Fixed Issues in Apache Kudu

Review the list of Apache Kudu issues that are resolved in Cloudera Runtime 7.2.17.

CDPD-47036: Upgrade elasticsearch (a transitive dependency through Ranger) to 7.17.1+ due to CVEs

Upgraded elasticsearch to 7.17.1+ due to CVEs.

CDPD-47068: Update default value for --tablet_history_max_age_sec to avoid OOM for kudu-master

Fixed an issue with the kudu-master process consuming too much memory in case of very large clusters, clusters with many thousands of tables, or clusters with huge numbers of DDL operations per day.

The default setting of --tablet_history_max_age_sec for tablet servers has been set to 7 days since logical backup/restore has been implemented with CDH6.3.0 release (corresponding to upstream Kudu release 1.10.0), but storing that much history for system catalog doesn't make much sense as Kudu masters don't scan the system tablet with timestamps back in the past. For bigger Kudu clusters with many nodes and thousands of tables, if there is a sustainable high rate of DDL activity or Raft election storms in the cluster, the system tablet might accumulate a lot of deltas of its history. That might lead to kudu-master processes using a lot of memory while performing rowset merge compactions.

CDPD-53423: Kudu was not able to connect to Ranger in public cloud due to an incorrect environment variable name

Kudu control script was using the wrong environment variable to fill Ranger service name. This caused the ranger subprocess to crash. As a result, all the Kudu CLI commands failed due to absence of ranger subprocess on the other end to cater CLI requests. As a fix, the correct environment variable is used to ensure a valid ranger service name is picked when Kudu cluster is set up.

KUDU-3450: Buffer was too low for messages between Kudu and the Ranger client, causing authorization failures when the access control lists were too large

The issue is now fixed.

Kudu HMS Sync is disabled and is not yet supported

The issue is now fixed.

Kerberos authentication fails with rdns disabled

When rdns is set to false, the Kudu Java client does not retain the original hostname, and replaces them with the resolved IP addresses. This prevents Kerberos authentication from working properly. For more information, see KUDU-3415.

The issue is now fixed.