Known Issues in Streams Messaging

Learn about the known issues in Streams Messaging clusters, the impact or changes to the functionality, and the workaround.


Learn about the known issues and limitations in Kafka in this release:

Known Issues

Topics created with the kafka-topics tool are only accessible by the user who created them when the deprecated --zookeeper option is used
By default all created topics are secured. However, when topic creation and deletion is done with the kafka-topics tool using the --zookeeper option, the tool talks directly to Zookeeper. Because security is the responsibility of ZooKeeper authorization and authentication, Kafka cannot prevent users from making ZooKeeper changes. As a result, if the --zookeeper option is used, only the user who created the topic will be able to carry out administrative actions on it. In this scenario Kafka will not have permissions to perform tasks on topics created this way.
Use kafka-topics with the --bootstrap-server option that does not require direct access to Zookeeper.
Certain Kafka command line tools require direct access to Zookeeper
The following command line tools talk directly to ZooKeeper and therefore are not secured via Kafka:
  • kafka-reassign-partitions
The offsets.topic.replication.factor property must be less than or equal to the number of live brokers
The offsets.topic.replication.factor broker configuration is now enforced upon auto topic creation. Internal auto topic creation will fail with a GROUP_COORDINATOR_NOT_AVAILABLE error until the cluster size meets this replication factor requirement.
Requests fail when sending to a nonexistent topic with auto.create.topics.enable set to true
The first few produce requests fail when sending to a nonexistent topic with auto.create.topics.enable set to true.
Increase the number of retries in the producer configuration setting retries.
Custom Kerberos principal names cannot be used for kerberized ZooKeeper and Kafka instances
When using ZooKeeper authentication and a custom Kerberos principal, Kerberos-enabled Kafka does not start. You must disable ZooKeeper authentication for Kafka or use the default Kerberos principals for ZooKeeper and Kafka.
KAFKA-2561: Performance degradation when SSL Is enabled
In some configuration scenarios, significant performance degradation can occur when SSL is enabled. The impact varies depending on your CPU, JVM version, Kafka configuration, and message size. Consumers are typically more affected than producers.
Configure brokers and clients with = SHA1PRNG. It often reduces this degradation drastically, but its effect is CPU and JVM dependent.
OPSAPS-43236: Kafka garbage collection logs are written to the process directory
By default Kafka garbage collection logs are written to the agent process directory. Changing the default path for these log files is currently unsupported.


Collection of Partition Level Metrics May Cause Cloudera Manager’s Performance to Degrade

If the Kafka service operates with a large number of partitions, collection of partition level metrics may cause Cloudera Manager's performance to degrade.

If you are observing performance degradation and your cluster is operating with a high number of partitions, you can choose to disable the collection of partition level metrics.
Complete the following steps to turn off the collection of partition level metrics:
  1. Obtain the Kafka service name:
    1. In Cloudera Manager, Select the Kafka service.
    2. Select any available chart, and select Open in Chart Builder from the configuration icon drop-down.
    3. Find $SERVICENAME= near the top of the display.
      The Kafka service name is the value of $SERVICENAME.
  2. Turn off the collection of partition level metrics:
    1. Go to Hosts > Hosts Configuration.
    2. Find and configure the Cloudera Manager Agent Monitoring Advanced Configuration Snippet (Safety Valve) configuration property.
      Enter the following to turn off the collection of partition level metrics:
      Replace [KAFKA_SERVICE_NAME] with the service name of Kafka obtained in step 1. The service name should always be in lower case.
    3. Click Save Changes.

Schema Registry

Learn about the known issues in Schema Registry in this release.

CDPD-29663: Error while connecting topic with schema in Atlas
When Atlas integration is enabled for Schema Registry but there is no Kafka topic with the same name as the schema then an error will be logged in the schema registry logs. The status of the record in the atlas_events table will also be set to failed. This can be ignored because the status was actually successful. The issue will be fixed in CDP 7.2.13.
CDPD-29465: SR Confluent API's /compatibility endpoint returns invalid payload
Confluent-compatible API /compatibility returns an invalid payload. The field compatible cannot be parsed, it must be is_compatible. The issue will be fixed in CDP 7.2.13.

