Known Issues in Streams Replication Manager

Learn about the known issues in Streams Replication Manager, the impact or changes to the functionality, and the workaround.

Known Issues

CDPD-22089: SRM does not sync re-created source topics until the offsets have caught up with target topic
Messages written to topics that were deleted and re-created are not replicated until the source topic reaches the same offset as the target topic. For example, if at the time of deletion and re-creation there are a 100 messages on the source and target clusters, new messages will only get replicated once the re-created source topic has 100 messages. This leads to messages being lost.
None
CDPD-11079: Blacklisted topics appear in the list of replicated topics
If a topic was originally replicated but was later disallowed (blacklisted), it will still appear as a replicated topic under the /remote-topics REST API endpoint. As a result, if a call is made to this endpoint, the disallowed topic will be included in the response. Additionally, the disallowed topic will also be visible in the SMM UI. However, it's Partitions and Consumer Groups will be 0, its Throughput, Replication Latency and Checkpoint Latency will show N/A.
None
CDPD-30275: SRM may automatically re-create deleted topics on target clusters
If auto.create.topics.enable is enabled, deleted topics might get automatically re-created on target clusters. This is a timing issue. It only occurs if remote topics are deleted while the replication of the topic is still ongoing.
  1. Remove the topic from the topic allowlist with srm-control. For example:
    srm-control topics --source [SOURCE_CLUSTER] --target [TARGET_CLUSTER] --remove [TOPIC1]
  2. Wait until SRM is no longer replicating the topic.
  3. Delete the remote topic in the target cluster.
OPSAPS-63104: The automatically generated password for co-located services is invalid
SRM automatically generates a username and password that can be used by co-located services to access SRM and its REST API. However, a unique password is generated for each SRM Service role instance. Because of this, co-located services that use the password, for example SMM, can only connect to one of the SRM Service role instances.
Manually configure a password using the SRM Service Co-Located Service User Password SRM property. The password you configure will be accepted by all SRM Service role instances.
OPSAPS-63992: Rolling restart unavailable for SRM
Initiating a rolling restart for the SRM service is not possible. Consequently, performing a rolling upgrade of the SRM service is also not possible.
None
CDPD-31745: SRM Control fails to configure internal topic when target is earlier than Kafka 2.3
When the target Kafka cluster of a replication is earlier than version 2.3, the srm-control internal topic is created with an incorrect configuration (cleanup.policy=compact). This causes the srm-control topic to lose the replication filter records, causing issues in the replication.
After a replication is enabled where the target Kafka cluster is earlier than 2.3, manually configure all srm-control.[***SOURCE CLUSTER ALIAS***].internal topics in the target cluster to use cleanup.policy=compact.
OPSAPS-67772: SRM Service metrics processing fails when the noexec option is enabled for /tmp
The SRM Service role uses /tmp to extract RocksDB .so files, which are required for metrics processing to function. If the noexec option is enabled for the /tmp directory, the SRM Service role is not able load the required RocksDB files. This results in metrics processing failing.
  1. In Cloudera Manager, select the SRM service and go to Configuration.
  2. Add the following to SRM Service Environment Advanced Configuration Snippet (Safety Valve). Do this for all SRM Service role instances.
    ROCKSDB_SHAREDLIB_DIR=[***PATH***]

    Replace [***PATH***] with a directory that is not /tmp.

OPSAPS-67738: SRM Service role's Remote Querying feature does not work when the noexec option is enabled for /tmp

The SRM Service role puts the Netty native libraries into the /tmp directory. As a result, If the noexec option is enabled for the /tmp directory, the Remote Querying feature will fail to function.

  1. In Cloudera Manager, select the SRM service and go to Configuration.
  2. Add the following to SRM_JVM_PERF_OPTS.
    -Dio.netty.native.workdir=[***PATH***]
    Replace [***PATH***] with a directory that is not /tmp.
OPSAPS-62546: Kafka External Account SSL keypassword configuration is used incorrectly by SRM
When a Kafka External Account specifies a keystore that uses an SSL key password, SRM uses it as the ssl.keystore.key configuration. Due to using the incorrect ssl.keystore.key configuration, SRM will fail to load the keystore in certain cases.
Workaround: For the keystores used by the Kafka External Accounts, the SSL key password should match the SSL keystore password, and the SSL keystore key password should not be provided. Alternatively, you can use the legacy connection configurations based on the streams.replication.manager.configs to specify the SSL key password.

Limitations

SRM cannot replicate Ranger authorization policies to or from Kafka clusters
Due to a limitation in the Kafka-Ranger plugin, SRM cannot replicate Ranger policies to or from clusters that are configured to use Ranger for authorization. If you are using SRM to replicate data to or from a cluster that uses Ranger, disable authorization policy synchronization in SRM. This can be achieved by clearing the Sync Topic Acls Enabled (sync.topic.acls.enabled) checkbox.
SRM cannot ensure the exactly-once semantics of transactional source topics
SRM data replication uses at-least-once guarantees, and as a result cannot ensure the exactly-once semantics (EOS) of transactional topics in the backup/target cluster.
SRM checkpointing is not supported for transactional source topics
SRM does not correctly translate checkpoints (committed consumer group offsets) for transactional topics. Checkpointing assumes that the offset mapping function is always increasing, but with transactional source topics this is violated. Transactional topics have control messages in them, which take up an offset in the log, but they are never returned on the consumer API. This causes the mappings to decrease, causing issues in the checkpointing feature. As a result of this limitation, consumer failover operations for transactional topics is not possible.