New Features and Changes in Cloudera Manager 6.2.0

BDR now supports Hive direct replication from on-premise to S3/ADLS clusters and metadata replication to the Hive Metastore.

Using a single replication process, BDR enables Hive data to be pulled from HDFS to S3/ADLS clusters and use the "Hive-on-cloud" mode, where the target Hive Metastore updates the table locations to point to S3/ADLS clusters. This process facilitates easy data migration and synchronisation between the cloud and on-premise clusters.

For more information, see Hive/Impala Replication.

You can now replicate HDFS files and Hive data to and from Microsoft ADLS Gen2. To use ADLS Gen2 as the source or destination, you must add Azure credentials to Cloudera Manager. Note that the URI format for ADLS Gen2 is not the same as ADLS Gen1. For ADLS Gen2 use the following URI format: abfs[s]://<file_system>@<account_name>.dfs.core.windows.net/<path>/.

Cloudera Manager now detects and rejects duplicate hosts from joining a cluster and gracefully tolerates > changes in hostnames for managed hosts, better supporting automated deployments

An Initialize Accumulo checkbox now displays in the Installation wizard.

Cloudera Issue: OPSAPS-48619

You can now specify a JDBC URL when establishing a connection from the Hive service to a supported backend database (MySQL, PostgreSQL, or OracleDB). Enter the JDBC URL on the Setup Database page in the Create Cluster and Create Service wizards in Cloudera Manager.

Cloudera Issue: OPSAPS-48668

Cloudera Enterprise licenses now include a start date and a deactivation date. Enterprise-only features are enabled on the start date and will be disabled after the deactivation date. If you install the license before the start date, a banner displays in the Cloudera Manager Admin console showing the number of days until the license becomes effective.

Cloudera Issue: OPSAPS-47500

When an Enterprise license expires, Cloudera Manager reverts to the Express version. This includes enforcing a maximum of 100 nodes across all CDH 6 clusters.

Cloudera Issue: OPSAPS-48611

Features only available with a Cloudera Enterprise license are turned off after the deactivation date has passed. For legacy licenses that do not have a deactivation date, the features are turned off on the expiration date.

Cloudera Issue: OPSAPS-46864

Cloudera Manager will not allow KMS configuration changes after the deactivation date specified in the new license file although the KMS will remain functional. For legacy licenses, the deactivation date defaults to the expiration date specified in the license.

Cloudera Issue: OPSAPS-48501

Cloudera Manager now has an API to test network bandwidth between clusters, helping determine if the infrastructure is suitable for separating storage and compute services.

There is a new Cloudera Manager API endpoint, /users/expireSessions/{UserName} that can be invoked by a user with the Full administrator or User administrator role that expires all of a particular user's active Cloudera Manager Admin console sessions - local or external. Please refer to the Cloudera Manager REST API documentation for more information.

Cloudera Issue: OPSAPS-43756

The Cloudera Manager API endpoint ApiServiceRef now returns the service type. Please refer to the Cloudera Manager REST API documentation for more information.

Cloudera Issue: OPSAPS-48369

{ ""owner"" : ""John Smith"", ""uuid"" : ""12c8052f-d78f-4a8e-bba4-a55a2d141fcc"", ""features"" : [ { ""name"" : ""PEERS"", ""description"" : ""Peers"" }, { ""name"" : ""BDR"", ""description"" : ""BDR"" }, { ""name"" : ""KERBEROS"", ""description"" : ""Kerberos"" }, . . .

Please refer to the Cloudera Manager REST API documentation for more information.

Cloudera Issue: OPSAPS-49060

ApiAuthRole entities can now be specified and looked up with a name string for the role, as specified in the API documentation. Please refer to the Cloudera Manager REST API documentation for more information.

Cloudera Issue: OPSAPS-46780

The following metric is deprecated: kafka_responses_being_sent

Cloudera Issue: OPSAPS-48911, OPSAPS-48798, OPSAPS-48311, OPSAPS-48656

Kafka Broker IDs are now displayed on the Cloudera Manager's Kafka Instances page.

