Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Ambari LDAP sync-ldap issue with proxy getting 502 Bad Gateway

Labels:
avatar
author-rank nshelke author-rank
Guru

Created ‎08-03-2017 11:35 PM

I am getting below error while doing the initial sync for ambari LDAP

ambari-server sync-ldap --users /home/centos/users.txt
Using python /usr/bin/python Syncing with LDAP...
Enter Ambari Admin login: admin
Enter Ambari Admin password:
Syncing specified users and groups.ERROR:
Exiting with exit code 1.
REASON: Sync event creation failed.
Error details: HTTP Error 502: Bad Gateway

I am using internal proxy server, So I setup some configuration in ambari-env.sh for this,

export AMBARI_JVM_ARGS=$AMBARI_JVM_ARGS' -Xms512m -Xmx2048m -XX:MaxPermSize=128m -Djava.security.auth.login.config=$ROOT/etc/ambari-server/conf/krb5JAASLogin.conf -Djava.security.krb5.conf=/etc/krb5.conf -Djavax.security.auth.useSubjectCredsOnly=false -Dhttp.proxyHost=FQDN -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts="FQDN|localhost|127.0.0.1"'

LDAPsearch command works fine. Same configs I have added it in ambari.properties.

After setting this, still getting 502: Bad Gateway error

2,621 Views
1 ACCEPTED SOLUTION

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎08-04-2017 06:03 AM

@nshelke


When we perform "ambari-server sync-ldap" then ambari actually invokes the following ambari API on "127.0.0.1" address (not on the ambari FQDN)

http://127.0.0.1:8080/api/v1/ldap_sync_events

- Python code snippet from "setupSecurity.py" that is used for ldap sync

  url = get_ambari_server_api_base(properties) + SERVER_API_LDAP_URL
  admin_auth = base64.encodestring('%s:%s' % (admin_login, admin_password)).replace('\n', '')
  request = urllib2.Request(url)
  request.add_header('Authorization', 'Basic %s' % admin_auth)
  request.add_header('X-Requested-By', 'ambari')


Because ambari uses the following python script (not java) to perform the following python script [1], Hence the "-Dhttp.nonProxyHosts" proxy setting will not be used here because that property is Java specific, Python modules will not respect that property.

So you should try setting the proxy settings at the OS level inside the "~/.profile", "~/.bash_profile", ENV level. Like:
http_proxy="http://proxy.com:8080"
no_proxy="127.0.0.1, localhost"

[1] https://github.com/apache/ambari/blob/release-2.5.1/ambari-server/src/main/python/ambari_server/setu...

.

View solution in original post

1,694 Views
1 REPLY 1

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎08-04-2017 06:03 AM

@nshelke


When we perform "ambari-server sync-ldap" then ambari actually invokes the following ambari API on "127.0.0.1" address (not on the ambari FQDN)

http://127.0.0.1:8080/api/v1/ldap_sync_events

- Python code snippet from "setupSecurity.py" that is used for ldap sync

  url = get_ambari_server_api_base(properties) + SERVER_API_LDAP_URL
  admin_auth = base64.encodestring('%s:%s' % (admin_login, admin_password)).replace('\n', '')
  request = urllib2.Request(url)
  request.add_header('Authorization', 'Basic %s' % admin_auth)
  request.add_header('X-Requested-By', 'ambari')


Because ambari uses the following python script (not java) to perform the following python script [1], Hence the "-Dhttp.nonProxyHosts" proxy setting will not be used here because that property is Java specific, Python modules will not respect that property.

So you should try setting the proxy settings at the OS level inside the "~/.profile", "~/.bash_profile", ENV level. Like:
http_proxy="http://proxy.com:8080"
no_proxy="127.0.0.1, localhost"

[1] https://github.com/apache/ambari/blob/release-2.5.1/ambari-server/src/main/python/ambari_server/setu...

.

1,695 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
View More Announcements