Known issues

Review the list of known issues in Cloudera Flow Management (CFM) 2.1.4.

Special characters in Keystore/Truststore passwords

If there are special characters in the passwords of the truststores/keystores, the normal operation of NiFi and its integration with Cloudera Manager (command and control, monitoring, etc) is affected.

Update the passwords using only [A-Z a-z 0-9] characters or upgrade to CFM 2.1.5. You can also file a support case to get a hotfix from Cloudera Support.

Configuration of java.arg.7

A property has been added for defining java.arg.7 to provide the ability to override the default location of the temporary directory used by JDK. By default this value is empty in Cloudera Manager. If you use this argument for another purpose, change it to a different, unused argument number (or use letters instead: java.arg.mycustomargument). Not changing the argument can impact functionalities after upgrades/migrations.

JDK error

JDK 8 version u252 is supported. Any lower version may result in this error when NiFi starts:

SHA512withRSAandMGF1 Signature not available
          

When using Java 8, only version u252, and above are supported.

JDK limitation

JDK 8u271, JDK 8u281, and JDK 8u291 may cause socket leak issues in NiFi due to JDK-8245417 and JDK-8256818. Verify the build version of your JDK. Later builds are fixed as described in JDK-8256818.

When using Java 8, only version u252, and above are supported.

KafkaRecordSink puts multiple records in one message

All records are sent as a single Kafka message containing an array of records.

For more information, see NIFI-8326.

There is no workaround for this issue.

Kudu Client

There is an issue in the Kudu client preventing the creation of a new tables using the NiFi processors. The table needs to exist before NiFi tries to push data into it. You may see this error when this issue arises:

Caused by: org.apache.kudu.client.NonRecoverableException: failed to wait for Hive Metastore notification log listener to catch up: failed to retrieve notification log events: failed to open Hive Metastore connection: SASL(-15): mechanism too weak for this user

Verify the necessary table exists in Kudu.

NiFi Node Connection test failures

Cloudera Manager includes a new health check feature. The health check alerts users if a NiFi instance is running but disconnected from the NiFi cluster. For this health check to be successful, you must update a Ranger policy. There is a known issue when the NiFi service is running but the NiFi Node(s) report Bad Health due to the NiFi Node Connection test.

Update the policy:

1. From the Ranger UI, access the Controller policy for the NiFi service.
2. Verify the nifi group is set in the policy.
3. Add the nifi user, to the policy, with READ permissions.

NiFi UI performance considerations

A known issue in Chrome 92.x causes significant slowness in the NiFi UI and may lead to high CPU consumption.

For more information, see the Chrome Known Issues documentation at 1235045.

Use another version of Chrome or a different browser.

SSHJ version change and key negotiation issue with old SSH servers

ListSFTP and PutSFTP processors fail when using the legacy ssh-rsa algorithm for authentication with the following error:

UserAuthException: Exhausted available authentication methods

Set Key Algorithms Allowed property in PutSFTP to ssh-rsa.

Parameter Context inheritance may be lost during NiFi restart

When restarting NiFi, the inheritance between parameter contexts may be lost under specific conditions.

UserAuthException: Exhausted available authentication methods

For more information, see NIFI-10096.

Cloudera recommends to upgrade to the latest version or to request a HOTFIX through the Support Portal.

KeyStoreException: placeholder not found

After an upgrade, NiFi may fail to start, displaying the following error:

WARN org.apache.nifi.web.server.JettyServer: Failed to start web server... shutting down.
java.security.KeyStoreException: placeholder not found

The error is caused by missing configuration for the type of the keystore and truststore files.

1. Go to Cloudera Manager -> NiFi service -> Configuration.
2. Add the below properties for NiFi Node Advanced Configuration Snippet (Safety Valve) for staging/nifi.properties.xml.

   nifi.security.keystoreType=**[value]**
   nifi.security.truststoreType=**[value]**

   Where value must be PKCS12, JKS, or BCFKS. JKS is the preferred type, BCFKS and PKCS12 files are loaded with BouncyCastle provider.

3. Restart NiFi.