Known Issues for HDP 2.2.9
HDP 2.2.9 has the following known issues, scheduled for resolution in a future release. Where available, a workaround has been provided.
| Hortonworks Bug ID | Apache JIRA | Component | Summary |
|---|---|---|---|
| BUG-36601 | HBase |
Scanner keyvalue size / partial results Issue: In 2.2 clusters, setting "hbase.client.scanner.max.result.size" differently on the client side or server side might result in missed data from large scans because the scanner might wrongly assume region is exhausted before the region boundary is reached. Additionally, the result size calculation might be different if cell level tags are used even if "hbase.client.scanner.max.result.size" is the same between 2.2 and 2.3 clusters. This issue also affects rolling upgrades between 2.2 and 2.3 clusters, where a 2.2 client might miss data in a large scan when rolling upgrading or talking to 2.3 servers. As a protection, 2.3 does not set "hbase.client.scanner.max.result.size" by default. Workaround: Do not use partial scan results to be returned (by not setting "hbase.client.scanner.max.result.size") is recommended. | |
| BUG-38980 | HBASE-14223 | HBase |
Meta WALs are not split or cleared Issue: In case a meta region gets moved from one region server to another region server, the write ahead logs for the meta table might be left in the HDFS directory for the regionserver if that particular regionserver fails. This might leave the WAL files in that directory until they are removed manually, and also may result in the previous regionservers to be listed as "dead regionservers" in the master UI indefinitely. However, this is harmless and does not cause any data loss other operational issues in HBase. |
| BUG-40259 | Ranger |
Issue: Upgrade to HDP 2.2.6 breaks usersync. Details: Ranger in HDP 2.2.6 introduced
authentication between usersync and the admin REST API. If you upgrade to HDP 2.2.6,
there will be a previous version of
Workaround:
| |
| BUG-42084 | Hive | Prevent misconfiguration when StorageBasedAuthorization is set on hive.security.authorization.manager | |
| BUG-42498 | HDFS-8999 | HDFS | Block received messages put heavy load on namenode |
| BUG-42569 | HIVE-10022 | Hive | Create database [db_name] location /tmp/[db_name].db' via beeline throws [hrt_qa] does not have [WRITE] privilege although hive.server2.enable.doAs=false when Ranger or StdAuth is on |
| BUG-42937 | HDFS-8864 | HDFS | Padding is needed in remaining space check |
| BUG-42938 | HDFS-8871 | HDFS | Decommissioning of a node with a failed volume may not start |
| BUG-42939 | HDFS-8870 | HDFS | Lease is leaked on write failure |
| BUG-43023 | HDFS | dfs.datanode.du.reserved is not considered while computing available space | |
| BUG-43583 | SLIDER-931 | Slider | test_runintegrationtestzkandfspermissions failed on HBase-Slider |
| BUG-43773 | Spark |
Issue: Spark: Fails to find table Details: Spark + Kerberos + yarn-cluster mode + remote hive meta store for SparkSQL does not work. Workaround: Try this with Spark + Kerberos + yarn-client mode for SparkSQL. | |
| BUG-43979 | YARN | RM UI prints ZK RM connection state="CONNECTED" , if >50% ZKs are disconnected from active RM | |
| BUG-44485 | Oozie | Oozie should invoke Hive/MR/Pig client API to setup caller context | |
| BUG-44538 | HBase | ExportSnapshot does not honor -chuser, -chgroup, -chmod options | |
| BUG-44732 | Oozie | Oozie should push workflow id information to ATS when a new workflow is instantiated | |
| BUG-45757 | Phoenix | Rows get "locked" and block Phoenix operations | |
| BUG-45759 | Phoenix | Build index error on phoenix | |
| BUG-46041 | TEZ-2902 | Tez | NPE if a container heartbeat fails before the task starts running |
| BUG-46313 | YARN | RM UI should be smarter on when and when not to use authentication | |
| BUG-46599 | HBase | HBase's ExportSnapshotTool requires hdfs user to trigger ExportSnapshot, but application fails with 'Requested user hdfs is banned' | |
| BUG-46660 | Hive | Log HiveConf on startup for metastore | |
| BUG-46661 | HIVE-11891 | Hive | Add basic performance logging to metastore calls |
| BUG-46663 | HIVE-11892 | Hive |
Local fetch task does not work with UDTF Workaround: Disable fetch task conversion if using a UDTF that forwards rows during GenericUDTF.close(). |
| BUG-46664 | Hive | Hive query execution failed complaining about absence of lock | |
| BUG-46726 | Hive | Select join tables fails in a case of there are ten thousand of orc files | |
| BUG-46886 | HADOOP-8830 | Tez | Standalone Tez UI is not accessible in Secure cluster |
