Known Issues in Apache Kafka

Learn about the known issues in Kafka, the impact or changes to the functionality, and the workaround.

Known Issues identified in Cloudera Runtime 7.3.1.400 SP2

There are no new known issues identified in this release.

Known Issues identified in Cloudera Runtime 7.3.1.300 SP1 CHF 1

There are no new known issues identified in this release.

Known Issues identified in Cloudera Runtime 7.3.1.200 SP1

There are no new known issues identified in this release.

Known Issues identified in Cloudera Runtime 7.3.1.100 CHF 1

There are no new known issues identified in this release.

Cloudera Runtime 7.3.1

OPSAPS-59553: Streams Messaging Manager bootstrap server config should be updated based on Kafka's listeners: 7.1.7, 7.1.9, 7.3.1, 7.3.1.100, 7.3.1.200, 7.3.1.300, 7.3.1.400; Streams Messaging Manager does not show any metrics for Kafka or Kafka Connect when multiple listeners are set in Kafka.; Streams Messaging Manager cannot identify multiple listeners and still points to bootstrap server using the default broker port (9093 for SASL_SSL). You need to override the bootstrap server URL by performing the following steps:

In Cloudera Manager, go to Streams Messaging Manager > Configuration > Streams Messaging Manager Rest Admin Server Advanced Configuration Snippet (Safety Valve)

Override bootstrap server URL (hostname:port as set in the listeners for broker) for streams-messaging-manager.yaml.

Save your changes.

Restart SMM.
The offsets.topic.replication.factor property must be less than or equal to the number of live brokers: 7.1.7, 7.1.9, 7.3.1, 7.3.1.100, 7.3.1.200, 7.3.1.300, 7.3.1.400; The offsets.topic.replication.factor broker configuration is now enforced upon auto topic creation. Internal auto topic creation will fail with a GROUP_COORDINATOR_NOT_AVAILABLE error until the cluster size meets this replication factor requirement.; None
Requests fail when sending to a nonexistent topic with auto.create.topics.enable set to true: 7.1.7, 7.1.9, 7.3.1, 7.3.1.100, 7.3.1.200, 7.3.1.300, 7.3.1.400; The first few produce requests fail when sending to a nonexistent topic with auto.create.topics.enable set to true.; Increase the number of retries in the producer configuration setting retries.
KAFKA-2561: Performance degradation when SSL Is enabled: 7.1.7, 7.1.9, 7.3.1, 7.3.1.100, 7.3.1.200, 7.3.1.300, 7.3.1.400; In some configuration scenarios, significant performance degradation can occur when SSL is enabled. The impact varies depending on your CPU, JVM version, Kafka configuration, and message size. Consumers are typically more affected than producers.; Configure brokers and clients with ssl.secure.random.implementation = SHA1PRNG. It often reduces this degradation drastically, but its effect is CPU and JVM dependent.
RANGER-3809: Idempotent Kafka producer fails to initialize due to an authorization failure: 7.1.9, 7.3.1, 7.3.1.100, 7.3.1.200, 7.3.1.300, 7.3.1.400; Kafka producers that have idempotence enabled require the Idempotent Write permission to be set on the cluster resource in Ranger. If permission is not given, the client fails to initialize and an error similar to the following is thrown:
org.apache.kafka.common.KafkaException: Cannot execute transactional method because we are in an error state at org.apache.kafka.clients.producer.internals.TransactionManager.maybeFailWithError(TransactionManager.java:1125) at org.apache.kafka.clients.producer.internals.TransactionManager.maybeAddPartition(TransactionManager.java:442) at org.apache.kafka.clients.producer.KafkaProducer.doSend(KafkaProducer.java:1000) at org.apache.kafka.clients.producer.KafkaProducer.send(KafkaProducer.java:914) at org.apache.kafka.clients.producer.KafkaProducer.send(KafkaProducer.java:800) . . . Caused by: org.apache.kafka.common.errors.ClusterAuthorizationException: Cluster authorization failed.
Idempotence is enabled by default for clients in Kafka 3.0.1, 3.1.1, and any version after 3.1.1. This means that any client updated to 3.0.1, 3.1.1, or any version after 3.1.1 is affected by this issue.; This issue has two workarounds, do either of the following:

Explicitly disable idempotence for the producers. This can be done by setting enable.idempotence to false.

Update your policies in Ranger and ensure that producers have Idempotent Write permission on the cluster resource.
CDPD-49304: AvroConverter does not support composite default values: 7.1.7, 7.1.9, 7.3.1, 7.3.1.100, 7.3.1.200, 7.3.1.300, 7.3.1.400; AvroConverter cannot handle schemas containing a STRUCT type default value.; None.
DBZ-4990: The Debezium Db2 Source connector does not support schema evolution: 7.1.9, 7.3.1, 7.3.1.100, 7.3.1.200, 7.3.1.300, 7.3.1.400; The Debezium Db2 Source connector does not support the evolution (updates) of schemas. In addition, schema change events are not emitted to the schema change topic if there is a change in the schema of a table that is in capture mode. For more information, see DBZ-4990.; None.
CFM-3532: The Stateless NiFi Source, Stateless NiFi Sink, and HDFS Stateless Sink connectors cannot use Snappy compression: 7.1.9, 7.3.1, 7.3.1.100, 7.3.1.200, 7.3.1.300, 7.3.1.400; This issue only affects Stateless NiFi Source and Sink connectors if the connector is running a dataflow that uses a processor that uses Hadoop libraries and is configured to use Snappy compression. The HDFS Stateless Sink connector is only affected if the Compression Codec or Compression Codec for Parquet properties are set to SNAPPY.
If you are affected by this issue, errors similar to the following will be present in the logs.
Failed to write to HDFS due to java.lang.UnsatisfiedLinkError: org.apache.hadoop.util.NativeCodeLoader.buildSupportsSnappy()
Failed to write to HDFS due to java.lang.RuntimeException: native snappy library not available: this version of libhadoop was built without snappy support.; Download and deploy missing libraries.

