Fixed Issues in Apache Knox
Review the list of Knox issues that are resolved in Cloudera Runtime 7.1.9.
- OPSAPS-67397: Intermittent Knox login error in 7.2.17
- This fix adds CSD support for pac4j.password, which is a pseudo random string that needs to be synced between HA Knox instances for HA SSO to work.
- OPSAPS-67449: Enable Loadbalancing param for Oozie and Impala services in cdp-proxy-api topology
- Sticky session and loadbalancing support was missing for cdp-proxy-api topology, this change adds it back. This change also adds stickysession and LB props for Impala (OPSAPS-67376)
- OPSAPS-63146: Support custom Kerberos path for Knox
- With this change Knox will pick up the krb5 value configured in CM (Administrator -> Settings -> krb5.conf file path ) When the CM property changes, Knox configs will change keeping them in sync.
- OPSAPS-68107: Response code 500 error at large-payload request test over Knox on PC-7.2.17 and DC-7.1.9 SMM executions
- Larger requests (over 15KB) are not failing anymore using the Knox APIs (both SMM UI, and SMM API).
- CDPD-40964: Need to update Knox re-write rules to allow access to newer APIs introduced in Ranger
- Allow metrics,roles, tagrest & xaudit Ranger Admin APIs via knox proxy
- CDPD-24808: SR with Knox should use round-robin load balancing
- When multiple instances of Schema Registry are running, Knox will use round-robin to forward the requests.
- CDPD-53722: Knox - Upgrade OkHttp to 3.14.9/4.10.0 due to medium CVEs - PvC
- Upgrade OkHttp to 3.14.9/4.10.0 due to medium CVEs.
- CDPD-50726: [7.1.9.x]- Need to update Knox re-write rules to allow access to newer APIs introduced in Ranger
- Update Knox re-write rules to allow access to newer APIs introduced in Ranger
- CDPD-58562: PvC - Reduce the time taken for Knox startup
- Knox gateway and idbroker startup time improvements were added.
- OPSAPS-58179: HIVE endpoint url is updated on only one knox host topolgies. While on other knox host, the Cloudera Manager configuration monitoring change is not identified and topologies are not updated with the Hive URL.
- This issue is now fixed.
- CDPD-43069: WEBHDFS operation on Namenode UI via knox fails when HDFS in HA
- Added failover configuration to WebHDFS to the HaProvider in cdp-proxy topology.
Apache patch information
- KNOX-2899
- KNOX-2841