Known Issues in Streams Messaging
Learn about the known issues in Streams Messaging clusters, the impact or changes to the functionality, and the workaround.
Learn about the known issues and limitations in Kafka in this release:
- Topics created with the
kafka-topicstool are only accessible by the user who created them when the deprecated
--zookeeperoption is used
- By default all created topics are secured. However, when topic
creation and deletion is done with the kafka-topics tool using the
--zookeeperoption, the tool talks directly to Zookeeper. Because security is the responsibility of ZooKeeper authorization and authentication, Kafka cannot prevent users from making ZooKeeper changes. As a result, if the
--zookeeperoption is used, only the user who created the topic will be able to carry out administrative actions on it. In this scenario Kafka will not have permissions to perform tasks on topics created this way.
--bootstrap-serveroption that does not require direct access to Zookeeper.
- Certain Kafka command line tools require direct access to Zookeeper
- The following command line tools talk directly to ZooKeeper and
therefore are not secured via Kafka:
offsets.topic.replication.factorproperty must be less than or equal to the number of live brokers
offsets.topic.replication.factorbroker configuration is now enforced upon auto topic creation. Internal auto topic creation will fail with a
GROUP_COORDINATOR_NOT_AVAILABLEerror until the cluster size meets this replication factor requirement.
- Requests fail when sending to a nonexistent topic with
auto.create.topics.enableset to true
- The first few
producerequests fail when sending to a nonexistent topic with
auto.create.topics.enableset to true.
- Increase the number of retries in the producer
- Custom Kerberos principal names cannot be used for kerberized ZooKeeper and Kafka instances
- When using ZooKeeper authentication and a custom Kerberos principal, Kerberos-enabled Kafka does not start. You must disable ZooKeeper authentication for Kafka or use the default Kerberos principals for ZooKeeper and Kafka.
- KAFKA-2561: Performance degradation when SSL Is enabled
- In some configuration scenarios, significant performance degradation can occur when SSL is enabled. The impact varies depending on your CPU, JVM version, Kafka configuration, and message size. Consumers are typically more affected than producers.
- Configure brokers and clients with
ssl.secure.random.implementation = SHA1PRNG. It often reduces this degradation drastically, but its effect is CPU and JVM dependent.
- OPSAPS-43236: Kafka garbage collection logs are written to the process directory
- By default Kafka garbage collection logs are written to the agent process directory. Changing the default path for these log files is currently unsupported.
- OPSAPS-63640: Monitoring a high number of Kafka producers might cause Cloudera Manager to slow down and run out of memory
- This issue has two workarounds. You can either configure a
Kafka producer metric allow list or completely disable producer metrics.
- Configure a Kafka producer metric allow list:A producer metric allow list can be configured by adding the following properties to Kafka Broker Advanced Configuration Snippet (Safety Valve) for kafka.properties.
producer.metrics.whitelist.enabled=true producer.metrics.whitelist=[***ALLOW LIST REGEX***]
Replace [***ALLOW LIST REGEX***] with a regular expression matching the
client.idof the producers that you want to add to the allow list. This regular expression uses the
java.util.regex.Patternclass to compile the regular expression, and uses the
match()method on the
client.idto determine whether it fits the regular expression.
Once configured, the metrics of producers whose
client.iddoes not match the regular expression provided in
producer.metrics.whitelistare filtered.Kafka no longer reports these metrics through the HTTP metrics endpoint. Additionally, existing metrics of the producers whose
client.iddoes not match the regular expression are deleted.
Because the allow list filters metrics based on the
client.idof the producers, you must ensure that the
client.idproperty is specified in each producer's configuration. Automatically generated client IDs might cause the number of unnecessary metrics to increase even if an allow list is configured.
- Completely disable producer metrics:
Producer metrics can be completely disabled by unchecking the Enable Producer Metrics Kafka service property.
- Configure a Kafka producer metric allow list:
- Collection of Partition Level Metrics May Cause Cloudera Manager’s Performance to Degrade
If the Kafka service operates with a large number of partitions, collection of partition level metrics may cause Cloudera Manager's performance to degrade.If you are observing performance degradation and your cluster is operating with a high number of partitions, you can choose to disable the collection of partition level metrics.Complete the following steps to turn off the collection of partition level metrics:
- Obtain the Kafka service name:
- In Cloudera Manager, Select the Kafka service.
- Select any available chart, and select Open in Chart Builder from the configuration icon drop-down.
$SERVICENAME=near the top of the display.The Kafka service name is the value of
- Turn off the collection of partition level metrics:
- Go to .
- Find and configure the Cloudera Manager Agent Monitoring Advanced
Configuration Snippet (Safety Valve) configuration
property.Enter the following to turn off the collection of partition level metrics:
[KAFKA_SERVICE_NAME]with the service name of Kafka obtained in step 1. The service name should always be in lower case.
- Click Save Changes.
- Obtain the Kafka service name:
There are no known issues for Schema Registry in this release.
Streams Messaging Manager
- CDPD-39826: The Restart button for the ConnectorTasks is permanently disabled
- On the ConnectorDetails page, the Restart button for the tasks within the connector is permanently disabled.
- Restart the whole Connector.
- CDPD-36422: 1MB flow.snapshot freezes Safari
- While importing large connector configurations, flow.snapshots reduces the usability of the Streams Messaging Manager when using Safari browser.
- Use a different browser (Chrome/Firefox/Edge).
- OPSAPS-59553: SMM's bootstrap server config should be updated based on Kafka's listeners
- SMM does not show any metrics for Kafka or Kafka Connect when multiple listeners are set in Kafka.
- SMM cannot identify multiple listeners and still points to bootstrap server using the default broker port (9093 for SASL_SSL). You would have to override bootstrap server URL (hostname:port as set in the listeners for broker). Add the bootstrap server details in SMM safety valve in the following path:
streams.messaging.manager.kafka.bootstrap.servers=<comma-separated list of brokers>
- OPSAPS-59597: SMM UI logs are not supported by Cloudera Manager
- Cloudera Manager does not support the log type used by SMM UI.
- View the SMM UI logs on the host.
Streams Replication Manager
Learn about the known issues and limitations in Streams Replication Manager in this release:
- CDPD-22089: SRM does not sync re-created source topics until the offsets have caught up with target topic
- Messages written to topics that were deleted and re-created are not replicated until the source topic reaches the same offset as the target topic. For example, if at the time of deletion and re-creation there are a 100 messages on the source and target clusters, new messages will only get replicated once the re-created source topic has 100 messages. This leads to messages being lost.
- CDPD-30275: SRM may automatically re-create deleted topics on target clusters
auto.create.topics.enableis enabled, deleted topics might get automatically re-created on target clusters. This is a timing issue. It only occurs if remote topics are deleted while the replication of the topic is still ongoing.
- Remove the topic from the topic allowlist with
srm-control. For example:
srm-control topics --source [SOURCE_CLUSTER] --target [TARGET_CLUSTER] --remove [TOPIC1]
- Wait until SRM is no longer replicating the topic.
- Delete the remote topic in the target cluster.
- Remove the topic from the topic allowlist with
- SRM cannot replicate Ranger authorization policies to or from Kafka clusters
- Due to a limitation in the Kafka-Ranger plugin, SRM cannot
replicate Ranger policies to or from clusters that are configured to use Ranger for
authorization. If you are using SRM to replicate data to or from a cluster that uses
Ranger, disable authorization policy synchronization in SRM. This can be achieved by
clearing the Sync Topic Acls Enabled
There are no known issues for Cruise Control in this release.