Known Issues in Apache Knox

Known issues and technical limitations for Apache Knox are addressed in Cloudera Runtime 7.3.2, its service packs, and cumulative hotfixes.

Known Issues identified in Cloudera Runtime 7.3.2

There are no new known issues identified in this release.

Known Issues identified before Cloudera Runtime 7.3.2

Known issues identified before Cloudera Runtime 7.3.2 include only unresolved issues from previous releases that continue to affect the Cloudera Runtime 7.3.2 base release.

CDPD-76490: Ranger API bulk resource deletion fails when proxied through Knox: 7.3.1 and its CHFs, 7.3.2; Ranger API bulk resource deletion fails when the request is proxied through Knox. When Ranger sends a DELETE request with a body for bulk resource deletion, Knox does not forward the request body according to RFC 9110, causing the operation to fail.; None.
CDPD-71305: Concurrent impala shell connection failure: 7.1.9 SP1 and its CHFs, 7.3.1 and its CHFs, 7.3.2; If a user makes a concurrent impala-shell connection through Knox, then the connection fails.; Use only one Knox role.
CDPD-64652: During CDH + OS rolling upgrade knox admin api access fails with 403 ACL authorization failures: 7.2.18 and its Service Packs, 7.3.1 and its CHFs, 7.3.2; During OS upgrades, attempts to access Knox on the host being upgraded may produce occasional 403 HTTP responses.; Since the cause is the unavailability of underlying OS service(s), wait and retry the failed request(s).
CDPD-60376: Cloud loadbalancer takes 20-30 secs to failover to the next available knox host: 7.2.18 and its Service Packs, 7.3.1 and its CHFs, 7.3.2; If Knox is in HA and one of the Knox server is down, then accessing of service via Control plane endpoint url(i.e. via cloud loadbalancer) will take ~ 30secs to failover the request to available knox instance.; Retry the request after 30 seconds.
CDPD-3125: Logging out of Atlas does not manage the external authentication: 7.1.9, 7.2.18, 7.3.1 and its CHFs, 7.3.2; At this time, Atlas does not communicate a log-out event with the external authentication management, Apache Knox. When you log out of Atlas, you can still open the instance of Atlas from the same web browser without re-authentication.; To prevent additional access to Atlas, close all browser windows and exit the browser.
CDPD-84236: Token generated by one Knox host fails with Unknown token error on another Knox host in Data Engineering High Availability clusters: 7.3.1.400 through 7.3.1.700, 7.3.2; In Data Engineering High Availability clusters, a token generated by one Knox host may fail with an Unknown token error when accessed through another Knox host. This issue occurs due to a race condition in the PostgreSQL database, which prevents one of the Knox instances from properly initializing its configured token state service.; Restart Knox on all hosts.