Fixed Issues in Cloudera Manager 7.6.2

Fixed issues in Cloudera Manager 7.6.2

Cloudera Bug: OPSAPS-48098: Cannot cancel Impala queries from the Cloudera Manager Admin Console or impalaQueries API on a non-kerberized cluster if Cloudera Manager/impalad LDAP authentication is enabled

Cloudera Manager might not be able to cancel an Impala query if LDAP is enabled in the Impala service and is different from Cloudera Manager's LDAP authentication. Two new Impala configurations have been added to allow an administrator to add a LDAP username and password to the Cloudera Manager's Impala configuration, when such a LDAP username and password is provided and when Impala is configured with LDAP.

Cloudera Bug: OPSAPS-61278: The Streams Replication Manager Client’s secure storage fails to generate correctly in FIPS-enabled clusters

The Streams Replication Manager client configuration secure storage did not work on FIPS-enabled clusters, which caused problems when trying to use the srm-control tool with the deployed client configurations. Secure storage is now working in FIPS enabled clusters.

Cloudera Bug: OPSAPS-62087: Upgrade ttorrent-core

The ttorrent-core dependency has been removed due to CVE issues. This fixes the following CVEs: CVE-2008-0071, CVE-2008-0364, CVE-2008-4434, CVE-2008-7166, CVE-2014-8515, CVE-2015-5474

Cloudera Bug: OPSAPS-62548: TopicMetrics get deleted from Cloudera Manager during restart or Kafka partition reassignment

Fixed an issue where KafkaTopicMetrics were accidentally deleted from ServiceMonitor's Timeseries database during a Kafka restart or partition leader change.

Cloudera Bug: OPSAPS-62581: Address log4j CVE-2021-44228

This patch addresses CVE-2021-44228 for log4j.

Cloudera Bug: OPSAPS-62588: Cloudera Manager: Upgrade Logredactor to version 2.0.11 to remediate CVE-2021-44228

This patch addresses CVE-2021-44228 affecting log4j library.

Cloudera Bug: OPSAPS-62670: Upgrade the transitive dependency of Log4j2 used by Hive in Cloudera Manager to 2.17.1

In some scenarios, a role may already exist in Ranger, In that case Authzmigrator tool throws an error because the role already exists. This has been fixed.

Cloudera Bug: OPSAPS-62760: Jetty version shown in HTTP header

The Jetty error page has been modified to hide the version and Jetty server name.

Cloudera Bug: OPSAPS-62770: Cloudera Manager Server setting HBaseCmdOpts.hbaseClusterKey incorrectly.

When using the Cloudera Manager API, when ApiHBaseReplicationArguments.hbaseClusterKey was left null/empty, the Cloudera Manager server supplied an incorrect default value for the cluster key. With this fix, if the value is null or empty, the correct cluster key is set.

The cluster key generated is hbase.zookeeper.quorum:hbase.zookeeper.property.clientPort:zookeeper.znode.parent.

Cloudera Bug: OPSAPS-62812: HostMonitor: Missing HSTS Header

Fixed an issue where the Service Monitor and Host Monitor only open a single port when TLS is used for increased security.

Cloudera Bug: OPSAPS-62836: WAITING_FOR_SOURCE_RESTART status when cluster setup hasn't started

Sometimes during HBase Replication First Time setup, the status may report WAITING_FOR_SOURCE_RESTART before it is really waiting for the source to restart. This behavior has been fixed to report the correct status.

Cloudera Bug: OPSAPS-62910: HBase peer is not removed if several policies are deleted simultaneously

When attempting concurrent deletion of an HBase policy, when the last policy referencing the HBase peer is deleted, the HBase peer will be deleted as well.

Cloudera Bug: OPSAPS-62948: Simultaneous HBase policy creation can fail

When attempting to create multiple HBase policies concurrently, sometimes all of the create operations did not complete. With this fix, all concurrent create operations should succeed.

Cloudera Bug: OPSAPS-62956: Failed delete of policy for which creation failed

When multiple HBase policies are created concurrently, sometimes some of them would fail, or succeed but have wrong column families saved. With this fix, they should now all succeed, and the underlying HBase peer should contain all of the tables/column families from all the policies created.

Cloudera Bug: OPSAPS-62970: Upgrade AuthzMigrator to handle Ignore "already exists" failures

This fix handles the scenario where roles already exist in Ranger.

Cloudera Bug: OPSAPS-62980: Browser crashes with out-of-memory error when Dashboards contain numerous or complex charts

Browser crashed with out-of-memory error on complex Dashboard pages due to charts resize, drag and drop functionality.

You can now use the new Edit Layout menu option on the Dashboard pages and chart sections (e.g. Cluster, Host, Service, Role status pages) for enabling resize functionality. By default, the charts position and size are static. In order to modify the chart size, position they use the Edit Layout menu option.

Cloudera Bug: OPSAPS-62998: Synchronization of HBase peer disable/enable

When concurrent HBase enable/disable policy operations are run, sometimes the final policy status was inconsistent. For instance, after the last operation that completed, the policy status was not set as desired. This situation can be sporadic. With this fix, the HBase policy status will be set reliably.

Cloudera Bug: OPSAPS-63017: Kafka Connect not appearing in Streams Messaging Manager UI

Kafka Connect was sometimes not appearing on the Streams Messaging Manager UI, even when it was properly configured.

Cloudera Bug: OPSAPS-63069: Kafka keystore and truststore type is not configured for Cruise Control metrics reporter

The keystore and truststore types are now correctly supported by the Cruise Control metrics reporter in the Kafka broker. Previously, the type would not be configured, causing issues if the store type did not match the default type. Now the type is correctly configured.

Cloudera Bug: OPSAPS-63077: Fix decommisioning/recommissioning nodemanager failure in YARN

If Zookeeper config store is set in YARN, and QueueManager is not used every YARN node decommission caused an exception, because it called the refreshQueues command (which is disallowed if a mutable configuration store is used). This has been fixed

Cloudera Bug: OPSAPS-63104: Streams Replication Manager Service Co-Located Service password default is invalid

The Streams Replication Manager Service Basic Authentication would not work with the default, random generated password. Streams Replication Manager Service Basic Authentication default password is identical on all Streams Replication Manager Service role instances without any extra actions.

Cloudera Bug: OPSAPS-63138: HBase first time setup is green although remote command failed

When Cloudera Manager does HBase replication first time setup between the given source and destination and the HBASE_REPLICATION_AUXILIARY_INFO parameter was unintentionally left there from an older HBase replication first time setup, then the 'Admin setup remote command' step failed and was ignored on the source. Therefore the HBase replication first time setup command was still displayed as successful on the destination. This has been fixed

Cloudera Bug: OPSAPS-63158: Cruise Control may not able to start after upgrade, when the initial cluster version is 7.2.14 or lower and the post-upgrade version is 7.2.14.

This issue occured when any of Cruise Control's goals lists (default-, supported-, hard-, self-healing-, anomaly detection goals) contain com.linkedin.kafka.cruisecontrol.analyzer.goals.RackAwareGoal.

Cruise Control now automatically overrides all of the deprecated RackAwareGoal occurrences with RackAwareDistributionGoal, in its configurations during a parcel upgrade.

Cloudera Bug: OPSAPS-63419: Yarn MR Aggregation job fails with pt_PT locale

Fixed an issue where the Yarn MR Aggregation job got stuck with certain locale settings.

Cloudera Bug: OPSAPS-62471: Revert OPSAPS-32569 Disable HBase replication monitoring when Kerberos is enabled

Fixed an issue where HBase replication monitoring was not enabled when Kerberos was enabled.