Known Issues and Workarounds in Cloudera Navigator Data Management
The sections below provide information about current known issues in Cloudera Navigator data management component.
Access, Login, or Cloudera Navigator Console Issues
Cloudera Navigator console page display blocked
The Roboto font used in some of the Cloudera Navigator console text is transparently loaded by the console from Google CDN (content delivery network) https://fonts.googleapis.com/ and https://fonts.gstatic.com. If the network environment prevents access to and from these paths, the Cloudera Navigator console cannot load the font, the page hangs, and the console becomes unusable
- For environments that limit access to and from the public internet, modify the firewall configuration to allow traffic from https://fonts.googleapis.com/ and https://fonts.gstatic.com.
- For environments that restrict access and do not want to allow traffic from the font CDN, modify the firewall configuration to reject access attempts immediately.
- For environments with no DNS access to the public internet, the only workarounds are to obtain the Roboto font and install locally, or hosting your own internal font CDN with fonts from https://fonts.googleapis.com/ and https://fonts.gstatic.com obtained from another network.
Fixed in versions: 5.12 (2.11)
Internet Explorer 11 document mode issue
When using Microsoft Internet Explorer 11 to access the Cloudera Navigator console, the login page does not display properly due to an issue with that browser's Compatibility View and certain document modes (see the Microsoft Technet article for details). As of Cloudera Navigator 2.10.1, a warning prompt now displays if the Internet Explorer's document mode is set to IE7 or lower, to alert you to the issue, but prior releases display a blank page rather than the login page.
Workaround: Open the Compatibility View Settings (under the Internet Explorer options menu) and remove the setting for the domain or website. Or use another browser to access the Cloudera Navigator console. Supported browsers include Mozilla Firefox, Google Chrome, or Microsoft Edge.
Fixed in versions: 5.11.1 (2.10.1)
Error message ("not authorized") when logging in
The Cloudera Navigator console saves the state of the last URL accessed when you log out, and opens the same page at your next login. If two different users log in to Navigator using the same browser tab, the state of the first user applies to the second. If the second user does not have permissions to that section of the page, that user receives an error message.
Workaround: Close the browser tab and log in on a new tab. The state is cleared, and the access error message does not appear.
Fixed in versions: 5.11 (2.10)
Cloudera Manager Configuration Issues
Overriding safety valve settings disables audit and lineage features
Customers or third party applications such as Unravel may require that hive.exec.post.hooks is configured in a HiveServer2 safety valve. Cloudera Manager will comment out the hive.exec.post.hooks value that is configured if audit or lineage is enabled for Hive. The safety valve content shows the commented code:
<!--'hive.exec.post.hooks', originally set to 'com.cloudera.navigator.audit.hive.HiveExecHookContext,org.apache.hadoop.hive.ql.hooks.LineageLogger' (non-final), is overridden below by a safety valve-->
This automated change disables Navigator's auditing and lineage features without notification.
To work around this problem, edit the HiveServer2 safety valve to enable the Navigator entries.
AWS and Amazon S3
Update AWS Credentials from the same AWS account
After configuring Cloudera Navigator with a specific set of AWS Credentials for Amazon S3, any future changes to the credentials (for example, if you rotate credentials on a regular basis) must be for the same AWS account (IAM user). Changing the AWS Credentials to those of a different IAM user results in errors from the Amazon Simple Queue Service (used transparently by Cloudera Navigator).
Workaround: If a new key is provided to Cloudera Navigator, the key must belong to the same AWS account as the prior key.
Unnamed folders on Amazon S3 not extracted
Unnamed folders on Amazon S3 are not extracted by Navigator, but the content of the folders is extracted. For example, a top-level folder the top level folder in the bucket has no name (for example, /bucket//folder/file), it is extracted as /bucket/folder/file.
Implicit folders are not marked as deleted
If an implicit folder is deleted in Amazon S3, it does not appear as deleted in Cloudera Navigator console.
Workaround: To prevent folders deleted from Amazon S3 from appearing in Navigator Search results, include implicit:false in the search query.
Extraction delayed while Amazon S3 inconsistent
Inconsistencies that occur in AWS (for example, due to eventual consistency) can delay Navigator extraction of metadata and lineage from Amazon S3. When Cloudera Navigator detects an inconsistency, extraction may stop until the inconsistency is resolved in AWS. Cloudera Navigator will retry at the next scheduled extraction.
Data Stewardship Dashboard
Counts displayed in Dashboard and Search may differ
Counts for databases, tables, views, and other entities displayed in Cloudera Navigator Dashboard can differ from Search values for the same objects. The Dashboard displays data from the Navigator Audit Server, which contains actual counts captured continuously. On the other hand, Search (Solr) returns data that has been periodically extracted from HMS (Hive Metadata Server). Tables, databases, views, or other objects created or destroyed between extracts are not reflected in values displayed by Search (Solr), but they are contained in the audit data displayed in the Dashboard.
Tables Populated count reflects INSERT and UPDATE statements
The Tables Populated display widget in the Data Stewardship Dashboard reflects the number of times that a table has been loaded with data, such as through INSERT and UPDATE statements—not the number of unique tables loaded. For example, a single table to which data is added (through 6 INSERT statements) and that has also had 4 UPDATE statements submitted in the same period would report Tables Populated as 10.
