAPS-58539: Redo HBaseReplicationCmdArgs.
- Refactored HBaseReplicationCmdArgs
- Cloudera Bug: OPSAPS-58542: [hbase][cdh-to-cdp] Proper paramSpec(s) instead of safety valve
- Introduced new paramSpec: hbase_replication_auxiliary_info
- Cloudera Bug: OPSAPS-56085: Adding a CSD version with new metrics hits staleness check upon upgrading Cloudera Manager
- Multiple version compatibility ranges starting within the same major version can now be specified for built-in and CSD metrics. Metric version compatibility ranges that are not composed of one or more full major versions are now honored throughout Cloudera Manager.
- Cloudera Bug: OPSAPS-58405: Add GCP support for IDBroker evaluators
- GCP IDBroker configs will now appear in core-site.xml
- Cloudera Bug: OPSAPS-58617: cdp-proxy topolgy is missing identity-assertion
- Added identity-assertion provider into the cdp-proxy Knox topology.
- Cloudera Bug: OPSAPS-59184: Incorrect Log4J configuration in Knox's control.sh
- Fixed logging issues in Knox IDBroker and corrected log configuration file paths.
- Cloudera Bug: OPSAPS-58820: [CDP Public Cloud][7.2.6][RAZ S3] SDX Cluster creation failed, Access Denied for hdfs user
- Added hdfs user as superuser for RAZ S3
- Cloudera Bug: OPSAPS-58889: HttpFS Safety Valve config for core-site.xml incorrectly gets emitted to hdfs-site.xml
- HttpFS Safety Valve config for core-site.xml should now correctly be added to HttpFS core-site.xml.
- Cloudera Bug: OPSAPS-54954: CM - Streams Replication Manager's Replication Configs "?" wording goes off page
- Streams Replication Manager's Replication Configs help text was wrongly formatted.
- Cloudera Bug: OPSAPS-55872: Missing configs in Cruise Control CSD
- Added self.healing.goals, hard.goals and anomaly.detection.goals configs. affects: CM >= 7.2.1 and CDH >= 7.2.1, CM >= 7.3.0 and CDH >= 7.1.6
- Cloudera Bug: OPSAPS-59143: [Knox] Failed to create new KafkaAdminClient
- Fixed properties for Atlas gateway role for proper Atlas Kafka communication.
- Cloudera Bug: OPSAPS-58499: Use Impala krpc port for connectivity check
- This Jira is related to IMPALA-9180, which remove impala thrift based backend port and use krpc port to construct subscriber_ids.
- Cloudera Bug: OPSAPS-56938: Update Spring Data Commons for Security (CM) in 6.3.3 (CVE-2018-1273)
- Upgraded to Spring Data Commons 1.13.11
- Cloudera Bug: OPSAPS-56854: Update Spring Framework for CM in 7.2.0 (CVE-2018-1270)
- Using Spring Framework 4.3.19.RELEASE
