Hey Larry,

I looked into this a bit deeper. It appears the knoxsso-topology is NOT updated because of the following code in /var/lib/ambari-server/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py:

  if params.version_formatted and check_stack_feature(StackFeature.KNOX_SSO_TOPOLOGY, params.version_formatted):
      File(os.path.join(params.knox_conf_dir, "topologies", "knoxsso.xml"),
         group=params.knox_group,
         owner=params.knox_user,
         content=InlineTemplate(params.knoxsso_topology_template)
      )

I believe the if condition is evaluating to false and thus preventing the knoxsso.xml from being written as I do not see a corresponding output entry in the log of a restart of the Knox Service (IE. I would expect to see a  File['/usr/hdp/current/knox-server/conf/topologies/knoxsso.xml’] line):

2018-07-12 12:42:43,870 - Generating config: /usr/hdp/current/knox-server/conf/gateway-site.xml
2018-07-12 12:42:43,871 - File['/usr/hdp/current/knox-server/conf/gateway-site.xml'] {'owner': 'knox', 'content': InlineTemplate(...), 'group': 'knox', 'mode': None, 'encoding': 'UTF-8'}
2018-07-12 12:42:43,879 - File['/usr/hdp/current/knox-server/conf/gateway-log4j.properties'] {'content': InlineTemplate(...), 'owner': 'knox', 'group': 'knox', 'mode': 0644}
2018-07-12 12:42:43,887 - File['/usr/hdp/current/knox-server/conf/topologies/default.xml'] {'content': InlineTemplate(...), 'owner': 'knox', 'group': 'knox'}
2018-07-12 12:42:43,890 - File['/usr/hdp/current/knox-server/conf/topologies/admin.xml'] {'content': InlineTemplate(...), 'owner': 'knox', 'group': 'knox'}
2018-07-12 12:42:43,891 - Execute['/usr/hdp/current/knox-server/bin/knoxcli.sh create-master --master [PROTECTED]'] {'environment': {'JAVA_HOME': u'/usr/jdk64/jdk1.8.0_112'}, 'not_if': "ambari-sudo.sh su knox -l -s /bin/bash -c 'test -f /usr/hdp/current/knox-server/data/security/master'", 'user': 'knox'}

This is on HDP 2.6.2 using Knox 0.12.0. I’ve created issue https://issues.apache.org/jira/browse/AMBARI-24285 <https://issues.apache.org/jira/browse/AMBARI-24285> to track.

Regards,
Christopher Jackson
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB