Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Unauthorized connection for super-user: root from IP 192.168.70.104 How to resolve???

Labels:
avatar
author-rank jcleve72
New Member

Created ‎05-31-2017 11:36 PM

1. I am using HDP 2.6 and ambari 2.5. on a 5 node cluster. The cluster was setup with vagrant following these instructions

https://cwiki.apache.org/confluence/display/AMBARI/Quick+Start+for+New+VM+Users . The base box is Centos 7.0

2. I am trying to use File View and I cannot upload a file. I get:

Unauthorized connection for super-user: root from IP 192.168.70.104

3. In Ambari Web. I logged in admin/admin. I have followed the instructions

https://docs.hortonworks.com/HDPDocuments/Ambari-2.1.0.0/bk_ambari_views_guide/content/_configuring_... and created a proxy for admin, I changed the settings to 777. I also added admin as a user of this File View instance.

4. I have the sandbox setup and I can upload files on the sandbox.

5. If I vagrant ssh c7001.ambari.apache.org (node with ambari-server running) I can put a file into the hdfs and it shows up in the file view under /user/admin (The default directory that I set up see (3). )

However, I cannot upload anything from my local filesystem with File View.

6,890 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎06-01-2017 12:49 AM

@John Cleveland

Looks like you have not added the mentioned IP Address properly inside the property: hadoop.proxyuser.root.hosts

If ambari-server daemon is running as root, you set up a proxy user for root in core-site by adding and changing properties in HDFS > Configs > Custom core-site: 
hadoop.proxyuser.root.groups=*
hadoop.proxyuser.root.hosts=*
OR
hadoop.proxyuser.root.hosts=192.168.70.104

Here You can also define a comma separate IP Address list so that File View access will be allowed from the mentioned address to avoid this error:

Unauthorized connection for super-user: root from IP 192.168.70.104

.

View solution in original post

6,039 Views
4 REPLIES 4

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎06-01-2017 12:49 AM

@John Cleveland

Looks like you have not added the mentioned IP Address properly inside the property: hadoop.proxyuser.root.hosts

If ambari-server daemon is running as root, you set up a proxy user for root in core-site by adding and changing properties in HDFS > Configs > Custom core-site: 
hadoop.proxyuser.root.groups=*
hadoop.proxyuser.root.hosts=*
OR
hadoop.proxyuser.root.hosts=192.168.70.104

Here You can also define a comma separate IP Address list so that File View access will be allowed from the mentioned address to avoid this error:

Unauthorized connection for super-user: root from IP 192.168.70.104

.

6,040 Views

avatar
author-rank jcleve72
New Member

Created ‎06-01-2017 02:56 AM

My proxy users for both root and admin are *.

1. What does the * mean?

2. I have noticed that I get 192.168.70.104/5 in the error message ... these are my data nodes. So I will change the * to a comma separated list of the datanodes (for the proxy hosts) and see what happens

thanks

6,039 Views
0 Kudos

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎06-01-2017 03:59 AM

@John Cleveland

Good to know that your issue is resolved.

Few details: 

hadoop.proxyuser.<USER>.hosts

From File View perspective: Here we need to replace the <USER> with the username who is actually running the Ambari Server (Or Standalone Ambari FileView Server) . So if you are running ambari server as "root" user then you will need to set the property for "root" user as "hadoop.proxyuser.root.groups". The Value of this property can be a comma separated list of addresses where you are running the ambari server (OR Standalone View Ambari Server for hosting the View) . Because View Server will actually send requests to Hadoop. So hadoop need to allow access from the host where the FileView is running. Setting * means you can use the FileView (Standalone Ambari View Server) which is installed to any host. (In a kerberized environment we need to replace the <USER> with the ambari server kerberos principal name).

From Generic Hadoop Perspective: In general, By Using proxy user using properties "hadoop.proxyuser.$superuser.hosts" along with either or both of "hadoop.proxyuser.$superuser.groups" and "hadoop.proxyuser.$superuser.users".

By specifying as below in core-site.xml, the superuser named super can connect only from host1 and host2 to impersonate a user belonging to group1 and group2.

Following document explains it with examples: https://hadoop.apache.org/docs/r2.7.3/hadoop-project-dist/hadoop-common/Superusers.html

6,039 Views

avatar
author-rank jcleve72
New Member

Created ‎06-01-2017 03:39 AM

For some reason 

hadoop.proxyuser.root.hosts=c7001.ambari.apache.org??? I changed it to * and I can now upload files.
6,039 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements