Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Sentry Issue with Solr accessing

SOLVED Go to solution

Sentry Issue with Solr accessing

Explorer

 

Hello !

 

I have setup Solr in my cloudera quickstart vm. Also, I kerborized it and enabled sentry. I created some collections and able to do MapReduce task to index files into those collections. However, while I am trying to access later using solr admin ui, I am getting this below error. It seems, i need to add "cloudera" user to the admin group via sentry. Please help in this issue.

 

Error log as below:

 

2017-06-05 04:53:20,708 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={indexInfo=false&_=1496663600675&wt=json} status=401 QTime=30 
2017-06-05 04:53:26,720 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=46 
2017-06-05 04:54:26,658 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=46 
2017-06-05 04:55:26,618 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=55 
2017-06-05 04:56:26,602 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=52 
2017-06-05 04:57:26,709 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=63 
2017-06-05 04:58:27,358 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=70 
2017-06-05 04:59:27,281 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=47 
2017-06-05 05:00:27,259 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=46 
2017-06-05 05:01:27,288 INFO org.apache.solr.servlet.SolrDispatchFilter: [admin] webapp=null path=/admin/cores params={action=STATUS&wt=json} status=0 QTime=57 
2017-06-05 05:02:26,889 ERROR org.apache.solr.core.SolrCore: org.apache.solr.common.SolrException: org.apache.sentry.binding.solr.authz.SentrySolrAuthorizationException: User cloudera does not have privileges for admin
	at org.apache.solr.sentry.SentryIndexAuthorizationSingleton.authorizeCollectionAction(SentryIndexAuthorizationSingleton.java:185)
	at org.apache.solr.sentry.SentryIndexAuthorizationSingleton.authorizeCollectionAdminAction(SentryIndexAuthorizationSingleton.java:105)
	at org.apache.solr.handler.SecureRequestHandlerUtil.checkSentryAdminCollection(SecureRequestHandlerUtil.java:79)
	at org.apache.solr.handler.SecureRequestHandlerUtil.checkSentryAdminCollection(SecureRequestHandlerUtil.java:48)
	at org.apache.solr.handler.admin.SecureCoreAdminHandler.handleRequestBody(SecureCoreAdminHandler.java:136)
	at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:135)
	at org.apache.solr.servlet.SolrDispatchFilter.handleAdminRequest(SolrDispatchFilter.java:871)
	at org.apache.solr.servlet.SolrDispatchFilter.httpSolrCall(SolrDispatchFilter.java:314)
	at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:260)
	at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:255)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.solr.servlet.SolrHadoopAuthenticationFilter$2.doFilter(SolrHadoopAuthenticationFilter.java:408)
	at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:622)
	at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.doFilter(DelegationTokenAuthenticationFilter.java:301)
	at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:574)
	at org.apache.solr.servlet.SolrHadoopAuthenticationFilter.doFilter(SolrHadoopAuthenticationFilter.java:413)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:612)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:503)
	at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.sentry.binding.solr.authz.SentrySolrAuthorizationException: User cloudera does not have privileges for admin
	at org.apache.sentry.binding.solr.authz.SolrAuthzBinding.authorizeCollection(SolrAuthzBinding.java:182)
	at org.apache.solr.sentry.SentryIndexAuthorizationSingleton.authorizeCollectionAction(SentryIndexAuthorizationSingleton.java:180)
	... 28 more

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Sentry Issue with Solr accessing

Explorer

I am making a mistake while defining "sentry-provider.ini"

 

correct one should be as below:

 


[groups]
cloudera = admin_role
[roles]
admin_role = collection = *->action=*

 

This is solved !

2 REPLIES 2

Re: Sentry Issue with Solr accessing

Explorer

I am making a mistake while defining "sentry-provider.ini"

 

correct one should be as below:

 


[groups]
cloudera = admin_role
[roles]
admin_role = collection = *->action=*

 

This is solved !

Highlighted

Re: Sentry Issue with Solr accessing

Contributor

Yes, thats correct. You can get more details here

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/search_sentry.html

 

Also, Now sentry as a service is also provided for solr you can use that too and use solr sentry tool commands