Hive service configuration in auditing component
For Hive services, the auditing component does not support the "Shutdown" option for the "Queue Policy" property.
Hue service audit log and Unknown IP address
The IP address in a Hue service audit log displays as "unknown".
Changing auditing configuration for Hive or Hue requires restart
Whenever a change is made to a Hive service's audit configuration, Beeswax must be restarted so that the Hue service audit log can reflect the change.
Viewing Navigator tags in Hue overloads Metadata Server heap
When viewing Cloudera Navigator tags through Hue, Navigator uses more memory than usual and does not release the memory after logging out of Hue. Eventually, the calls between Hue and Navigator will occupy the majority of the heap space allocated to Navigator Metadata Server.
To work around this problem you may need to restart the Navigator Metadata Server periodically to clear the heap usage.
Navigator Metadata Server
Metadata Server log file and spurious error messages
Error: [main]: PWC6351: In TLD scanning, the supplied resource file:/usr/share/java/oracle-connector-java.jar does not exist.
Fixed in versions: 5.10
Policy specifications and cluster names affect purge
Policies cannot use cluster names in queries. Cluster name is a derived attribute and cannot be used as-is.
Workaround: When setting move actions for Cloudera Navigator, if there is only one cluster known to the Navigator instance, remove the clusterName clause.
curl '<nav-url>/api/v9/entities/?query=type%3Asource&limit=100&offset=0'Use the identity of the matching HDFS service for this cluster as the sourceId.
Purge appears suspended while extraction is running
When you issue a purge command, it does not start if extractors are running. During this time, the maintenance page indicates that maintenance tasks are not running. Once the extraction is complete and purge starts, it shows the status of the purge operations.
Spark Lineage Limitations and Requirements
- Lineage is produced only for data that is read/written and processed using the Dataframe and SparkSQL APIs. Lineage is not available for data that is read/written or processed using Spark's RDD APIs.
- Lineage information is not produced for calls to aggregation functions such as groupBy().
- The default lineage directory for Spark on Yarn is /var/log/spark/lineage. No process or user should write files to this directory—doing so can cause agent failures. In addition, changing the Spark on Yarn lineage directory has no effect: the default remains /var/log/spark/lineage.
Spark extractor enabled using safety valve deprecated
The Spark extractor included prior to CDH 5.11 and enabled by setting the safety valve, nav.spark.extraction.enable=true is being deprecated, and could be removed completely in a future release. If you are upgrading to CDH 5.11 from a deployment that had configured this safety valve, be sure to remove the setting when you upgrade.
Upgrade Issues and Limitations
Issues and limitations matrix by release
Before upgrading Cloudera Navigator, review these version-specific release notes:
|Upgrade||Limitations, requirements, preliminary tasks|
|2.10||2.10.1||Upgrading Cloudera Manager 5.11.0 (Cloudera Navigator 2.10) to Cloudera Manager 5.11.1 (Cloudera Navigator 2.10.1) results in failures by Navigator Audit Server to publish to Kafka. See Publishing to Kafka fails after upgrade for details and a workaround.|
|2.8 (and lower)||2.9 (and higher)||Upgrading to Cloudera Navigator 2.9 and higher (Cloudera Manager 5.10 and higher) can take a significant amount of time, depending on the size of the datadir. Before starting to upgrade to Cloudera Manager 5.10 (which automatically starts the upgrade to Cloudera Navigator 2.9), see Upgrading Cloudera Navigator Can be Extremely Slow. Briefly, in this release Solr indexing has been optimized to improve search speed. When the upgrade process completes and Cloudera Navigator services re-start, the Solr indexing upgrade automatically begins. No other actions can be performed until Solr indexing completes (progress message display during this process).|
|2.6 (and lower)||Any||The Cloudera Navigator Metadata Server requires an upgrade of data in the storage directory. See Upgrading Cloudera Navigator for details.|
|2.4.0, 2.4.1||2.4.2||After upgrading, requires manual modification to the HDFS extractor state file to change status of UNDELETE taskTypes from SUCCEEDED to FAILED. This manual process is required only for these specific releases listed. See Issues Fixed in Cloudera Navigator 2.4.2 for details.|
|Any||2.4 – 2.6||Cloudera Navigator 2.4 – 2.6 do not support JDK 1.6, so upgrade any instances of JDK 1.6 to JDK 1.7 or 1.8 before upgrading to these releases. See Java Development Kit Installation for details.|
|2.1||2.2||Cloudera Navigator 2.1 used the beta version of the Navigator Metadata Server policy engine. Policies created using that version are not retained during the upgrade.|
|2.0 (and lower)||2.1 (and higher)||The upgrade wizard for this upgrade path adds the Navigator Metadata Server to the Cloudera Manager cluster. The Navigator Metadata Server is new, and is not the same as the existing Navigator Audit Server database.|
|1.2||2.0||Cloudera Navigator 1.2 and Cloudera Navigator 2.0 have reached EOL (end of life) status and are no longer supported. There is no wizard for this upgrade path. Cloudera Navigator 2.0 required a clean install. The Navigator 1.2 Navigator Metadata Server was a beta release included with Cloudera Manager 5.0. The 1.2 version of the Navigator Metadata Server role must be removed before the cluster can be upgraded to Cloudera Navigator 2.0 (the roles are not compatible).|