important
Ensure that you complete steps 1-11 on all Kafka Connect hosts. Additionally, ensure that the advanced configuration snippet in step 12 is configured for all Kafka Connect role instances.

Create the /opt/nativelibs directory.
mkdir /opt/nativelibs

Change the owner to kafka.
chown kafka:kafka /opt/nativelibs

Locate the directory containing the Hadoop native libraries and copy its contents to the directory you created.
cp /opt/cloudera/parcels/CDH/lib/hadoop/lib/native/* /opt/nativelibs

Verify that libsnappy.so was copied to the directory you created.

Remove the following from /opt/nativelibs.
libhadoop.a libhadoop.so libhadoop.so.1.0.0

Run the following command.
hadoop version
The command returns the Hadoop version running in the cluster. Note down the first three digits in the version.

Go to https://archive.apache.org/dist/hadoop/common/ and download the Hadoop version that matches the first three digits of the version running in the cluster.
For example, if your Hadoop version is 3.1.1.7.1.9.0-296, then you need to download Hadoop 3.1.1.

Extract the downloaded archive.

Copy the following libraries from the downloaded archive to /opt/nativelibs on the cluster host.
libhadoop.a libhadoop.so.1.0.0
The libraries are located in hadoop-[***VERSION***]/lib/native.

Create a symlink named libhadoop.so and point it to /opt/nativelibs/libhadoop.so.1.0.0.
ln -s /opt/nativelibs/libhadoop.so.1.0.0 /opt/nativelibs/libhadoop.so

Change the owner of every entry within /opt/nativelibs to kafka.
chown -h kafka:kafka /opt/nativelibs/*

In Cloudera Manager, go to Kafka service > Configuration.

Add the following key-value pair to Kafka Connect Environment Advanced Configuration Snippet (Safety Valve).

Key: LD_LIBRARY_PATH

Value: /opt/nativelibs

Click Save Changes.

Restart the Kafka service.
OPSAPS-69317: Kafka Connect Rolling Restart Check fails if SSL Client authentication is required: 7.1.9, 7.3.1, 7.3.1.100, 7.3.1.200, 7.3.1.300, 7.3.1.400; The rolling restart action does not work in Kafka Connect when the ssl.client.auth option is set to required. The health check fails with a timeout which blocks restarting the subsequent Kafka Connect instances.; You can set ssl.client.auth to requested instead of required and initiate a rolling restart again. Alternatively, you can perform the rolling restart manually by restarting the Kafka Connect instances one-by-one and checking periodically whether the service endpoint is available before starting the next one.

Unsupported Features

The following Kafka features are not supported in Cloudera

Only Java and .Net based clients are supported. Clients developed with C, C++, Python, and other languages are currently not supported.
The Kafka default authorizer is not supported. This includes setting ACLs and all related APIs, broker functionality, and command-line tools.
SASL/SCRAM is only supported for delegation token based authentication. It is not supported as a standalone authentication mechanism.
Kafka KRaft in this release of Cloudera Runtime is in technical preview and does not support the following:
- Deployments with multiple log directories. This includes deployments that use JBOD for storage.
- Delegation token based authentication.
- Migrating an already running Kafka service from ZooKeeper to KRaft.
- Atlas Integration.

Limitations

Collection of partition level metrics may cause Cloudera Manager performance to degrade: If the Kafka service operates with a large number of partitions, collection of partition level metrics may cause Cloudera Manager performance to degrade.
If you are observing performance degradation and your cluster is operating with a high number of partitions, you can choose to disable the collection of partition level metrics.
important
If you are using Streams Messaging Manager to monitor Kafka or Cruise Control for rebalancing Kafka partitions, be aware that both Streams Messaging Manager and Cruise Control rely on partition level metrics. If partition level metric collection is disabled, Streams Messaging Manager will not be able to display information about partitions. In addition, Cruise Control will not operate properly.
Complete the following steps to turn off the collection of partition level metrics:

Obtain the Kafka service name.

In Cloudera Manager, Select the Kafka service.

Select any available chart, and select Open in Chart Builder from the configuration icon drop-down.

Find $SERVICENAME= near the top of the display.
The Kafka service name is the value of $SERVICENAME.

Turn off the collection of partition level metrics.

Go to Hosts > Hosts Configuration.

Find and configure the Cloudera Manager Agent Monitoring Advanced Configuration Snippet (Safety Valve) configuration property.
Enter the following to turn off the collection of partition level metrics:
[KAFKA_SERVICE_NAME]_feature_send_broker_topic_partition_entity_update_enabled=false
Replace [KAFKA_SERVICE_NAME] with the service name of Kafka obtained in step 1. The service name should always be in lower case.

Click Save Changes.