Streams Messaging Manager

Learn about the known issues in Streams Messaging Manager in this release.
CDPD-28002: The Cluster Replications tab is missing from the SMM UI

By default the Cluster Replications tab is visible in the SMM UI when the SMM and SRM services are integrated with each other. However, due to an issue with one of the SMM Knox rewrite rules, the Cluster Replications tab is not rendered in the SMM UI. As a result of this, the Cluster Replications tab cannot be accessed in the UI and replication related metrics cannot be viewed.

Manually update the rewrite.xml file.
  1. SSH into the DataHub host where the Knox Gateway Service is located.
  2. Go to /opt/cloudera/parcels/CDH/lib/knox/data/services/smm-ui/2.1.0/.

    The rewrite.xml file is located in this directory.

  3. Edit the rewrite.xml file.
    You must add two entries. These are as follows:
    • Nest the following <rule> element under the <rules> element.
      <rule dir="OUT" name="SMM-UI/smm-ui/outbound/apiV2">
              <rewrite template="{$frontend[path]}/smm-ui/api/v2/admin/"/>
    • Nest the following <apply> element under the <content type="application/javascript"> element.
    • <apply path="/api/v2/admin/" rule="SMM-UI/smm-ui/outbound/apiV2" />
  4. Restart Knox.
OPSAPS-59553: SMM's bootstrap server config should be updated based on Kafka's listeners
SMM does not show any metrics for Kafka or Kafka Connect when multiple listeners are set in Kafka.
SMM cannot identify multiple listeners and still points to bootstrap server using the default broker port (9093 for SASL_SSL). You would have to override bootstrap server URL (hostname:port as set in the listeners for broker). Add the bootstrap server details in SMM safety valve in the following path:
Cloudera Manager > SMM > Configuration > Streams Messaging Manager Rest Admin Server Advanced Configuration Snippet (Safety Valve) for streams-messaging-manager.yaml > Add the following value for bootstrap servers > Save Changes > Restart SMM:
streams.messaging.manager.kafka.bootstrap.servers=<comma-separated list of brokers>
OPSAPS-59597: SMM UI logs are not supported by Cloudera Manager
Cloudera Manager does not support the log type used by SMM UI.
View the SMM UI logs on the host.
OPSAPS-59828: SMM cannot connect to Schema Registry when TLS is enabled
When TLS is enabled, SMM by default cannot properly connect to Schema Registry.As a result, when viewing topics in the SMM Data Explorer with the deserializer key or value set to Avro, the following error messages are shown:
  • Error deserializing key/value for partition [***PARTITION***] at offset [***OFFSET***]. If needed, please seek past the record to continue consumption.
  • Failed to fetch value schema versions for topic : '[***TOPIC**]'.
In addition, the following certificate error will also be present the SMM log:
  • PKIX path building failed:...
Additional security properties must be set for SMM.
  1. In Cloudera Manager, select the SMM service.
  2. Go to Configuration.
  3. Find and configure the SMM_JMX_OPTS property.

    Add the following JVM SSL properties:


Streams Replication Manager

Learn about the known issues and limitations in Streams Replication Manager in this release:

Known Issues
CDPD-22089: SRM does not sync re-created source topics until the offsets have caught up with target topic
Messages written to topics that were deleted and re-created are not replicated until the source topic reaches the same offset as the target topic. For example, if at the time of deletion and re-creation there are a 100 messages on the source and target clusters, new messages will only get replicated once the re-created source topic has 100 messages. This leads to messages being lost.
CDPD-30275: SRM may automatically re-create deleted topics on target clusters
If auto.create.topics.enable is enabled, deleted topics might get automatically re-created on target clusters. This is a timing issue. It only occurs if remote topics are deleted while the replication of the topic is still ongoing.
  1. Remove the topic from the topic allowlist with srm-control. For example:
    srm-control topics --source [SOURCE_CLUSTER] --target [TARGET_CLUSTER] --remove [TOPIC1]
  2. Wait until SRM is no longer replicating the topic.
  3. Delete the remote topic in the target cluster.
SRM cannot replicate Ranger authorization policies to or from Kafka clusters
Due to a limitation in the Kafka-Ranger plugin, SRM cannot replicate Ranger policies to or from clusters that are configured to use Ranger for authorization. If you are using SRM to replicate data to or from a cluster that uses Ranger, disable authorization policy synchronization in SRM. This can be achieved by clearing the Sync Topic Acls Enabled (sync.topic.acls.enabled) checkbox.