Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Unauthorized connection for super-user: root from IP 192.168.70.104 How to resolve???

Labels:
avatar
author-rank jcleve72
Explorer

Created ‎05-31-2017 11:36 PM

1. I am using HDP 2.6 and ambari 2.5. on a 5 node cluster. The cluster was setup with vagrant following these instructions

https://cwiki.apache.org/confluence/display/AMBARI/Quick+Start+for+New+VM+Users . The base box is Centos 7.0

2. I am trying to use File View and I cannot upload a file. I get:

Unauthorized connection for super-user: root from IP 192.168.70.104

3. In Ambari Web. I logged in admin/admin. I have followed the instructions

https://docs.hortonworks.com/HDPDocuments/Ambari-2.1.0.0/bk_ambari_views_guide/content/_configuring_... and created a proxy for admin, I changed the settings to 777. I also added admin as a user of this File View instance.

4. I have the sandbox setup and I can upload files on the sandbox.

5. If I vagrant ssh c7001.ambari.apache.org (node with ambari-server running) I can put a file into the hdfs and it shows up in the file view under /user/admin (The default directory that I set up see (3). )

However, I cannot upload anything from my local filesystem with File View.

4,932 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎06-01-2017 12:49 AM

@John Cleveland

Looks like you have not added the mentioned IP Address properly inside the property: hadoop.proxyuser.root.hosts

If ambari-server daemon is running as root, you set up a proxy user for root in core-site by adding and changing properties in HDFS > Configs > Custom core-site: 
hadoop.proxyuser.root.groups=*
hadoop.proxyuser.root.hosts=*
OR
hadoop.proxyuser.root.hosts=192.168.70.104

Here You can also define a comma separate IP Address list so that File View access will be allowed from the mentioned address to avoid this error:

Unauthorized connection for super-user: root from IP 192.168.70.104

.

View solution in original post

4,081 Views
4 REPLIES 4

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎06-01-2017 12:49 AM

@John Cleveland

Looks like you have not added the mentioned IP Address properly inside the property: hadoop.proxyuser.root.hosts

If ambari-server daemon is running as root, you set up a proxy user for root in core-site by adding and changing properties in HDFS > Configs > Custom core-site: 
hadoop.proxyuser.root.groups=*
hadoop.proxyuser.root.hosts=*
OR
hadoop.proxyuser.root.hosts=192.168.70.104

Here You can also define a comma separate IP Address list so that File View access will be allowed from the mentioned address to avoid this error:

Unauthorized connection for super-user: root from IP 192.168.70.104

.

4,082 Views

avatar
author-rank jcleve72
Explorer

Created ‎06-01-2017 02:56 AM

My proxy users for both root and admin are *.

1. What does the * mean?

2. I have noticed that I get 192.168.70.104/5 in the error message ... these are my data nodes. So I will change the * to a comma separated list of the datanodes (for the proxy hosts) and see what happens

thanks

4,081 Views
0 Kudos

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎06-01-2017 03:59 AM

@John Cleveland

Good to know that your issue is resolved.

Few details: 

hadoop.proxyuser.<USER>.hosts

From File View perspective: Here we need to replace the <USER> with the username who is actually running the Ambari Server (Or Standalone Ambari FileView Server) . So if you are running ambari server as "root" user then you will need to set the property for "root" user as "hadoop.proxyuser.root.groups". The Value of this property can be a comma separated list of addresses where you are running the ambari server (OR Standalone View Ambari Server for hosting the View) . Because View Server will actually send requests to Hadoop. So hadoop need to allow access from the host where the FileView is running. Setting * means you can use the FileView (Standalone Ambari View Server) which is installed to any host. (In a kerberized environment we need to replace the <USER> with the ambari server kerberos principal name).

From Generic Hadoop Perspective: In general, By Using proxy user using properties "hadoop.proxyuser.$superuser.hosts" along with either or both of "hadoop.proxyuser.$superuser.groups" and "hadoop.proxyuser.$superuser.users".

By specifying as below in core-site.xml, the superuser named super can connect only from host1 and host2 to impersonate a user belonging to group1 and group2.

Following document explains it with examples: https://hadoop.apache.org/docs/r2.7.3/hadoop-project-dist/hadoop-common/Superusers.html

4,081 Views

avatar
author-rank jcleve72
Explorer

Created ‎06-01-2017 03:39 AM

For some reason 

hadoop.proxyuser.root.hosts=c7001.ambari.apache.org??? I changed it to * and I can now upload files.
4,081 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements