Support Questions

Find answers, ask questions, and share your expertise

ERROR hadoop.gateway - Service connectivity error - KNOX

avatar
Super Collaborator

Hi guys,

I have a problem with Knox. I am using HDP 2.3.2 with Ambari 2.1.1. I connected Knox to LDAP/AD successfully. I get 403 Forbidden when I do not grant access via policies in Ranger or 401 Unauthorized when I provid invalid credentials. My user and group search base is specified only to one user and one group because of ldap sizelimit exceeded (I only want to test that it is working). I am pretty sure that it can be a permissions problem. Below I described my error. Please find enclosed full gateway.log. Thank you in advance gateway.txt

When I try to run a command:

curl -iku user:pass -X GET 'https://localhost:8443/gateway/default/webhdfs/v1/?op=LISTSTATUS'

I got an error:

ERROR hadoop.gateway (AbstractGatewayFilter.java:doFilter(66)) - Failed to execute filter: javax.servlet.ServletException: org.apache.shiro.subject.ExecutionException: java.security.PrivilegedActionException: java.io.IOException: Service connectivity error.
2016-06-03 11:33:30,070 ERROR hadoop.gateway (GatewayFilter.java:doFilter(135)) - Gateway processing failed: javax.servlet.ServletException: org.apache.shiro.subject.ExecutionException: java.security.PrivilegedActionException: java.io.IOException: Service connectivity error.
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
1 ACCEPTED SOLUTION

avatar
Super Collaborator

The problem was that I had WEBHDFS in topology in format hdfs:// instead of http://

View solution in original post

2 REPLIES 2

avatar
Super Collaborator

EDIT:

It is worth to notice that I am using https for Ambari, instead of http. When I try to access Hbase I got a WARN that connection is refused, it is trying to connect using http instead of https.

Here is my knox gateway-audit.log

16/06/03
 12:31:29 
||2ebbd434-8238-402e-9979-7e7233669d27|audit|WEBHDFS||||access|uri|/gateway/default/webhdfs/v1/?op=LISTSTATUS|unavailable|


16/06/03 12:31:29 
||2ebbd434-8238-402e-9979-7e7233669d27|audit|WEBHDFS|my_user|||authentication|uri|/gateway/default/webhdfs/v1/?op=LISTSTATUS|success|


16/06/03 12:31:29 
||2ebbd434-8238-402e-9979-7e7233669d27|audit|WEBHDFS|my_user|||authentication|uri|/gateway/default/webhdfs/v1/?op=LISTSTATUS|success|Groups:
 [my_group]


16/06/03 12:31:29 
||2ebbd434-8238-402e-9979-7e7233669d27|audit|WEBHDFS|my_user|||dispatch|uri|hdfs://my_host:50070/webhdfs/v1/?op=LISTSTATUS&user.name=my_user|failure|


16/06/03 12:31:29 
||2ebbd434-8238-402e-9979-7e7233669d27|audit|WEBHDFS|my_user|||dispatch|uri|hdfs://my_host:50070/webhdfs/v1/?op=LISTSTATUS&user.name=my_user|unavailable|


16/06/03 12:31:29 
||2ebbd434-8238-402e-9979-7e7233669d27|audit|WEBHDFS|my_user|||access|uri|/gateway/default/webhdfs/v1/?op=LISTSTATUS|failure|

avatar
Super Collaborator

The problem was that I had WEBHDFS in topology in format hdfs:// instead of http://