Known Issues in Apache Knox
Learn about the known issues in Knox, the impact or changes to the functionality, and the workaround.
- CDPD-61088: When downgrade is performed from CDP 7.1.9 to CDP 7.1.7 SP2, Knox may fail to start.
Failed to start gateway: org.apache.knox.gateway.services.ServiceLifecycleException: Keystore was not loaded properly - the provided password may not match the password for the keystore. org.apache.knox.gateway.services.ServiceLifecycleException: Keystore was not loaded properly - the provided password may not match the password for the keystore.- CDPD-60996: When downgrade is performed from CDP 7.1.9 to CDP 7.1.7 SP2, Knox is unable to connect to Cloudera Manager.
- Restart Knox service after downgrade.
- CDPD-28431: Intermittent errors could be potentially encountered when Impala UI is accessed from multiple Knox nodes.
- You must use a single Knox node to access Impala UI.
- CDPD-3125: Logging out of Atlas does not manage the external authentication
- At this time, Atlas does not communicate a log-out event with the external authentication management, Apache Knox. When you log out of Atlas, you can still open the instance of Atlas from the same web browser without re-authentication.
- CDPD-22785: Improvements and issues needs to be addressed in convert-topology knox cli command
- None
- OPSAPS-67480: In 7.1.9, default Ranger policy is added from the cdp-proxy-token topology, so that after a new installation of CDP-7.1.9, the knox-ranger policy includes cdp-proxy-token. However, upgrades do not add cdp-proxy-token to cm_knox policies automatically.
- Manually add cdp-proxy-token to the knox policy, using
Ranger Admin Web UI.
- Log in to , as a Ranger administrator.
- On , click cm_knox.
- In Knox Policies, open the CDP Proxy UI, API and Token policy.
- In Knox Topology*, add cdp-proxy-token.
- Click Save.
- Restart Ranger.
