Support Questions

Find answers, ask questions, and share your expertise

Authorization for Ambari REST-API does not work when using localhost

avatar
New Contributor

I am setting up a test cluster and have some issues with the Ambari REST-API. I get a 403 error whenever I use localhost, but it works when I use FQDN.

This works:

curl -u admin:admin -H "X-Requested-by:ambari" -i -k -X GET https://<FQDN>:8443/api/v1/clusters/<CLUSTERNAME>/services/

This does not work:

curl -u admin:admin -H "X-Requested-by:ambari" -i -k -X GET https://127.0.0.1:8443/api/v1/clusters/<CLUSTERNAME>/services/

The latter returns:

HTTP/1.1 403 Forbidden

Cache-Control: no-cache

Pragma: no-cache Content-Type: text/html; charset=utf-8

Proxy-Connection: close Connection: close Content-Length: 606 curl: (56) Received HTTP code 403 from proxy after CONNECT

We have other clusters where the setup looks identical to me and calls using FQDN and localhost works just fine. I can't figure out why it does not work in this case.

I need localhost to work because commands like ambari-server sync-ldap are using the REST-API with localhost behind the scenes. Currently when I run ambari-server sync-ldap --groups=/root/groups.txt I get:

Syncing specified users and groups.ERROR: Exiting with exit code 1. REASON: Sync event creation failed. Error details: <urlopen error Tunnel connection failed: 403 Forbidden>

1 ACCEPTED SOLUTION

avatar
Master Mentor

@Johan Lund

Can you pelase add the "-iv" flag to the curl call. I am suspecting that it may be a Proxy issue. So when you use FQDN then your requests might be passing via some proxy server.

# curl -iv -u admin:admin -H "X-Requested-by:ambari" -i -k -X GET https://<FQDN>:8443/api/v1/clusters/<CLUSTERNAME>/services/

AND

# curl -iv -u admin:admin -H "X-Requested-by:ambari" -i -k -X GET https://127.0.0.1:8443/api/v1/clusters/<CLUSTERNAME>/services/

.

Looks like your ambari-server host might be having some http proxy settings which is not allowing the "localhost" request to be passed via proxy which is rejecting the request.

Please see if you have any -Dhttps.proxyHost=proxy_name -Dhttps.proxyPort=xxxx configured on your ambari server host like in "~/.bash_profile", "~/.profile" or Or in "~/.bashrc"
Please check if you have any OS level setting to define proxy host and Non proxy hosts.
like:

export http_proxy
export https_proxy

Or may be at Host environment level or inside some script like /var/lib/ambari-server/ambari-env.sh

https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.1.5/bk_ambari-administration/content/ch_setting...

.

View solution in original post

3 REPLIES 3

avatar
Master Mentor

@Johan Lund

Can you pelase add the "-iv" flag to the curl call. I am suspecting that it may be a Proxy issue. So when you use FQDN then your requests might be passing via some proxy server.

# curl -iv -u admin:admin -H "X-Requested-by:ambari" -i -k -X GET https://<FQDN>:8443/api/v1/clusters/<CLUSTERNAME>/services/

AND

# curl -iv -u admin:admin -H "X-Requested-by:ambari" -i -k -X GET https://127.0.0.1:8443/api/v1/clusters/<CLUSTERNAME>/services/

.

Looks like your ambari-server host might be having some http proxy settings which is not allowing the "localhost" request to be passed via proxy which is rejecting the request.

Please see if you have any -Dhttps.proxyHost=proxy_name -Dhttps.proxyPort=xxxx configured on your ambari server host like in "~/.bash_profile", "~/.profile" or Or in "~/.bashrc"
Please check if you have any OS level setting to define proxy host and Non proxy hosts.
like:

export http_proxy
export https_proxy

Or may be at Host environment level or inside some script like /var/lib/ambari-server/ambari-env.sh

https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.1.5/bk_ambari-administration/content/ch_setting...

.

avatar
New Contributor

Thanks @Jay Kumar SenSharma ! The no_proxy was what was missing, but the curl -iv flag in this answer was what helped me figure out why it worked on one machine but not the other. So I put this as the accepted answer and gave the other one a vote.

avatar
Master Mentor

@Johan Lund

May be the following link give more idea on how to use "no_proxy" at the OS level inside the "~/.profile", "~/.bash_profile", ENV level. Like:

no_proxy="127.0.0.1, localhost"

.

https://community.hortonworks.com/questions/120761/ambari-ldap-sync-ldap-issue-with-proxy-getting-50...