Created on 06-05-2017 05:10 AM - edited 09-16-2022 04:42 AM
Hello !
I have setup Solr in my cloudera quickstart vm. Also, I kerborized it and enabled sentry. I created some collections and able to do MapReduce task to index files into those collections. However, while I am trying to access later using solr admin ui, I am getting this below error. It seems, i need to add "cloudera" user to the admin group via sentry. Please help in this issue.
Error log as below:
2017-06-05 04:53:20,708 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={indexInfo=false&_=1496663600675&wt=json} status=401 QTime=30 2017-06-05 04:53:26,720 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=46 2017-06-05 04:54:26,658 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=46 2017-06-05 04:55:26,618 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=55 2017-06-05 04:56:26,602 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=52 2017-06-05 04:57:26,709 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=63 2017-06-05 04:58:27,358 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=70 2017-06-05 04:59:27,281 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=47 2017-06-05 05:00:27,259 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=46 2017-06-05 05:01:27,288 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=57 2017-06-05 05:02:26,889 ERROR org.apache.solr.core.SolrCore: org.apache.solr.common.SolrException: org.apache.sentry.binding.solr.authz.SentrySolrAuthorizationException: User cloudera does not have privileges for admin at org.apache.solr.sentry.SentryIndexAuthorizationSingleton.authorizeCollectionAction(SentryIndexAuthorizationSingleton.java:185) at org.apache.solr.sentry.SentryIndexAuthorizationSingleton.authorizeCollectionAdminAction(SentryIndexAuthorizationSingleton.java:105) at org.apache.solr.handler.SecureRequestHandlerUtil.checkSentryAdminCollection(SecureRequestHandlerUtil.java:79) at org.apache.solr.handler.SecureRequestHandlerUtil.checkSentryAdminCollection(SecureRequestHandlerUtil.java:48) at org.apache.solr.handler.admin.SecureCoreAdminHandler.handleRequestBody(SecureCoreAdminHandler.java:136) at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:135) at org.apache.solr.servlet.SolrDispatchFilter.handleAdminRequest(SolrDispatchFilter.java:871) at org.apache.solr.servlet.SolrDispatchFilter.httpSolrCall(SolrDispatchFilter.java:314) at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:260) at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:255) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.solr.servlet.SolrHadoopAuthenticationFilter$2.doFilter(SolrHadoopAuthenticationFilter.java:408) at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:622) at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.doFilter(DelegationTokenAuthenticationFilter.java:301) at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:574) at org.apache.solr.servlet.SolrHadoopAuthenticationFilter.doFilter(SolrHadoopAuthenticationFilter.java:413) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:612) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:503) at java.lang.Thread.run(Thread.java:745) Caused by: org.apache.sentry.binding.solr.authz.SentrySolrAuthorizationException: User cloudera does not have privileges for admin at org.apache.sentry.binding.solr.authz.SolrAuthzBinding.authorizeCollection(SolrAuthzBinding.java:182) at org.apache.solr.sentry.SentryIndexAuthorizationSingleton.authorizeCollectionAction(SentryIndexAuthorizationSingleton.java:180) ... 28 more
Thanks
Created 06-09-2017 03:39 AM
I am making a mistake while defining "sentry-provider.ini"
correct one should be as below:
[groups]
cloudera = admin_role
[roles]
admin_role = collection = *->action=*
This is solved !
Created 06-09-2017 03:39 AM
I am making a mistake while defining "sentry-provider.ini"
correct one should be as below:
[groups]
cloudera = admin_role
[roles]
admin_role = collection = *->action=*
This is solved !
Created 08-01-2017 11:41 AM
Yes, thats correct. You can get more details here
https://www.cloudera.com/documentation/enterprise/5-9-x/topics/search_sentry.html
Also, Now sentry as a service is also provided for solr you can use that too and use solr sentry tool commands