Known Issues and Limitations in Cloudera Manager 6.2.1

Cloudera Manager 6.x issue with the service role Resume

If a selected service role on a node is restarted and fails, and the customer clicks the "Resume" button in Cloudera Manager, the service role on all of the nodes will be restarted concurrently.

Products affected: Cloudera Manager

Releases affected:
  • Cloudera Manager 5.5 and later
  • Cloudera Manager 6.0 until 6.3.3
  • Cloudera Manager 7.1.x

Users affected: Users with admin role in Cloudera Manager can impact end users of the service.

Impact:In production clusters this can result in a cluster-wide service outage; Already observed for the YARN service and the HDFS service in a few clusters.

Severity: High

Action required:
  • A workaround exists where instead of performing a restart we recommend performing a stop/start of the services.
  • Issue is fixed in CM-6.3.4, CM-7.2.1 and above.

Knowledge article: For the latest update on this issue see the corresponding Knowledge article: Cloudera Customer Advisory: Cloudera Manager 6.x issue with service role Resume

Cloudera Manager installation fails on MariaDB 10.2.8 and later

When installing Cloudera Manager using MariaDB 10.2.8 or later, the Cloudera Manager web server doesn't come up and the install process ends with a failed status. The cloudera-scm-server.log includes the following SQL error:

2019-08-28 04:37:10,171 FATAL main:org.hsqldb.cmdline.SqlFile: SQL Error at 'UTF-8' line 57:
  "alter table ROLE_CONFIG_GROUPS
  drop column REVISION_ID"
  Key column 'REVISION_ID' doesn't exist in table
2019-08-28 04:37:10,171 FATAL main:org.hsqldb.cmdline.SqlFile: Rolling back SQL transaction.
2019-08-28 04:37:10,172 ERROR main:com.cloudera.enterprise.dbutil.SqlFileRunner: Exception while executing ddl scripts.
  com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Key column 'REVISION_ID' doesn't exist in table

Note that MariaDB 10.2.8 is provided by default in some operating systems, including SLES 12 SP4.

Workaround: Replace the default MariaDB 10.2.x version with MariaDB 10.2.7.

Affected Versions: MariaDB 10.2.8 and later

Cloudera Issue: OPSAPS-52340

Cloudera Manager 6.2.0 does not have the correct license notification

Cloudera Manager 6.2.0 contains the third-party license notification for a previous release. You can view the correct license notification file here or on the Third-party License Page for Cloudera Manager.

BDR - Hive restore failing during import

When the table filter used during hive cloud restore is different from the table filter used to create the hive cloud backup, the import step fails with the table not found error. Currently it impacts only the cloud restore scenario.

Products affected: Cloudera Manager

Releases affected:
  • Cloudera Manager 5.15, 5.16
  • Cloudera Manager 6.1.x
  • Cloudera Manager 6.2.x
  • Cloudera Manager 6.3.x

Users affected: BDR, Hive cloud restore, where restore uses a subset of tables from the exported tables

Impact:
  • Limited, the hive cloud restore all tables works properly.
  • The hive cloud restore from the hive cloud backup created prior to Cloudera Manager 5.15 would work without any problem.
  • No other BDR functionality is affected.
Immediate action required:
  • Workaround: Not available. Importing specific tables would fail. Impoting ALL tables would continue to work properly.
  • Upgrade: Upgrade to a Cloudera Manager version containing the fix.

Addressed in release/refresh/patch: Cloudera Manager 7.0 and higher versions

Limitations for Virtual Private Clusters

There are a number of limitations and considerations for running Virtual Private Clusters, including the types of services you can run on a Compute cluster and supported versions of CDH. See Compatibility Considerations for Virtual Private Clusters.

Restart of Impala and Hive required for Cloudera Manager 6.2 upgrade with ADLS

After upgrading to Cloudera Manager 6.2 or higher, Impala and Hive will be marked as stale for users running CDH 6.1 and using the ADLS Service. You will need to restart Hive and Impala before being able to connect to ADLS Gen2, but all previous functionality will continue to work without a restart. The configurations that will be marked stale are:
  • fs.azure.account.auth.type
  • fs.azure.account.oauth.provider.type
  • fs.azure.account.oauth2.client.endpoint
  • fs.azure.account.oauth2.client.id
  • fs.azure.account.oauth2.client.secret.

Cloudera Bug: OPSAPS-47436

Add Hive Execution Service on Compute Cluster for Hue

To enable Hue to run Hive queries on a Compute cluster, you must install the Hive Execution Service on the Compute cluster.

Alternately, you can disable the Hive editor in Hue to prevent users from using it (it will not work correctly) by doing the following:
  1. In the Cloudera Manager Admin console, go to the Hue service on the Compute cluster.
  2. Open the Hue Web UI.
  3. Select Admin > Manage Users.
  4. Select the Group tab.
  5. Click on the row containing the default group.
  6. De-select the beeswax.access:Launch this application permission.
  7. Click Update Group.

Cloudera Bug: DOCS-4438 OPSAPS-49062

BDR invalidate metadata command

When running a Hive replication job, the invalidate metadata command is run automatically by the replication job and runs as the impala user. If an administrator has configured a different user with permissions to run the invalidate metadata command, the command fails.

Workaround: Grant the Impala user permission to run the invalidate metadata command.

Cloudera Bug: OPSAPS-44327

TLS Protocol Error with OpenJDK

If you are using an older version of OpenJDK 1.8 and have enabled SSL/TLS for the Cloudera Manager Admin Console, you may encounter a TLS protocol error when connecting to the Admin Console, stating that there are no ciphers in common. This is because older versions of OpenJDK may not implement certain TLS ciphers, causing an inability to log into the Cloudera Manager Admin Console when TLS is enabled.

Workaround:

You can workaround this issue by doing one of the following:
  • Upgrade OpenJDK to a supported version of OpenJDK that is higher than version 1.8.0_181.
  • If it is not possible to upgrade OpenJDK, enable less secure TLS ciphers in Cloudera Manager. You can do this by opening the /etc/default/cloudera-scm-server in a text editor and adding the following line:
    export CMF_OVERRIDE_TLS_CIPHERS=<cipher_list>
    Where <cipher_list> is a list of TLS cipher suites separated by colons. For example:
    export CMF_OVERRIDE_TLS_CIPHERS="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:TLS_DHE_RSA_WITH_AES_128_CBC_SHA:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:TLS_DHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:TLS_EDH_RSA_WITH_3DES_EDE_CBC_SHA:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_128_CBC_SHA256:TLS_RSA_WITH_AES_256_CBC_SHA256:TLS_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_3DES_EDE_CBC_SHA"
    

Cloudera Bug: OPSAPS-49578