Fixed Issues in Cloudera Manager 7.4.3

Fixed issues in Cloudera Manager 7.4.3

Cloudera Bug: OPSAPS-57469: Hardcoded parcel path causes initialization failure when non-standard location is used
Added support for custom parcel location in Atlas
Cloudera Bug: OPSAPS-59221: Cruise Control default number of metric windows (1) is too low
Fixes the default values of the and configuration properties that are needed for Cruise Control to work properly.
Cloudera Bug: OPSAPS-59264: Use kafka_principal_name variable where "kafka" principal is hardcoded in Atlas CSD
Added support to use the actual Kafka principal in Atlas.
Cloudera Bug: OPSAPS-59972: Disable the TRACE method on all HTTP ports
In Streams Messaging Manager and Schema Registry the allowed HTTP methods have been changed to GET, POST, PUT, DELETE, HEAD, and OPTIONS.
Cloudera Bug: OPSAPS-59993: Disable admin port in Schema Registry
The admin port is disabled in Schema Registry (secure port: 7791, not secure port: 7789 ).
Ranger will not start on Ubuntu20 & Redhat8.2
When starting Ranger you may see the error: "/usr/bin/python: No such file or directory'".By default, Ubuntu20 and Redhat8 don’t have a default Python version configured. Instead it gives the user a choice to install, configure and run a specific Python version. so to run Python you need to explicitly type python3 or python2. User can configure the unversioned python command and set the default version. Some services in Cloudera Manager like Hue, Ranger expect to find the python command in the system’s path( /usr/bin/python). With this fix, Cloudera Manager will set python2 as the default version on Redhat8 and Ubuntu20 hosts while installing Cloudera Manager agents. No additional user actions are required.
Cloudera Bug: OPSAPS-60391: Import Deployment throws NPE on users without authRoles
When importing a deployment, you may encounter a failure, with the logs containing a NullPointerException. This is potentially caused by user entries in the deployment missing an authRole field. One reason this may happen is when external authentication and authorization (such as via LDAP or SAML) is being used. As a workaround, you can edit the JSON of the deployment to delete these users, then attempt to import the deployment again. This has now been fixed.
Cloudera Bug: OPSAPS-60514: Need to add ranger jdbc test connection parameter when user is using Oracle db
Added parameter for test query in Ranger to configure the Ranger JPA jdbc test connection according to the database type configured.
Cloudera Bug: OPSAPS-60532: Ranger plugin's audit could not authenticate to zookeeper in Streams Messaging Manager and Schema Registry
Generate JAAS config for Streams Messaging Manager and SR to SASL authenticate to zookeeper.
Cloudera Bug: OPSAPS-60537: Permission on warehouse/tablespace/external/hive after installing Impala
CDP clusters that have Impala service installed have HDFS ACLs for the external warehouse directory set to default:other::rwx. This means that any application or user which does direct HDFS operations on external tables located in external an warehouse directory will have all the permissions to read, write or list any files.
If there is Impala service installed, a application (like spark) has read,write, execute privileges on HDFS directories for all the external tables. If Impala service is not installed the external warehouse directory permissions are only read/write enabled for users of the hive group.
If there are applications other than Impala or Hive which need HDFS access to the external tables, the HDFS permissions for such applications should be explicitly allowed by Ranger.
Additional notes: External Hive warehouse directory is created with default:other::rwx permissions when the Impala service is installed in Cloudera Manager. This can cause new subdirectories within external warehouse directory (databases and tables) to have rwx permissions on HDFS. With this patch, the external warehouse is created with default:other::--- permissions. In the case of a non-Hive or non-Impala user needing the subdirectory permissions they should be managed by Ranger.
Cloudera Bug: OPSAPS-60559: Fix omid options
Incorrect -Xmx settings when Cloudera Manager starts Omid has been fixed.
Cloudera Bug: OPSAPS-60562: Add Raz claim to the DT tokens issued by Knox
Additional audience claim "raz" is now added to tokens issues by IDBroker.
