Cloudera Docs

Behavioral Changes in Streams Messaging Manager

Functional adjustments and behavioral updates for Streams Messaging Manager are introduced in Cloudera Runtime 7.3.2, its service packs, and cumulative hotfixes.

Cloudera Runtime 7.3.2

Component-level custom Java home configuration removed
Previous behavior:

You could configure a component-specific Java home for Streams Messaging Manager.

New behavior:

The component-level custom Java home configuration options are removed. Streams Messaging Manager now uses the host-level java_home configuration. If you previously set a component-specific Java home for this service, verify the host-level java_home setting after upgrading.

Default JMX settings changed to restrict connections to localhost
Previous behavior:

The default value of the SMM_JMX_OPTS Cloudera Manager configuration option was -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false, which allowed unrestricted, unauthenticated JMX connections.

New behavior:

The default value of SMM_JMX_OPTS has been changed to restrict JMX connections to localhost only and enable SSL. If you previously customized SMM_JMX_OPTS, your custom value is preserved on upgrade. To revert to open JMX, update SMM_JMX_OPTS in Cloudera Manager.

Streams Messaging Manager now defaults to IPv4-only communication

A new argument was added to SMM_JVM_PERF_OPTS that sets the IP protocol to IPv4 by default.

If you changed the default value of this parameter before upgrading, the new default value is not applied on upgrade. You can apply it manually after the upgrade.

Streams Messaging Manager UI Migration to Java
The Streams Messaging Manager UI service is migrated from a NodeJS runtime to a Java-based server. This change addresses security vulnerabilities associated with NodeJS dependencies and aligns Streams Messaging Manager with the centralized dependency management of the platform.
As a result of this migration, the following changes apply:
  • Runtime environment

    The Streams Messaging Manager UI service now runs on the JVM. Configuration for the runtime environment is now managed via the SMM_JAVA_OPTS environment variable.

  • TLS configuration
    TLS configuration moved from OpenSSL-style parameters to standard Java JSSE configuration. New Cloudera Manager parameters manage TLS protocols and cipher suites:
    • streams.messaging.manager.ui.ssl.supportedCipherSuites
    • streams.messaging.manager.ui.ssl.excludedCipherSuites
    • streams.messaging.manager.ui.ssl.supportedProtocols
    • streams.messaging.manager.ui.ssl.excludedProtocols

  • Configuration migration

    During upgrade, Cloudera Manager attempts to automatically migrate existing TLS settings (including those found in the NODE_OPTIONS environment variable within safety valves) to the new Java-based configuration parameters. However, manual verification is strongly recommended.

  • Safety valves

    Any properties previously set in the Streams Messaging Manager UI Server Environment Advanced configuration Snippet (Safety Valve) using NODE_OPTIONS that are not related to TLS must be manually translated to their Java equivalents (if applicable) and set using SMM_JAVA_OPTS.