Known issues in Streams Messaging

Learn about the known issues in Streams Messaging clusters, the impact or changes to the functionality, and the workaround.

Kafka

Learn about the known issues and limitations in Kafka in this release:

Known Issues

The offsets.topic.replication.factor property must be less than or equal to the number of live brokers
The offsets.topic.replication.factor broker configuration is now enforced upon auto topic creation. Internal auto topic creation will fail with a GROUP_COORDINATOR_NOT_AVAILABLE error until the cluster size meets this replication factor requirement.
None
Requests fail when sending to a nonexistent topic with auto.create.topics.enable set to true
The first few produce requests fail when sending to a nonexistent topic with auto.create.topics.enable set to true.
Increase the number of retries in the producer configuration setting retries.
KAFKA-2561: Performance degradation when SSL Is enabled
In some configuration scenarios, significant performance degradation can occur when SSL is enabled. The impact varies depending on your CPU, JVM version, Kafka configuration, and message size. Consumers are typically more affected than producers.
Configure brokers and clients with ssl.secure.random.implementation = SHA1PRNG. It often reduces this degradation drastically, but its effect is CPU and JVM dependent.
OPSAPS-43236: Kafka garbage collection logs are written to the process directory
By default Kafka garbage collection logs are written to the agent process directory. Changing the default path for these log files is currently unsupported.
None
CDPD-45183: Kafka Connect active topics might be visible to unauthorised users
The Kafka Connect active topics endpoint (/connectors/[***CONNECTOR NAME***]/topics) and the Connect Cluster page on the SMM UI disregard the user permissions configured for the Kafka service in Ranger. As a result, all active topics of connectors might become visible to users who do not have permissions to view them. Note that user permission configured for Kafka Connect in Ranger are not affected by this issue and are correctly applied.
None.
RANGER-3809: Idempotent Kafka producer fails to initialize due to an authorization failure
Kafka producers that have idempotence enabled require the Idempotent Write permission to be set on the cluster resource in Ranger. If permission is not given, the client fails to initialize and an error similar to the following is thrown:
org.apache.kafka.common.KafkaException: Cannot execute transactional method because we are in an error state
    at org.apache.kafka.clients.producer.internals.TransactionManager.maybeFailWithError(TransactionManager.java:1125)
    at org.apache.kafka.clients.producer.internals.TransactionManager.maybeAddPartition(TransactionManager.java:442)
    at org.apache.kafka.clients.producer.KafkaProducer.doSend(KafkaProducer.java:1000)
    at org.apache.kafka.clients.producer.KafkaProducer.send(KafkaProducer.java:914)
    at org.apache.kafka.clients.producer.KafkaProducer.send(KafkaProducer.java:800)
    .
    .
    .
Caused by: org.apache.kafka.common.errors.ClusterAuthorizationException: Cluster authorization failed.
Idempotence is enabled by default for clients in Kafka 3.0.1, 3.1.1, and any version after 3.1.1. This means that any client updated to 3.0.1, 3.1.1, or any version after 3.1.1 is affected by this issue.
This issue has two workarounds, do either of the following:
  • Explicitly disable idempotence for the producers. This can be done by setting enable.idempotence to false.
  • Update your policies in Ranger and ensure that producers have Idempotent Write permission on the cluster resource.
CDPD-49304: AvroConverter does not support composite default values
AvroConverter cannot handle schemas containing a STRUCT type default value.
None.
DBZ-4990: The Debezium Db2 Source connector does not support schema evolution
The Debezium Db2 Source connector does not support the evolution (updates) of schemas. In addition, schema change events are not emitted to the schema change topic if there is a change in the schema of a table that is in capture mode. For more information, see DBZ-4990.
None.

Limitations

Collection of Partition Level Metrics May Cause Cloudera Manager’s Performance to Degrade

If the Kafka service operates with a large number of partitions, collection of partition level metrics may cause Cloudera Manager's performance to degrade.

