Known Issues in Apache Knox

Learn about the known issues in Knox, the impact or changes to the functionality, and the workaround.

CDPD-76294: Knox service can not be started in a large size Private Cloud Base Cloudera Manager cluster
For a large size Private Cloud Base Cloudera Manager cluster installed with Cloudera Runtime 7.3.1.0, you might face the problem that Knox can not be started with the following error message:
Wait Until Knox Gateway Can Serve Requests failed on Knox Gateway
Increase the Knox configuration parameter Knox Gateway Initial/Max Heapsize from 1 GiB to 2 GiB or 4 GiB, depending on the cluster size. Then save changes and run Restart Stale Services. After these steps, the Knox service can be started.
CDPD-71751: Creation of alias from the Cloudera Manager UI fails on FIPS
Users trying to create aliases through the Cloudera Manager UI face issues in FIPS.
The alias(es) can be created using the Knox CLI:
  1. ssh to Knox host.
  2. export KNOX_GATEWAY_DATA_DIR="/var/lib/knox/gateway/data"; export KNOX_GATEWAY_CONF_DIR="/var/lib/knox/gateway/conf"
  3. /opt/cloudera/parcels/CDH/lib/knox/bin/knoxcli.sh create-alias <ALIAS_NAME> <ALIAS_VALUE>
  4. Verify the addition using /opt/cloudera/parcels/CDH/lib/knox/bin/knoxcli.sh list-alias.

For HA deployments, users must do it on every Knox host (whereas the Save Alias command applies the change to all hosts automatically).

CDPD-71305: Concurrent impala shell connection failure
If a user makes a concurrent impala-shell connection through Knox, then the connection fails.
Use only one Knox role.
CDPD-60379: During rolling upgrade of Knox service, access fails with 503/500/404/403 error code
The user operation which is performed during the rolling upgrade of knox might fail with 503/500/404/403 error code.
Retry the user operation.
CDPD-3125: Logging out of Atlas does not manage the external authentication
At this time, Atlas does not communicate a log-out event with the external authentication management, Apache Knox. When you log out of Atlas, you can still open the instance of Atlas from the same web browser without re-authentication.
To prevent additional access to Atlas, close all browser windows and exit the browser.
CDPD-28431: Intermittent errors could be potentially encountered when Impala UI is accessed from multiple Knox nodes
You must use a single Knox node to access Impala UI.
CDPD-22785: Improvements and issues needs to be addressed in convert-topology knox cli command
None.
Knox issue with JDK version
jdk-1.8.0_391 is not supported.
Cloudera recommends using Cloudera supported JDKs.