Known Issues in Apache Ozone

Learn about the known issues in Ozone, the impact or changes to the functionality, and the workaround.

OPSAPS-69846: If Ozone is installed with custom kerberos principals for its roles, operations on encrypted buckets can fail as Ranger KMS does not have its proxy users and groups configured for the custom S3 Gateway user.

Add the following configurations in Ranger-kms safety valve based on the custom s3g user. In this case , the user is s3gfoo0. The parameters are hadoop.kms.proxyuser.s3gfoo0.hosts = * hadoop.kms.proxyuser.s3gfoo0.groups = *

In the CDP Private Cloud Base 7.1.7 SP2, a manual process is available to renew the expiring internal Ozone certificates. However, this is failing for Ozone Managers.

You can manually renew the Ozone certificates selectively for Ozone Managers using the Ozone Internal SSL certificate expiration KB article or the Ozone Internal SSL certificate expiration for versions 7.1.8 CHF2 and lower documentation.