Known issues

This section lists known issues that you might run into while using the CDP Private Cloud Management Console service.

CLI and SDKs are not supported in the current release

Problem: CLI and SDKs are not support in the current CDP Private Cloud release.

Workaround: Use the UI instead.

Uploading a certificate using the CLI

Problem: To generate an access key or private key using the CDP CLI you must use the add the private cloud certificate to the system truststore.

Workaround:

  1. Obtain the certificate from Management Console.

    For example:

    openssl s_client -showcerts --connect console-test-cdpb775.apps.cp-testdev-01.kcloud.cloudera.com:443

  2. Copy the certificate chain output to a file:

    For example:

    -----BEGIN CERTIFICATE-----
    MIIDRTCCAi2gAwIBAgIIErICIY/wgQ0wDQYJKoZIhvcNAQELBQAwJjEkMCIGA1UE
    AwwbaW5ncmVzcy1vcGVyYXRvckAxNTkwMjQ5MDE2MB4XDTIwMDUyMzE1NTAxNloX
    DTIyMDUyMzE1NTAxN1owMzExMC8GA1UEAwwoKi5hcHBzLmNwLXRlc3RkZXYtMDEu
    a2Nsb3VkLmNsb3VkZXJhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
    ggEBAM+1XJtBf37kXNgy+eSvM0POjoumYZFRMRZl0hRbFGioCfsaioj8hfGANQiY
    qQsBMa9YppPzcJ7Gza0B/QTzjSQzexxpRnY1cSrz+xaMA/sejuAE6mBf8lhlBQ8b
    VmBuDunh6l90AosYDKrEdRQRN4Ik5DQ2oLrHavR6w8f0Fg0jHhsapiakLH6s1FWg
    bENEWnzCGQcz75/z1oY/E9gHw6kNO0Xl+HYPXe6blg+9nOdts6EZe5MuWaGfxQSp
    LtNTbRBffk7ShZcrfe6QV5M+rQuMEhA89D/XypiDeSKmk+GjUTGhIdeiZ//JIYCi
    K47/GDEI2M2N4eS7T1ys0af1ZWsCAwEAAaNqMGgwDgYDVR0PAQH/BAQDAgWgMBMG
    A1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwMwYDVR0RBCwwKoIoKi5h
    cHBzLmNwLXRlc3RkZXYtMDEua2Nsb3VkLmNsb3VkZXJhLmNvbTANBgkqhkiG9w0B
    AQsFAAOCAQEAWevkzYTas2rrkU6ac9JmhGoFXwvoOb0cFl4oYfjQns0125/GnHVM
    Ddnm2556UJPvV8VB62bMVRuzuK68jAeKiFe91BHZtUzHVl5+wM9G2c08EvLHXhr/
    uEbq9xdx+ImBzsXF0qz79JZ1fgnXMJkNUZhkft84+BfqSM+m8swZb2sKjk7UnmpK
    vn8VyYOJMZLBG3QahpQC/8hXiylVWpHzJBe428dpPSoWCbW0ttyQNIQ5AdXKwJmF
    SgHtnbo39eBzXoW9l9K9au/YtBO/YH12aOW4Qejt8eqwDLtDBLLiMid/2MpkuJ4u
    6fYWHPd/vtU0BvmwPdeeP7DmFDxLpTyozg==
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIIC7TCCAdWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtpbmdy
    ZXNzLW9wZXJhdG9yQDE1OTAyNDkwMTYwHhcNMjAwNTIzMTU1MDE2WhcNMjIwNTIz
    MTU1MDE3WjAmMSQwIgYDVQQDDBtpbmdyZXNzLW9wZXJhdG9yQDE1OTAyNDkwMTYw
    ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPyTONDp5bdb2rSeAnzZgD
    SwbtVjw6FUJFqro7zssX9iVkP+L+MvnJ+yyeYM9GoZlBPl3NY3FC+XTby6SlIOmn
    jRhDYtfYSdewW0X8dz5ISCsbJMTI4Zi/QFphYKZ1IyDYNAR245inQti84ZOpl0/b
    fXRiIostJ+msKDdR+JMhim4Ha/hkXuoP4SHYGoZEJsdGPhMenGnSt10NKgEqngeY
    pzTGPo4M2bql1lmaV7+xBiaOuC/FTlvZPfnOgSGzJCPVGduwXWxCW6Yq9taubhdD
    bJyOYml4tUfnUA3A5D7ZV+W5vgSWAV1j+9VfGQFf32rzNGClVEWdIqCk7DnYtNF/
    AgMBAAGjJjAkMA4GA1UdDwEB/wQEAwICpDASBgNVHRMBAf8ECDAGAQH/AgEAMA0G
    CSqGSIb3DQEBCwUAA4IBAQBnemy4qXb5orXcJ7JT3x9H4WipqJFyltfYIkseuuQj
    Z3+OQwWBEkhls/RdGmcxPjNF6DEiJCFzza30UNPsEVrJW+UEsbnDZKPUP2Ylijpn
    PpBFRcriTAOosdnDzwUh1GLF0y2ZfJg694cCzTeUezR27Pyk7RzzPYbJQ1h8rrNW
    0Okxa0D6QVreob7QKkDHLIs5i+gJ3pJGSf1u7mvLbFHZOZE2QyzcySFm/7SSDK73
    fBJ9XXiJUN3gmf8LxNzVA5OEJ3apo+GKoKY9bh00KQolMw71SmoXr4kO1LDwvdXI
    TCYmlxLtj6TTcnDtDnwmU6izHM3SJnDDlJnqPLPfJeS3
    -----END CERTIFICATE-----
  3. Enter the CDP CLI call as follow:
    cdp iam update-ldap-provider --cli-input-json <file://1.json> --endpoint-url <https://console-test-cdpb755.apps.cp-testdev-01.kcloud.cloudera.com/api/v1> --ca-bundle cert-chain --debug

