Created on 09-26-2016 04:48 AM - edited 09-26-2016 07:51 AM
Hi,
I am using Solr with Sentry service.
Both Service are up and running properly but when I run below command, I get NullPointer Error
solrctl sentry --list-roles
ERROR tools.SentryShellSolr: Config key sentry.service.client.server.rpc-address is required java.lang.NullPointerException: Config key sentry.service.client.server.rpc-address is required at com.google.common.base.Preconditions.checkNotNull(Preconditions.java:208) at org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientDefaultImpl.<init>(SentryGenericServiceClientDefaultImpl.java:123) at org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory.create(SentryGenericServiceClientFactory.java:31) at org.apache.sentry.provider.db.generic.tools.SentryShellSolr.run(SentryShellSolr.java:50) at org.apache.sentry.provider.db.tools.SentryShellCommon.executeShell(SentryShellCommon.java:241) at org.apache.sentry.provider.db.generic.tools.SentryShellSolr.main(SentryShellSolr.java:95) The operation failed. Message: Config key sentry.service.client.server.rpc-address is require
Any help/hint is appreciable. Thanks!
EDIT : 1
Following is the message I get when I try to add priviledges using Hue.
{ "message": "{\"responseHeader\":{\"status\":401,\"QTime\":26},\"error\":{\"metadata\":[\"error-class\",\"org.apache.solr.common.SolrException\",\"root-error-class\",\"org.apache.sentry.binding.solr.authz.SentrySolrAuthorizationException\"],\"msg\":\"org.apache.sentry.binding.solr.authz.SentrySolrAuthorizationException: User admin does not have privileges for admin\",\"code\":401}}\n (error 401)", "traceback": [ [ "/opt/cloudera/parcels/CDH-5.8.0-1.cdh5.8.0.p0.42/lib/hue/desktop/libs/libsolr/src/libsolr/api.py", 481, "configs", "return self._root.get('admin/configs', params=params)['configSets']" ], [ "/opt/cloudera/parcels/CDH-5.8.0-1.cdh5.8.0.p0.42/lib/hue/desktop/core/src/desktop/lib/rest/resource.py", 98, "get", "return self.invoke(\"GET\", relpath, params, headers=headers, allow_redirects=True)" ], [ "/opt/cloudera/parcels/CDH-5.8.0-1.cdh5.8.0.p0.42/lib/hue/desktop/core/src/desktop/lib/rest/resource.py", 79, "invoke", "urlencode=self._urlencode)" ], [ "/opt/cloudera/parcels/CDH-5.8.0-1.cdh5.8.0.p0.42/lib/hue/desktop/core/src/desktop/lib/rest/http_client.py", 163, "execute", "raise self._exc_class(ex)" ] ], "detail": null, "title": "Error while accessing Solr" }
Created 10-08-2016 04:20 AM
Hi,
Can you please confirm what version of CDH are you using? Solr with Sentry is only supported in CDH5.8.x.
Thanks
Created 10-20-2016 02:30 AM
Created on 10-21-2016 06:04 AM - edited 10-21-2016 08:07 AM
I'm getting the same behaviour with CDH 5.8.0. The only way that I've found to get past the SentryShellSolr NullPointerException is to run the command on the machine that Sentry is running on. Only those machines get the sentry-site.xml deployed to them with the required key/value pair in it.
Unfortunately, after resolving that then I instead get:
WARN security.UserGroupInformation: PriviledgedActionException as:<user-account> (auth:KERBEROS) cause:org.apache.thrift.transport.TTransportException: Peer indicated failure: Problem with callback handler
Based on this post then this is actually a security issue and <user-account> isn't listed in the "sentry.service.allow.connect" setting.
Once I used the correct server and an account that was listed in sentry.service.allow.connect then "solrctl sentry ..." commands run successfully.
The only down-side now is that Solr/Sentry appears to be ignoring Linux groups as a way of identifying which role a user has, despite it working when I used a flat file and despite Solr's "sentry.provider" value being set to org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider.
Created 01-13-2017 04:12 AM
Hi, I'm going through the same problem up to where roles-to-group mapping are not being associated correctly, have anyone reported this already or found a workaround?
Created 01-13-2017 05:46 AM
It has been a while since I looked at this, but I think it ended up reading from Hue groups when using the Hue interface (particularly when you used PAM as the Hue authenticator rather than LDAP, Kerberos or similar). I can't be sure, though. I didn't report this as an issue, but I believe it is working in our development system (rather than my ad-hoc initial testing cluster of three VMs and a rough LDAP/Kerberos system).
Created 01-20-2017 05:21 AM
Solved. FYI, in my case (even though I still dont understand the reason) I had to drop the external table I was using to create my new table, and recreate it, that way I stopped getting the 4k limititation error. So, updating serde_params and columns_v2 was enough, I went with mediumtext.