Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Sentry Issue with Solr accessing

Labels:
avatar
author-rank anis016
Contributor

Created on ‎06-05-2017 05:10 AM - edited ‎09-16-2022 04:42 AM

 

Hello !

 

I have setup Solr in my cloudera quickstart vm. Also, I kerborized it and enabled sentry. I created some collections and able to do MapReduce task to index files into those collections. However, while I am trying to access later using solr admin ui, I am getting this below error. It seems, i need to add "cloudera" user to the admin group via sentry. Please help in this issue.

 

Error log as below:

 

2017-06-05 04:53:20,708 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={indexInfo=false&_=1496663600675&wt=json} status=401 QTime=30 
2017-06-05 04:53:26,720 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=46 
2017-06-05 04:54:26,658 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=46 
2017-06-05 04:55:26,618 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=55 
2017-06-05 04:56:26,602 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=52 
2017-06-05 04:57:26,709 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=63 
2017-06-05 04:58:27,358 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=70 
2017-06-05 04:59:27,281 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=47 
2017-06-05 05:00:27,259 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=46 
2017-06-05 05:01:27,288 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=57 
2017-06-05 05:02:26,889 ERROR org.apache.solr.core.SolrCore: org.apache.solr.common.SolrException: org.apache.sentry.binding.solr.authz.SentrySolrAuthorizationException: User cloudera does not have privileges for admin
	at org.apache.solr.sentry.SentryIndexAuthorizationSingleton.authorizeCollectionAction(SentryIndexAuthorizationSingleton.java:185)
	at org.apache.solr.sentry.SentryIndexAuthorizationSingleton.authorizeCollectionAdminAction(SentryIndexAuthorizationSingleton.java:105)
	at org.apache.solr.handler.SecureRequestHandlerUtil.checkSentryAdminCollection(SecureRequestHandlerUtil.java:79)
	at org.apache.solr.handler.SecureRequestHandlerUtil.checkSentryAdminCollection(SecureRequestHandlerUtil.java:48)
	at org.apache.solr.handler.admin.SecureCoreAdminHandler.handleRequestBody(SecureCoreAdminHandler.java:136)
	at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:135)
	at org.apache.solr.servlet.SolrDispatchFilter.handleAdminRequest(SolrDispatchFilter.java:871)
	at org.apache.solr.servlet.SolrDispatchFilter.httpSolrCall(SolrDispatchFilter.java:314)
	at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:260)
	at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:255)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.solr.servlet.SolrHadoopAuthenticationFilter$2.doFilter(SolrHadoopAuthenticationFilter.java:408)
	at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:622)
	at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.doFilter(DelegationTokenAuthenticationFilter.java:301)
	at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:574)
	at org.apache.solr.servlet.SolrHadoopAuthenticationFilter.doFilter(SolrHadoopAuthenticationFilter.java:413)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:612)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:503)
	at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.sentry.binding.solr.authz.SentrySolrAuthorizationException: User cloudera does not have privileges for admin
	at org.apache.sentry.binding.solr.authz.SolrAuthzBinding.authorizeCollection(SolrAuthzBinding.java:182)
	at org.apache.solr.sentry.SentryIndexAuthorizationSingleton.authorizeCollectionAction(SentryIndexAuthorizationSingleton.java:180)
	... 28 more

Thanks

6,619 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank anis016
Contributor

Created ‎06-09-2017 03:39 AM

I am making a mistake while defining "sentry-provider.ini"

 

correct one should be as below:

 


[groups]
cloudera = admin_role
[roles]
admin_role = collection = *->action=*

 

This is solved !

View solution in original post

6,587 Views
0 Kudos
2 REPLIES 2

avatar
author-rank anis016
Contributor

Created ‎06-09-2017 03:39 AM

I am making a mistake while defining "sentry-provider.ini"

 

correct one should be as below:

 


[groups]
cloudera = admin_role
[roles]
admin_role = collection = *->action=*

 

This is solved !

6,588 Views
0 Kudos

avatar
author-rank neerjakhattar author-rank
Rising Star

Created ‎08-01-2017 11:41 AM

Yes, thats correct. You can get more details here

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/search_sentry.html

 

Also, Now sentry as a service is also provided for solr you can use that too and use solr sentry tool commands

6,423 Views
0 Kudos
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
View More Announcements