CDP Private Cloud does not support StartTLS for LDAP

Problem: Currently, CDP Private Cloud does not support StartTLS for LDAP.

Workaround:Use LDAPS.

No support for trailing slashes in Vault configuration

Problem: Using a trailing slash in the Vault configuration causes an issue in the node.js vault client. As a result, CDP Private Cloud does not support trailing slashes in the Vault configuration.

Workaround:Do not use trailing slashes in Vault configuration.

No support for LDAP servers with referral support

Problem: Currently, CDP Private Cloud does not support LDAP servers with referral support.

Workaround:None.

Only LDAP users can access data from workloads

Access to data is governed by corporate AD/LDAP and Kerberos. Local users and Machine users are a control plane only concept and do not have any representation in the corp systems, and therefore cannot access data when being used from workloads.

DNS resolutions failing on OpenShift

Problem: DNS errors can occur when the OpenShift environment is slightly loaded.

Workaround:
  • Try to keep the number of namespaces below 100.
  • If you hit a peak and start seeing failures, perform a cleanup. For a complete recovery, delete all pods in OpenShift DNS (openshift-dns) namespace.

Rotating TLS certificates on base cluster will cause all environments to be unusable

Problem: If you rotate the AutoTLS certificates on the base cluster, you will no longer be able to use your environments.

Workaround: None.

Help links in the Management Console point to wrong content

Problem: Help links in the current release of CDP Private Cloud Management Console point to the wrong content. In addition Help links for CLI and Community are not activated.

Workaround: None. This will be fixed in the next release.

Kerberos service does not always handle Cloudera Manager downtime

Problem: The Cloudera Manager Server in the base cluster must be running to generate Kerberos principals for CDP Private Cloud. If there is downtime, you might observe Kerberos-related errors.

Workaround:

Aborting a CDP Private Cloud install and retry produces a Vault an error

Problem: During installation, if you abort the install operation or retry the installation operation, the installation will fail with an error that the Vault proejct was not cleaned up.

Workaround: Go to the OpenShift console and delete <cdp-namespace>-vault, then try to install again.