Fixed Issues in Apache Knox
Review the list of Knox issues that are resolved in Cloudera Runtime 7.1.9.
- OPSAPS-67397: Intermittent Knox login error in 7.2.17
- This fix adds CSD support for pac4j.password, which is a pseudo random string that needs to be synced between HA Knox instances for HA SSO to work.
- OPSAPS-67449: Enable Loadbalancing param for Oozie and Impala services in cdp-proxy-api topology
- Sticky session and loadbalancing support was missing for cdp-proxy-api topology, this change adds it back. This change also adds stickysession and LB props for Impala (OPSAPS-67376)
- OPSAPS-63146: Support custom Kerberos path for Knox
- With this change Knox will pick up the krb5 value configured in CM (Administrator -> Settings -> krb5.conf file path ) When the CM property changes, Knox configs will change keeping them in sync.
- OPSAPS-68107: Response code 500 error at large-payload request test over Knox on PC-7.2.17 and DC-7.1.9 SMM executions
- Larger requests (over 15KB) are not failing anymore using the Knox APIs (both SMM UI, and SMM API).
- CDPD-40964: Need to update Knox re-write rules to allow access to newer APIs introduced in Ranger
- Allow metrics,roles, tagrest & xaudit Ranger Admin APIs via knox proxy
- CDPD-24808: SR with Knox should use round-robin load balancing
- When multiple instances of Schema Registry are running, Knox will use round-robin to forward the requests.
- CDPD-53722: Knox - Upgrade OkHttp to 3.14.9/4.10.0 due to medium CVEs - PvC
- Upgrade OkHttp to 3.14.9/4.10.0 due to medium CVEs.
- CDPD-50726: [7.1.9.x]- Need to update Knox re-write rules to allow access to newer APIs introduced in Ranger
- Update Knox re-write rules to allow access to newer APIs introduced in Ranger
- CDPD-58562: PvC - Reduce the time taken for Knox startup
- Knox gateway and idbroker startup time improvements were added.
Apache patch information