If you are observing performance degradation and your cluster is operating with a high number of partitions, you can choose to disable the collection of partition level metrics.
Complete the following steps to turn off the collection of partition level metrics:
  1. Obtain the Kafka service name:
    1. In Cloudera Manager, Select the Kafka service.
    2. Select any available chart, and select Open in Chart Builder from the configuration icon drop-down.
    3. Find $SERVICENAME= near the top of the display.
      The Kafka service name is the value of $SERVICENAME.
  2. Turn off the collection of partition level metrics:
    1. Go to Hosts > Hosts Configuration.
    2. Find and configure the Cloudera Manager Agent Monitoring Advanced Configuration Snippet (Safety Valve) configuration property.
      Enter the following to turn off the collection of partition level metrics:
      [KAFKA_SERVICE_NAME]_feature_send_broker_topic_partition_entity_update_enabled=false
      
      Replace [KAFKA_SERVICE_NAME] with the service name of Kafka obtained in step 1. The service name should always be in lower case.
    3. Click Save Changes.

Schema Registry

Learn about the known issues and limitations in Schema Registry in this release:

CDPD-49304: AvroConverter does not support composite default values
AvroConverter cannot handle schemas containing a STRUCT type default value.
None.
CDPD-58265: Schema Registry Client incorrectly applies SSL configuration
The Cloudera distributed Schema Registry Java client might fail to apply the SSL configurations correctly with concurrent access in Jersey clients due to a Jersey issue related to JDK.
Before using HttpsURLConnection in any form concurrently, call javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory() once in the custom client application.
CDPD-55381: Schema Registry issues authentication cookie for the authorized user, not for the authenticated one
When the authenticated user is different from the authorized user, which can happen when Schema Registry is used behind Knox, authorization issues can occur for subsequent requests as the authentication cookie in Schema Registry stores the authorized user.
Access Schema Registry directly, without using Knox, if possible. If not, ensure that the name of the end user that tries to connect does not begin with knox.
CDPD-60160: Schema Registry Atlas integration does not work with Oracle databases
Schema Registry is unable to create entities in Atlas if Schema Registry uses an Oracle database. The following will be present in the Schema Registry log if you are affected by this issue:
ERROR com.cloudera.dim.atlas.events.AtlasEventsProcessor: An error occurred while processing Atlas events.
java.lang.IllegalArgumentException: Cannot invoke com.hortonworks.registries.schemaregistry.AtlasEventStorable.setType on bean class 'class com.hortonworks.registries.schemaregistry.AtlasEventStorable' - argument type mismatch - had objects of type "java.lang.Long" but expected signature "java.lang.Integer"

This issue causes the loss of audit data on Oracle environments.

None.
CDPD-59015: Schema Registry does not create new versions of schemas even if the schema is changed
Schema Registry uses a schema fingerprinting mechanism to differentiate between schemas. However, fingerprinting does not take into consideration the schema attributes of the field type. As a result, if you have two schemas where the only difference is that one has type attributes defined and the other does not, they will be considered identical by Schema Registry. For example, the following schemas are considered identical:
#Schema V1
{"type":"record","name":"schema_name","namespace":"ns","fields":[{"name":"local_timestamp_micros_long","type":"long"}]}

#Schema V2
{"type":"record","name":"schema_name","namespace":"ns","fields":[{"name":"local_timestamp_micros_long","type":{"type":"long","logicalType":"local-timestamp-micros"}}]}

Notice that the only difference is that in the second schema, the local_timestamp_micros_long field has a logical type specified. In cases like this, the new version of the schema is not created, the initial version is used. This is true even if the data that is being produced has a new schema version. The ID of the first schema version is used and is put in the serialized record. The new schema version is not created.