| BUG-46983 | Hive | HDP 2.2.8 has hive.exec.parallel.* in confWhitelist, not including hive.exec.parallel | |
| BUG-47062 | HBase | ExportSnapshot with chown is not usable with current hdfs and yarn constraints | |
| BUG-47099 | Hive | Insert query on skewed table runs into MoveTask error in MR mode | |
| BUG-47226 | Hive | Join query returns different result with and without vectorization in Tez mode when all the entries are NaN | |
| BUG-47317 | Ranger, RelEng |
Ranger Admin failed to start after the stack upgrade from HDP 2.2.6 to HDP 2.2.9 in AMBARI 2.1.2.1 Issue: If Ranger service is not stopped prior to upgrade (using the old version) and started after upgrade (using the new version), you will encounter issue starting ranger service. Workaround: Change the permission for stop-ranger-admin.sh file (from root to user running ranger service). The service should start up fine. | |
| BUG-47472 | Hive | Query fails on ORC ppd on timestamp datatype on stripes with all null on the column | |
| BUG-47749 | HBASE-11617 | HBase | Cherry-pick HBASE-11617 |
| BUG-48274 | YARN | The RollingLevelDBTimelineStore in 2.2 does not work with JDK 1.6. Customers running JDK 1.6 should not run ATS (Application Timeline Server) with RollingLevelDBTimelineStore. | |
| BUG-48600, BUG-28507 | Ranger |
Issue: When Ranger is upgraded from version HDP
2.6.0.2.2.8.0-3150 to HDP-2.2.9.0-3350. After upgrade Ranger restart fails with
error of missing property in xa_system.properties file: Workaround: Add properties below given properties in xa_system.properties and Retry to start Ranger:
This should resolve the issue. | |
| BUG-50531 | Kafka |
Kafka file system support Issue: Encrypted file systems such as SafenetFS are not supported for Kafka. Index file corruption can occur. For more information, see: Install Kafka. |
| Technical Service Bulletin | Apache JIRA | Apache Component | Summary |
|---|---|---|---|
| TSB-405 | N/A | N/A |
Impact of LDAP Channel Binding and LDAP signing changes in Microsoft Active Directory Microsoft has introduced changes in LDAP Signing and LDAP Channel Binding to increase the security for communications between LDAP clients and Active Directory domain controllers. These optional changes will have an impact on how 3rd party products integrate with Active Directory using the LDAP protocol. Workaround Disable LDAP Signing and LDAP Channel Binding features in Microsoft Active Directory if they are enabled For more information on this issue, see the corresponding Knowledge article: TSB-2021 405: Impact of LDAP Channel Binding and LDAP signing changes in Microsoft Active Directory |
| TSB-406 | N/A | HDFS |
CVE-2020-9492 Hadoop filesystem bindings (ie: webhdfs) allows credential stealing WebHDFS clients might send SPNEGO authorization header to remote URL without proper verification. A maliciously crafted request can trigger services to send server credentials to a webhdfs path (ie: webhdfs://…) for capturing the service principal For more information on this issue, see the corresponding Knowledge article: TSB-2021 406: CVE-2020-9492 Hadoop filesystem bindings (ie: webhdfs) allows credential stealing |
| TSB-434 | HADOOP-17208, HADOOP-17304 | Hadoop |
KMS Load Balancing Provider Fails to invalidate Cache on Key Delete For more information on this issue, see the corresponding Knowledge article: TSB 2020-434: KMS Load Balancing Provider Fails to invalidate Cache on Key Delete |
| TSB-465 | N/A | HBase |
Corruption of HBase data stored with MOB feature For more information on this issue, see the corresponding Knowledge article: TSB 2021-465: Corruption of HBase data stored with MOB feature on upgrade from CDH 5 and HDP 2 |
| TSB-497 | N/A | Solr |
CVE-2021-27905: Apache Solr SSRF vulnerability with the Replication handler The Apache Solr ReplicationHandler (normally registered at "/replication" under a Solr core) has a "masterUrl" (also "leaderUrl" alias) parameter. The “masterUrl” parameter is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To help prevent the CVE-2021-27905 SSRF vulnerability, Solr should check these parameters against a similar configuration used for the "shards" parameter. For more information on this issue, see the corresponding Knowledge article: TSB 2021-497: CVE-2021-27905: Apache Solr SSRF vulnerability with the Replication handler |
| TSB-512 | N/A | HBase |
HBase MOB data loss HBase tables with the MOB feature enabled may encounter problems which result in data loss. For more information on this issue, see the corresponding Knowledge article: TSB 2021-512: HBase MOB data loss |