Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Authorization for Ambari REST-API does not work when using localhost

Labels:
avatar
author-rank johan_lund
New Contributor

Created ‎03-09-2018 09:16 AM

I am setting up a test cluster and have some issues with the Ambari REST-API. I get a 403 error whenever I use localhost, but it works when I use FQDN.

This works:

curl -u admin:admin -H "X-Requested-by:ambari" -i -k -X GET https://<FQDN>:8443/api/v1/clusters/<CLUSTERNAME>/services/

This does not work:

curl -u admin:admin -H "X-Requested-by:ambari" -i -k -X GET https://127.0.0.1:8443/api/v1/clusters/<CLUSTERNAME>/services/

The latter returns:

HTTP/1.1 403 Forbidden

Cache-Control: no-cache

Pragma: no-cache Content-Type: text/html; charset=utf-8

Proxy-Connection: close Connection: close Content-Length: 606 curl: (56) Received HTTP code 403 from proxy after CONNECT

We have other clusters where the setup looks identical to me and calls using FQDN and localhost works just fine. I can't figure out why it does not work in this case.

I need localhost to work because commands like ambari-server sync-ldap are using the REST-API with localhost behind the scenes. Currently when I run ambari-server sync-ldap --groups=/root/groups.txt I get:

Syncing specified users and groups.ERROR: Exiting with exit code 1. REASON: Sync event creation failed. Error details: <urlopen error Tunnel connection failed: 403 Forbidden>

3,653 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎03-09-2018 09:34 AM

@Johan Lund

Can you pelase add the "-iv" flag to the curl call. I am suspecting that it may be a Proxy issue. So when you use FQDN then your requests might be passing via some proxy server.

# curl -iv -u admin:admin -H "X-Requested-by:ambari" -i -k -X GET https://<FQDN>:8443/api/v1/clusters/<CLUSTERNAME>/services/

AND

# curl -iv -u admin:admin -H "X-Requested-by:ambari" -i -k -X GET https://127.0.0.1:8443/api/v1/clusters/<CLUSTERNAME>/services/

.

Looks like your ambari-server host might be having some http proxy settings which is not allowing the "localhost" request to be passed via proxy which is rejecting the request.

Please see if you have any -Dhttps.proxyHost=proxy_name -Dhttps.proxyPort=xxxx configured on your ambari server host like in "~/.bash_profile", "~/.profile" or Or in "~/.bashrc"
Please check if you have any OS level setting to define proxy host and Non proxy hosts.
like:

export http_proxy
export https_proxy

Or may be at Host environment level or inside some script like /var/lib/ambari-server/ambari-env.sh

https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.1.5/bk_ambari-administration/content/ch_setting...

.

View solution in original post

3,069 Views
3 REPLIES 3

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎03-09-2018 09:34 AM

@Johan Lund

Can you pelase add the "-iv" flag to the curl call. I am suspecting that it may be a Proxy issue. So when you use FQDN then your requests might be passing via some proxy server.

# curl -iv -u admin:admin -H "X-Requested-by:ambari" -i -k -X GET https://<FQDN>:8443/api/v1/clusters/<CLUSTERNAME>/services/

AND

# curl -iv -u admin:admin -H "X-Requested-by:ambari" -i -k -X GET https://127.0.0.1:8443/api/v1/clusters/<CLUSTERNAME>/services/

.

Looks like your ambari-server host might be having some http proxy settings which is not allowing the "localhost" request to be passed via proxy which is rejecting the request.

Please see if you have any -Dhttps.proxyHost=proxy_name -Dhttps.proxyPort=xxxx configured on your ambari server host like in "~/.bash_profile", "~/.profile" or Or in "~/.bashrc"
Please check if you have any OS level setting to define proxy host and Non proxy hosts.
like:

export http_proxy
export https_proxy

Or may be at Host environment level or inside some script like /var/lib/ambari-server/ambari-env.sh

https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.1.5/bk_ambari-administration/content/ch_setting...

.

3,070 Views

avatar
author-rank johan_lund
New Contributor

Created ‎03-09-2018 11:23 AM

Thanks @Jay Kumar SenSharma ! The no_proxy was what was missing, but the curl -iv flag in this answer was what helped me figure out why it worked on one machine but not the other. So I put this as the accepted answer and gave the other one a vote.

3,069 Views
0 Kudos

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎03-09-2018 10:14 AM

@Johan Lund

May be the following link give more idea on how to use "no_proxy" at the OS level inside the "~/.profile", "~/.bash_profile", ENV level. Like: 

no_proxy="127.0.0.1, localhost"

.

https://community.hortonworks.com/questions/120761/ambari-ldap-sync-ldap-issue-with-proxy-getting-50...

3,069 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements