Known Issues Fixed in Cloudera Manager 4.5.2

— Embedded PostgreSQL database permissions are incorrect.

Fixed a security vulnerability where the credentials of the embedded database is world readable. This affects the Enterprise management services that use the embedded PostgreSQL database.You need to change the permissions for /etc/cloudera-scm-server/db.mgmt.properties to be 600.

Severity: High

Resolution: Fixed in Cloudera Manager 4.5.2

Workaround: Change the permissions on the file /etc/cloudera-scm-server/db.mgmt.properties:
chmod 600 /etc/cloudera-scm-server/db.mgmt.properties
If you have done a new install of Cloudera manager 4.5.2 this is not necessary, the correct permissions are in place.

— Enable short-circuit read to allow Impala 0.7 to with CDH 4.1.

In order for Impala beta 0.7 to work with CDH 4.1,after installation using Cloudera Manager, dfs.client.use.legacy.blockreader.local must be enabled via the Impala Daemon HDFS Safety Valve.

Note: If you upgrade to CDH4.2, you must remove this property.

Severity: Low

Resolution: Fixed in Cloudera Manager 4.5.2

Workaround: To configure Impala 0.7 to work with CDH4.1 under Cloudera Manager 4.5.1, you must add the following to the Impala Daemon HDFS Safety Valve:
<property>
  <name>dfs.client.use.legacy.blockreader.local</name>
  <value>true</value> 
</property> 
.

— Enabling the NameNode to bind to wildcard address does not work in Cloudera Manager 4.5.

In Cloudera Manager 4.5 enabling the NameNode to bind to wildcard address does not work for non-Highly Available and non-Federated HDFS. It works correctly if High Availability or Federated HDFS is configured.

Severity: Medium

Resolution: Fixed in Cloudera Manager 4.5.2

Workaround: Add the following to the NameNode hdfs-site safety valve:

<property>
    <name>dfs.namenode.rpc-address</name>
    <value>0.0.0.0:8020</value> 
</property> 

— HiveServer2 is missing the concurrency configuration.

HiveServer2 requires the "hive.support.concurrency" and "hive.zookeeper.quorum" properties to be configured, otherwise it can cause Hive data and metadata corruption. The Cloudera Manager Validator will warn if these properties are missing for HiveServer2 or for the service-wide safety valve.

Severity: High

Resolution: Fixed in Cloudera Manager 4.5.2.

Workaround:

Enable the lock manager by setting properties in the HiveServer2 Configuration Safety Valve, found under the Hive service Configuration tab, HiverServer 2 > Advanced settings. Set these as follows (substitute your actual ZooKeeper node names for those in the example):
<property>
  <name>hive.support.concurrency</name>
  <value>true</value> 
</property> 
<property> 
  <name>hive.zookeeper.quorum</name> 
  <value>zk1.myco.com,zk2.myco.com,zk3.myco.com</value> 
</property>

Note that this requires installing ZooKeeper and setting up a ZooKeeper ensemble, if you have not already done so.