Upgrade Notes for Apache Kudu 1.15 / CDP 7.1

Learn about the most important Kudu relatd changes when upgrading to CDP Private Cloud Base 7.1.

World-readable Kerberos keytab files

To improve security, world-readable Kerberos keytab files are no longer accepted by default. You can override this behaviour by setting the ‑‑allow_world_readable_credentials property to true using the Kudu Service Advanced Configuration Snippet (Safety Valve) for gflagfile advanced configuration snippet:
‑‑allow_world_readable_credentials=true 

Wire Protocol compatibility

Kudu 1.15.0 is wire-compatible with previous versions of Kudu:
  • Kudu 1.15 clients may connect to servers running Kudu 1.0 or later. If the client uses features that are not available on the target server, an error will be returned.
  • Rolling upgrade between Kudu 1.9 and Kudu 1.15 servers is believed to be possible though has not been sufficiently tested. Users are encouraged to shut down all nodes in the cluster, upgrade the software, and then restart the daemons on the new version.
  • Kudu 1.6 and later clients may connect to servers running Kudu 1.15.

Client Library Compatibility

  • The Kudu 1.15 Java client library is API- and ABI-compatible with Kudu 1.6 and later. Applications written against Kudu 1.6 and later will compile and run against the Kudu 1.15 client library and the other way around.
  • The Kudu 1.15 C++ client is API- and ABI-forward-compatible with Kudu 1.6 and later. Applications written and compiled against the Kudu 1.6 client library will run without modification against the Kudu 1.15 client library. Applications written and compiled against the Kudu 1.6 or later client library will run without modification against the Kudu 1.15client library.
  • The Kudu 1.15Python client is API-compatible with Kudu 1.6 and later. Applications written against Kudu 1.6 and later will continue to run against the Kudu 1.15 client and the other way around.

Integration with Apache Ranger

The integration with Apachy Sentry is replaced by the integration with Apache Ranger. Kudu 1.15 natively integrates with Apache Ranger for fine grain authorization and access control. This integration is disabled by default after the upgrade. If you want to enable fine grain authorization and access control with Kudu and Ranger, follow the steps described in Enabling Ranger authorization.