This issue is common when using change data capture (CDC) connectors like the Debezium connectors. This is because CDC connectors create schemas with the logical type decimal based on the column type in the database schema. For example:
{"type":"record","name":"schema_name","namespace":"ns","fields":[{"name":"database_column","type":{"type":"bytes","logicalType":"decimal","precision":64,"scale":0}}]}
If the database schema changes (for example, the column type), it is possible that only scale changes, which is a schema attribute.
{"type":"record","name":"schema_name","namespace":"ns","fields":[{"name":"database_column","type":{"type":"bytes","logicalType":"decimal","precision":64,"scale":1}}]}
In this case, even though scale changed to 1, the first version of the schema is used where scale is 0. As a result, the data is consumed with the wrong scale.
Avoid using logical types or other attributes. Alternatively, ensure that there are no changes in the logical types or other attributes between schema versions.
OPSAPS-68708: Schema Registry might fail to start if a load balancer address is specified in Ranger
Schema Registry does not start if the address specified in the Load Balancer Address Ranger property does not end with a trailing slash (/).
Set the value of the RANGER_REST_URL Schema Registry environment variable to an address that includes a trailing slash.
  1. In Cloudera Manager, select the Schema Registry service.
  2. Go to Configuration.
  3. Find the Schema Registry Server Environment Advanced Configuration Snippet (Safety Valve) property and add the following:
    Key: RANGER_REST_URL
    Value: [***RANGER REST API URL***]
    Replace [***RANGER REST API URL***] with an address that can be used by Schema Registry to access Ranger. Ensure that the address ends with a trailing slash. For example: https://ranger-1.cloudera.com:6182/
  4. Restart the Schema Registry service.
CDPD-58949: Schemas are de-duplicated on import
On import, Schema Registry de-duplicates schema versions based on their fingerprints. This means that schemas which are considered functionally equivalent in SR get de-duplicated. As a result, some schema versions are not created, and their IDs do not become valid IDs in SR.
None.
CDPD-58990: getSortedSchemaVersions method orders by schemaVersionId instead of version number
On validation, Schema Registry orders schema versions based on ID instead of version number. In some situations, this can cause validation with the LATEST level to compare the new schema version to a non-latest version.

This situation can occur when an older version of a schema has a higher ID than the newer version of a schema, for example, when the older version is imported with an explicit ID.

None.

Streams Messaging Manager

Learn about the known issues and limitations in Streams Messaging Manager in this release.
CDPD-39313: Some numbers are not rendered properly in SMM UI
Very large numbers can be imprecisely represented on the UI. For example, bytes larger than 8 petabytes would lose precision.
None.
CDPD-45183: Kafka Connect active topics might be visible to unauthorised users
The Kafka Connect active topics endpoint (/connectors/[***CONNECTOR NAME***]/topics) and the Connect Cluster page on the SMM UI disregard the user permissions configured for the Kafka service in Ranger. As a result, all active topics of connectors might become visible to users who do not have permissions to view them. Note that user permission configured for Kafka Connect in Ranger are not affected by this issue and are correctly applied.
None.
OPSAPS-59553: SMM's bootstrap server config should be updated based on Kafka's listeners
SMM does not show any metrics for Kafka or Kafka Connect when multiple listeners are set in Kafka.
SMM cannot identify multiple listeners and still points to bootstrap server using the default broker port (9093 for SASL_SSL). You would have to override bootstrap server URL (hostname:port as set in the listeners for broker). Add the bootstrap server details in SMM safety valve in the following path:
Cloudera Manager > SMM > Configuration > Streams Messaging Manager Rest Admin Server Advanced Configuration Snippet (Safety Valve) for streams-messaging-manager.yaml > Add the following value for bootstrap servers > Save Changes > Restart SMM:
streams.messaging.manager.kafka.bootstrap.servers=<comma-separated list of brokers>
OPSAPS-59597: SMM UI logs are not supported by Cloudera Manager
Cloudera Manager does not support the log type used by SMM UI.
View the SMM UI logs on the host.

Limitations

CDPD-36422: 1MB flow.snapshot freezes safari
Importing large connector configurations/ flow.snapshots reduces the usability of the Streams Messaging Manager's Connector page when using Safari browser.
Use a different browser (Chrome/Firefox/Edge).