Cloudera Issue: OPSAPS-44331

Cloudera Issue: OPSAPS-36755

Cloudera Issue: OPSAPS-47051

A new script, zookeeper-security-migration.sh script is now available to lock down Kafka data in Zookeeper. See Kafka Security Hardening with Zookeeper ACLs.

Cloudera Issue: OPSAPS-47988

A new graph, Operations Awaiting Compilation for HiveServer2 compilation metrics has been added.

Cloudera Issue: OPSAPS-47506

ADLS credentials are now stored securely via Cloudera Manager for use with HS2. This enables multi-user Hive-with-ADLS clusters.

Learn more at Configuring ADLS Access Using Cloudera Manager.

Cloudera Issue: OPSAPS-49076

S3 credentials are now stored securely by Cloudera Manager for use with Hive. This enables multi-user Hive-on-S3 clusters.

Learn more at Configuring the Amazon S3 Connector.

The following sub-tasks are related to this feature:

• Distribute the path of the HDFS credential store file and decryption password to HS2

  Adds job credstore path and decryption password propagation for HS2.

  Cloudera Issue: OPSAPS-48662

• Manage an encrypted credential store in HDFS for HS2

  Adds a job specific credstore for HS2.

  Cloudera Issue: OPSAPS-48661

• Rotate the password and the encrypted credential file in HDFS on every HS2 restart

  Adds password and credstore file rotation on every HS2 role restart.

  Cloudera Issue: OPSAPS-48663

You can now use Auto-TLS to add TLS to an existing cluster. This functionality is available in both the Cloudera Manager Admin Console and by using the API. See Configuring TLS Encryption for Cloudera Manager and CDH Using Auto-TLS,

There is a new cluster Cloudera Manager API command ConfigureAutoTlsServices which will enable Auto-TLS for services in a single cluster. Please refer to the Cloudera Manager REST API documentation for more information.

Cloudera Issue: OPSAPS-47349

When TLS is enabled for the Cloudera Manager Admin Console web requests now include the HTTP Strict-Transport-Security header. For more details about this header, see Strict-Transport-Security (Mozilla).

Cloudera Issue: OPSAPS-282290

Added the ability to specify the TLS protocol and the TLS cipher suites in CSDs.

Cloudera Issue: OPSAPS-48214

Exposes properties that can be used to configure TLS from the Hive Metastore Server to the Hive Metastore Database. As a minimum configuration requirement, the Enable TLS/SSL to the Hive Metastore Database checkbox must be enabled. (The default value is disabled.) If the Hive Metastore TLS/SSL Client Truststore properties are provided, then those will be used. Otherwise, the default list of well-known certificate authorities will be used. Additionally, ability to provide a JDBC URL override to use when connecting to the database is also exposed. This will override all other values used to create the JDBC URL. This is an advanced configuration option and should only be used as a safety-valve.

Cloudera Issue: OPSAPS-48666

There is now a Cloudera Manager API command, GenerateCmcaCommand, which will enable Auto-TLS for an existing Cloudera Manager deployment. This command creates an internal Cloudera Manager Certificate Authority (CMCA) and certificates for all existing hosts. Please refer to the Cloudera Manager REST API documentation for more information.

Cloudera Issue: OPSAPS-43102

Flume now supports Auto-TLS when used with Kafka.

Cloudera Issue: OPSAPS-46339

Auto-TLS is not available when using a Trial license. To enable Auto-TLS, you must have an Enterprise license.

Cloudera Issue: OPSAPS-48981

When using Auto-TLS with custom certificates, you can use the new AddCustomCerts command to add certificates associated with a hostname to the Auto-TLS certificate database. Please refer to the Cloudera Manager REST API documentation for more information. details.

Cloudera Issue: OPSAPS-48678