Known Issues in Apache Knox

Learn about the known issues in Knox, the impact or changes to the functionality, and the workaround.

CDPD-61088: When downgrade is performed from CDP 7.1.9 to CDP 7.1.7 SP2, Knox may fail to start.
Failed to start gateway: org.apache.knox.gateway.services.ServiceLifecycleException: Keystore was not loaded properly - the provided password may not match the password for the keystore. org.apache.knox.gateway.services.ServiceLifecycleException: Keystore was not loaded properly - the provided password may not match the password for the keystore.
Workaround: Remove the faulty credential store and restart Knox.
CDPD-60996: When downgrade is performed from CDP 7.1.9 to CDP 7.1.7 SP2, Knox is unable to connect to Cloudera Manager.
Restart Knox service after downgrade.
CDPD-28431: Intermittent errors could be potentially encountered when Impala UI is accessed from multiple Knox nodes.
You must use a single Knox node to access Impala UI.
CDPD-3125: Logging out of Atlas does not manage the external authentication
At this time, Atlas does not communicate a log-out event with the external authentication management, Apache Knox. When you log out of Atlas, you can still open the instance of Atlas from the same web browser without re-authentication.
To prevent additional access to Atlas, close all browser windows and exit the browser.
CDPD-22785: Improvements and issues needs to be addressed in convert-topology knox cli command
None
OPSAPS-67480: In 7.1.9, default Ranger policy is added from the cdp-proxy-token topology, so that after a new installation of CDP-7.1.9, the knox-ranger policy includes cdp-proxy-token. However, upgrades do not add cdp-proxy-token to cm_knox policies automatically.
Manually add cdp-proxy-token to the knox policy, using Ranger Admin Web UI.
  1. Log in to Cloudera Manager > Ranger > Ranger Admin Web UI, as a Ranger administrator.
  2. On Ranger Admin Web UI > Service Manager > Resource > Knox, click cm_knox.
  3. In Knox Policies, open the CDP Proxy UI, API and Token policy.
  4. In Knox Topology*, add cdp-proxy-token.
  5. Click Save.
  6. Restart Ranger.