Streams Replication Manager

Learn about the known issues and limitations in Streams Replication Manager in this release:

Known Issues
CDPD-22089: SRM does not sync re-created source topics until the offsets have caught up with target topic
Messages written to topics that were deleted and re-created are not replicated until the source topic reaches the same offset as the target topic. For example, if at the time of deletion and re-creation there are a 100 messages on the source and target clusters, new messages will only get replicated once the re-created source topic has 100 messages. This leads to messages being lost.
None
CDPD-30275: SRM may automatically re-create deleted topics on target clusters
If auto.create.topics.enable is enabled, deleted topics might get automatically re-created on target clusters. This is a timing issue. It only occurs if remote topics are deleted while the replication of the topic is still ongoing.
  1. Remove the topic from the topic allowlist with srm-control. For example:
    srm-control topics --source [SOURCE_CLUSTER] --target [TARGET_CLUSTER] --remove [TOPIC1]
  2. Wait until SRM is no longer replicating the topic.
  3. Delete the remote topic in the target cluster.
CDPD-60426: Configuration changes are lost following a rolling restart of the service
In certain cases, SRM might fail to apply configuration updates if the service is restarted with a rolling restart. In a case like this, configuration changes are ignored without any warning or indication. This issue also affects rolling upgrades.
When restarting the service, use Actions > > Restart instead of Actions > > Rolling Restart after making configuration changes. When upgrading a cluster, ensure that SRM is not restarted with a rolling restart.
Limitations
SRM cannot replicate Ranger authorization policies to or from Kafka clusters
Due to a limitation in the Kafka-Ranger plugin, SRM cannot replicate Ranger policies to or from clusters that are configured to use Ranger for authorization. If you are using SRM to replicate data to or from a cluster that uses Ranger, disable authorization policy synchronization in SRM. This can be achieved by clearing the Sync Topic Acls Enabled (sync.topic.acls.enabled) checkbox.

Cruise Control

Learn about the known issues and limitations in Cruise Control in this release:

Rebalancing with Cruise Control does not work due to the metric reporter failing to report the CPU usage metric
On the Kafka broker, the Cruise control metric reporter plugin may fail to report the CPU usage metric.
If the CPU usage metric is not reported, the numValidWindows in Cruise Control will be 0 and proposal generation as well as partition rebalancing will not work. If this issue is present, the following message will be included in the Kafka logs:
WARN com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter:
          [CruiseControlMetricsReporterRunner]: Failed reporting CPU util.
java.io.IOException: Java Virtual Machine recent CPU usage is not
        available.
This issue is only known to affect Kafka broker hosts that have the following specifications:
  • CPU: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz
  • OS: Linux 4.18.5-1.el7.elrepo.x86_64 #1 SMP Fri Aug 24 11:35:05 EDT 2018 x86_64
  • Java version: 8-18
Move the broker to a different machine where the CPU is different. This can be done by performing a manual repair on the affected nodes. For more information, see the Data Hub documentation.
CDPD-47616: Unable to initiate rebalance, number of valid windows (NumValidWindows) is zero
If a Cruise Control rebalance is initiated with the rebalance_disk parameter and Cruise Control is configured to fetch metrics from Cloudera Manager (Metric Reporter is set to CM metrics reporter), Cruise Control stops collecting metrics from the partitions that are moved. This is because Cloudera Manager does not collect metrics from moved partitions due to an issue in Kafka (KAFKA-10320).

If the metrics are not available, the partition is considered invalid by Cruise Control. This results in Cruise Control blocking rebalance operations and proposal generation.

Configure Cruise Control to use to use the Cruise Control metrics reporter (default). This issue is not present if this metric reporter is used.
  1. In Cloudera Manager, select the Cruise Control service.
  2. Go to Configuration.
  3. Find the Metric Reporter property.
  4. Select the Cruise Control metrics reporter option.
  5. Restart the Cruise Control service.
OPSAPS-68148: Cruise Control rack aware goal upgrade handler
The goal sets in Cruise Control, which include the default, supported, hard, self-healing and anomaly detection goals, might be overridden to their default value after a cluster upgrade if the goals have been customized.
Create a copy from the values of the goal lists before upgrading your cluster, and add the copied values to the goal lists after upgrading the cluster. Furthermore, you must rename any mentioning of com.linkedin.kafka.cruisecontrol.analyzer.goals.RackAwareGoal to com.linkedin.kafka.cruisecontrol.analyzer.goals.RackAwareDistributionGoal as Cruise Control will not be able to start otherwise.