Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ambari LDAP sync-ldap issue with proxy getting 502 Bad Gateway

Solved Go to solution
Highlighted

Ambari LDAP sync-ldap issue with proxy getting 502 Bad Gateway

I am getting below error while doing the initial sync for ambari LDAP

ambari-server sync-ldap --users /home/centos/users.txt
Using python /usr/bin/python Syncing with LDAP...
Enter Ambari Admin login: admin
Enter Ambari Admin password:
Syncing specified users and groups.ERROR:
Exiting with exit code 1.
REASON: Sync event creation failed.
Error details: HTTP Error 502: Bad Gateway 

I am using internal proxy server, So I setup some configuration in ambari-env.sh for this,

export AMBARI_JVM_ARGS=$AMBARI_JVM_ARGS' -Xms512m -Xmx2048m -XX:MaxPermSize=128m -Djava.security.auth.login.config=$ROOT/etc/ambari-server/conf/krb5JAASLogin.conf -Djava.security.krb5.conf=/etc/krb5.conf -Djavax.security.auth.useSubjectCredsOnly=false -Dhttp.proxyHost=FQDN -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts="FQDN|localhost|127.0.0.1"'

LDAPsearch command works fine. Same configs I have added it in ambari.properties.

After setting this, still getting 502: Bad Gateway error

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Ambari LDAP sync-ldap issue with proxy getting 502 Bad Gateway

Super Mentor

@nshelke


When we perform "ambari-server sync-ldap" then ambari actually invokes the following ambari API on "127.0.0.1" address (not on the ambari FQDN)

http://127.0.0.1:8080/api/v1/ldap_sync_events

- Python code snippet from "setupSecurity.py" that is used for ldap sync

  url = get_ambari_server_api_base(properties) + SERVER_API_LDAP_URL
  admin_auth = base64.encodestring('%s:%s' % (admin_login, admin_password)).replace('\n', '')
  request = urllib2.Request(url)
  request.add_header('Authorization', 'Basic %s' % admin_auth)
  request.add_header('X-Requested-By', 'ambari')


Because ambari uses the following python script (not java) to perform the following python script [1], Hence the "-Dhttp.nonProxyHosts" proxy setting will not be used here because that property is Java specific, Python modules will not respect that property.

So you should try setting the proxy settings at the OS level inside the "~/.profile", "~/.bash_profile", ENV level. Like:
http_proxy="http://proxy.com:8080"
no_proxy="127.0.0.1, localhost"

[1] https://github.com/apache/ambari/blob/release-2.5.1/ambari-server/src/main/python/ambari_server/setu...

.

1 REPLY 1

Re: Ambari LDAP sync-ldap issue with proxy getting 502 Bad Gateway

Super Mentor

@nshelke


When we perform "ambari-server sync-ldap" then ambari actually invokes the following ambari API on "127.0.0.1" address (not on the ambari FQDN)

http://127.0.0.1:8080/api/v1/ldap_sync_events

- Python code snippet from "setupSecurity.py" that is used for ldap sync

  url = get_ambari_server_api_base(properties) + SERVER_API_LDAP_URL
  admin_auth = base64.encodestring('%s:%s' % (admin_login, admin_password)).replace('\n', '')
  request = urllib2.Request(url)
  request.add_header('Authorization', 'Basic %s' % admin_auth)
  request.add_header('X-Requested-By', 'ambari')


Because ambari uses the following python script (not java) to perform the following python script [1], Hence the "-Dhttp.nonProxyHosts" proxy setting will not be used here because that property is Java specific, Python modules will not respect that property.

So you should try setting the proxy settings at the OS level inside the "~/.profile", "~/.bash_profile", ENV level. Like:
http_proxy="http://proxy.com:8080"
no_proxy="127.0.0.1, localhost"

[1] https://github.com/apache/ambari/blob/release-2.5.1/ambari-server/src/main/python/ambari_server/setu...

.