Cloudera Bug: OPSAPS-60601: Improper parameter passing in Streams Replication Manager CSD
The generated configuration for Streams Replication Manager could become corrupted, either when the security configuration uses JAAS properties AND at least one of the JAAS secrets defined in a Kafka External Account contained a space. in this case, the Streams Replication Manager client won't be able to connect to the respective cluster - or at least one replication flow's target is an unsecured cluster; in this case, replication won't start. The issue has been fixed. JAAS secrets can be used in Kafka External Accounts, and an unsecure cluster can be the destination of a replication flow.
Cloudera Bug: OPSAPS-60630: Extension of OPSAPS-59969 - Add role status and health summary to api/v43/hosts
The HostResource/{hosts} API call of the Cloudera Manager API now contains each role's health and status if the view is set to FULL or FULL_WITH_HEALTH_CHECK_EXPLANATION.
Cloudera Bug: OPSAPS-60648: Cruise control access log is in the process's folder1 instead of /var/log/cruisecontrol
The access.log of Cruise Control has been moved to the log directory where other logs of the service can be found.
Cloudera Bug: OPSAPS-60660: Expose Knox Token TTL for token generation in the Cloudera Manager Admin Console
End-users could not configure a Knox token TTL in the Cloudera Manager Admin Console.
Cloudera Bug: OPSAPS-60663: Kudu version is incorrect in Cloudera Manager
Fixed the Kudu version property in KUDU CSD.
Cloudera Bug: OPSAPS-60685: HBase health check problem caused by missing opentelemetry
Included opentelemetry jars in Cloudera Runtime libraries to fix an HBase healtcheck problem.
Cloudera Bug: OPSAPS-60738: Error message dis;lays when trying enable/disable HDFS HA or add an HDFS nameservice
Adding a Nameservice or Enabling /Disabling HDFS HA failed when Cloudera Manager is configured using Knox. This issue is fixed.
Cloudera Bug: OPSAPS-60766: Stack Area charts don't put the layers on top of each other
Fixed an issue where stack charts are now stacked on top of each other rather than placed in front of each other.
Cloudera Bug: OPSAPS-60775: Streams Replication Manager does not generate external account configurations for the Streams Replication Manager Service
The Streams Replication Manager Service configuration now contains the Kafka External Accounts configuration, enabling Streams Replication Manager Service to access Kafka clusters defined through External Accounts.
Cloudera Bug: OPSAPS-60803: Use the security protocol from Kafka dependency extension in CruiseControl
The security.protocol can be overridden using the Cruise Control Server Advanced Configuration Snippet (Safety Valve) for
Cloudera Bug: OPSAPS-61010:Cloudera Manager Redhat8.2 IBM PowerPC agent installation failure on libboost_python3
Added boost-python3 as a dependency to the Cloudera Manager Agent RPM
Cloudera Bug: OPSAPS-61141: CDP environment fails with Failed to create HDFS directory on Azure with RAZ enabled
after creating new RangerRaz-identity
          Storage Account<cdp-env-name>
          Storage Blob Data Owner 
          Storage Blob Delegator
          we could able to bring up RAZ on Azure
Cloudera Bug: OPSAPS-61215: Add support for telemetry publisher to read logs from GCS
Telemetry publisher is now able to read the logs from GCS storage..
Cloudera Bug: OPSAPS-61289: Fix minimumMemory requirement for OMID TS during upgrade to 7.2.11
The minimum memory requirement for Omid TSO is now updated during upgrade.
Cloudera Bug: OPSAPS-61362: Atlas fails with Failed to create new KafkaAdminClient
Atlas auth-to-local rules generation has been hanced to handle escaping a comma from the rules.
Cloudera Bug: OPSAPS-61474: Knox token API call on homepage topology failed with 404
Knox's data/applications folder gets recreated every time Knox starts.