Issues Fixed in Cloudera Navigator 6.2.1

Additional audit detail is captured for HBase GRANT events including the grantee username and the permissions granted. The new information is added to the operation field in the audit information. The operation text now shows grant:username>:access_permissions. For example, grant:auser:RWX.

For more information about HBase command auditing, see Auditing HBase Authorization Grants and Navigator Audits: Operations by Component.

Cloudera issue: CDH-63957

When running on Oracle Enterprise Linux 7.6 and using Oracle 12 database, Navigator Audit Server timed out when connecting to the Oracle database instance. An error message similar to the following appeared in the Navigator Audit Server log:

2019-07-15 16:07:11,611 WARN com.mchange.v2.async.ThreadPoolAsynchronousRunner
[C3P0PooledConnectionPoolManager[identityToken->2ufazoa31ws3ap3zbw3fa|62315f22]-AdminTaskTimer]:
com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector@1a7f383a -- APPARENT DEADLOCK!!!
Creating emergency threads for unassigned pending tasks!

Cloudera issue: NAV-7169

Navigator Audit Server sorts data when querying the backing database for audit information. When the backing database is Oracle, each query uses temporary tablespaces, which is cleared only when Navigator closes connections to the database. Over time Navigator queries can use up all of the temporary tablespace causing queries to fail.

This release includes a new configuration property maxConnectionAge that is set to one day (86400 seconds). If you continue to see that Navigator Audit Server is holding temp tablespace for too long for your Oracle database resources, you can adjust the setting to have Navigator Audit Server release the connections more frequently. Change the value in the Navigator Audit Server Advanced Configuration Snippet (Safety Valve) for cloudera-navigator.properties as follows:

navigator.max.connection.age=number of seconds

Note that if you have used Java Configuration Options for Navigator Audit Server to set the value of maxConnectionAge, that setting will no longer work.

This setting applies only to Navigator Audit Server with an Oracle backing database; it does not apply to other database types.

Cloudera Issue: NAV-7159

When streaming audit messages to both Flume and Kafka, if the Flume client throws an exception, Navigator Audit Server does not send the same messages to Kafka. To recover from this problem, the Flume client needs to be working.

Cloudera Issue: NAV-7143

Navigator Metadata Server version 6.2 was unable to start if the host where it is installed did not have access to the Internet. This problem is fixed in this release.

Cloudera issue: NAV-7115

The commons-fileupload package used by Navigator has been upgraded to 1.3.3 to resolve a security vulnerability indicated by CVE-2016-3092.

Cloudera issue: NAV-7099

Under some circumstances, Navigator Metadata Server created invalid operation to operation execution relations. This caused errors when displaying the lineage in the Navigator console. Also, the metadata purge could not delete the invalid relations. This problem is fixed in this release.

Cloudera Issue: NAV-7035

If a truststore password is not set, Navigator Metadata Server would not start. Cloudera Manager showed the status of "Role failed to start due to error null." This problem is resolved in this release: if TLS is enabled, Navigator Metadata Server has the same behavior as other Cloudera Manager-managed services and will start without a truststore password.

Cloudera issue: NAV-6829

In Cloudera Manager, when adding an empty rule to a service's Audit Event Filter and then saving the change, all existing audit event filters were lost. The filter configuration property was removed from Cloudera Manager's list of configuration properties.

Cloudera issue: NAV-6096