Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Upgrading Individual Components Post HDP 3.1.5

avatar
Rising Star

The components in HDP 3.1.5 is outdated and lack key security functionality.

 

Grafana is running v6.4.2, but has a major security issue that was patched in future releases: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/

Infra Solr is running SOLR 7.7 and haa a RCE vulnerability. This was patched in SOLR 8.3, which is not part of InfraSolr.

 

Zookeeper packaged is 3.4.6, but SSL implementation was add in 3.5.5

 

I saw some questions talking about "Patch Upgrades" but is there a guide to upgrading individual components in a cluster via Ambari or however? 

1 ACCEPTED SOLUTION

avatar
Expert Contributor

If I installed a later version of Zookeeper (for example), would ambari recognize that later version in it's management? Or would it exist in parallel with the version of Zookeeper packaged with 3.1.5?

 

> You have to install zookeeper or any component via Ambari only, if you install it manually(via yum or apt) in the server ambari will not recognize or it will not consider it.

 

Grafana is running v6.4.2, but has a major security issue that was patched in future releases: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/
Infra Solr is running SOLR 7.7 and has an RCE vulnerability. This was patched in SOLR 8.3, which is not part of Ambari 2.7.5's InfraSolr.
Zookeeper packaged is 3.4.6, but SSL implementation was added in 3.5.5

 

> As mentioned already please create a support case with Cloudera along with the vulnerability CVE number so we can check with our team and confirm whether our product is vulnerable to the security concern or not. If it is so we can provide a patch to overcome it.

 

If you are happy with the comment, Mark it "Accept as Solution".

View solution in original post

6 REPLIES 6

avatar
Expert Contributor

Hi @Eric_B 

 

I saw some questions talking about "Patch Upgrades" but is there a guide to upgrading individual components in a cluster via Ambari or however?
> You may not able to upgrade individual components via Ambari. You can either install a component or you can upgrade to the next available HDP 3.X version but I can see you are in the latest 3.1.5 version.

 

If you felt your Hadoop components have a particular vulnerability issue. Please feel free to raise a case with Cloudera so we will check and clarify the same. If the vulnerability is legitimate and could cause harm to your infrastructure we can provide a patch to the issue. In that way, you can overcome it.


If you are happy with the comment, Mark it Accepts as Solution.

avatar
Rising Star

Hi @Shifu 

 

Thanks for the response! Regarding something you posted:
"You can either install a component or you can upgrade to the next available HDP 3.X version but I can see you are in the latest 3.1.5 version."

 

If I installed a later version of Zookeeper (for example), would ambari recognize that later version in it's management? Or would it exist in parallel with the version of Zookeeper packaged with 3.1.5?

 

The current big security issues I see I've listed in the original question. Is there a contact form?

 

avatar
Expert Contributor

If I installed a later version of Zookeeper (for example), would ambari recognize that later version in it's management? Or would it exist in parallel with the version of Zookeeper packaged with 3.1.5?

 

> You have to install zookeeper or any component via Ambari only, if you install it manually(via yum or apt) in the server ambari will not recognize or it will not consider it.

 

Grafana is running v6.4.2, but has a major security issue that was patched in future releases: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/
Infra Solr is running SOLR 7.7 and has an RCE vulnerability. This was patched in SOLR 8.3, which is not part of Ambari 2.7.5's InfraSolr.
Zookeeper packaged is 3.4.6, but SSL implementation was added in 3.5.5

 

> As mentioned already please create a support case with Cloudera along with the vulnerability CVE number so we can check with our team and confirm whether our product is vulnerable to the security concern or not. If it is so we can provide a patch to overcome it.

 

If you are happy with the comment, Mark it "Accept as Solution".

avatar
Rising Star

Ok, I think I understand.

 

I CAN install secure versions of these components, but that would be separate from Ambari and would sacrifice that level of control and maintenance. In order to get Ambari and these more secure components, I'll need to reach out to Cloudera for a private hotfix version or to upgrade off of HDP.

 

Thank you for the clarification.

avatar
Community Manager

@Eric_B, if the reply helped resolve your issue,  can you kindly please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future.



Regards,

Vidya Sargur,
Community Manager


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:

avatar
Expert Contributor

@Eric_B 

Yes, your understanding is correct.