Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Upgrading Individual Components Post HDP 3.1.5

avatar
author-rank Eric_B
Rising Star

Created on ‎08-25-2021 07:56 AM - last edited on ‎08-25-2021 06:51 PM by Moderator

The components in HDP 3.1.5 is outdated and lack key security functionality.

 

Grafana is running v6.4.2, but has a major security issue that was patched in future releases: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/

Infra Solr is running SOLR 7.7 and haa a RCE vulnerability. This was patched in SOLR 8.3, which is not part of InfraSolr.

 

Zookeeper packaged is 3.4.6, but SSL implementation was add in 3.5.5

 

I saw some questions talking about "Patch Upgrades" but is there a guide to upgrading individual components in a cluster via Ambari or however? 

3,211 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank Shifu author-rank
Expert Contributor

Created ‎08-31-2021 08:04 PM

If I installed a later version of Zookeeper (for example), would ambari recognize that later version in it's management? Or would it exist in parallel with the version of Zookeeper packaged with 3.1.5?

 

> You have to install zookeeper or any component via Ambari only, if you install it manually(via yum or apt) in the server ambari will not recognize or it will not consider it.

 

Grafana is running v6.4.2, but has a major security issue that was patched in future releases: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/
Infra Solr is running SOLR 7.7 and has an RCE vulnerability. This was patched in SOLR 8.3, which is not part of Ambari 2.7.5's InfraSolr.
Zookeeper packaged is 3.4.6, but SSL implementation was added in 3.5.5

 

> As mentioned already please create a support case with Cloudera along with the vulnerability CVE number so we can check with our team and confirm whether our product is vulnerable to the security concern or not. If it is so we can provide a patch to overcome it.

 

If you are happy with the comment, Mark it "Accept as Solution".

View solution in original post

3,142 Views
0 Kudos
0
6 REPLIES 6

avatar
author-rank Shifu author-rank
Expert Contributor

Created ‎08-31-2021 01:36 AM

Hi @Eric_B 

 

I saw some questions talking about "Patch Upgrades" but is there a guide to upgrading individual components in a cluster via Ambari or however?
> You may not able to upgrade individual components via Ambari. You can either install a component or you can upgrade to the next available HDP 3.X version but I can see you are in the latest 3.1.5 version.

 

If you felt your Hadoop components have a particular vulnerability issue. Please feel free to raise a case with Cloudera so we will check and clarify the same. If the vulnerability is legitimate and could cause harm to your infrastructure we can provide a patch to the issue. In that way, you can overcome it.


If you are happy with the comment, Mark it Accepts as Solution.

3,172 Views
0 Kudos

avatar
author-rank Eric_B
Rising Star

Created ‎08-31-2021 05:45 AM

Hi @Shifu 

 

Thanks for the response! Regarding something you posted:
"You can either install a component or you can upgrade to the next available HDP 3.X version but I can see you are in the latest 3.1.5 version."

 

If I installed a later version of Zookeeper (for example), would ambari recognize that later version in it's management? Or would it exist in parallel with the version of Zookeeper packaged with 3.1.5?

 

The current big security issues I see I've listed in the original question. Is there a contact form?

 

3,162 Views
0 Kudos

avatar
author-rank Shifu author-rank
Expert Contributor

Created ‎08-31-2021 08:04 PM

If I installed a later version of Zookeeper (for example), would ambari recognize that later version in it's management? Or would it exist in parallel with the version of Zookeeper packaged with 3.1.5?

 

> You have to install zookeeper or any component via Ambari only, if you install it manually(via yum or apt) in the server ambari will not recognize or it will not consider it.

 

Grafana is running v6.4.2, but has a major security issue that was patched in future releases: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/
Infra Solr is running SOLR 7.7 and has an RCE vulnerability. This was patched in SOLR 8.3, which is not part of Ambari 2.7.5's InfraSolr.
Zookeeper packaged is 3.4.6, but SSL implementation was added in 3.5.5

 

> As mentioned already please create a support case with Cloudera along with the vulnerability CVE number so we can check with our team and confirm whether our product is vulnerable to the security concern or not. If it is so we can provide a patch to overcome it.

 

If you are happy with the comment, Mark it "Accept as Solution".

3,143 Views
0 Kudos
0

avatar
author-rank Eric_B
Rising Star

Created ‎09-01-2021 06:51 AM

Ok, I think I understand.

 

I CAN install secure versions of these components, but that would be separate from Ambari and would sacrifice that level of control and maintenance. In order to get Ambari and these more secure components, I'll need to reach out to Cloudera for a private hotfix version or to upgrade off of HDP.

 

Thank you for the clarification.

3,121 Views
0 Kudos

avatar
author-rank VidyaSargur author-rank
Community Manager

Created ‎09-01-2021 10:06 PM

@Eric_B, if the reply helped resolve your issue,  can you kindly please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future.


Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
3,099 Views
0 Kudos

avatar
author-rank Shifu author-rank
Expert Contributor

Created ‎09-01-2021 11:44 PM

@Eric_B 

Yes, your understanding is correct.

3,091 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements