Support Questions

Find answers, ask questions, and share your expertise

Unauthorized connection for super-user

avatar
Rising Star

Hi,

I want to run start a coordinator job, but I received the following error:

Error: E0501 : E0501: Could not perform authorization operation, Unauthorized connection for super-user: oozie from IP X.X.X.X

then, i added the properties in core-site.xml file, and restart the cluster, but didn't accomplish anything.

<property
    <name>hadoop.proxyuser.oozie.hosts</name>                                  
    <value>*</value>
</property>
<property>
    <name>hadoop.proxyuser.oozie.groups</name>
    <value>*</value>
</property>

How can i solve it ?

1 ACCEPTED SOLUTION

avatar

@Hefei Li

The root cause of this issue is that the user you are using to run the workflow does not have permission to read the workflow.xml. Change the permissions on workflow.xml to 777 or 755 and try again.

Here is the method that is generating this error.

View solution in original post

9 REPLIES 9

avatar
Master Mentor

@Hefei Li

it has nothing to do with the proxyuser as you'd realized from your exercise, check the permissions in Oozie for the user you're executing the workflow with.

avatar

@Hefei Li

The root cause of this issue is that the user you are using to run the workflow does not have permission to read the workflow.xml. Change the permissions on workflow.xml to 777 or 755 and try again.

Here is the method that is generating this error.

avatar

Also make sure that the directories (absolute path) that contains the workflow.xml also has at least 755, so that the user is able to get to the file and then read it.

avatar
Contributor

@bsaini : I am trying out this tutorial mirroring-datasets-between-hadoop-clusters-with-apache-falcon You said that the path workflow.xml should have at least 755.I made these changes at 2 locations 1) /apps/data-mirroring/*.xml 2) /apps/falcon/backupCluster/staging/falcon/workflows/process/MirrorTest/cf29a6898f4d78c4515a7d0b22f51b6e_1454333601227/DEFAULT/ Now when I am running the Mirror Test, I am getting the following exception : Caused by: org.apache.hadoop.security.AccessControlException: Permission denied. user=ambari-qa is not the owner of inode=MirrorTest .What is going wrong ??

avatar
Master Mentor

@Akshay Shingote chown on the MirrorTest directory and make sure ambari-qa is owner.

avatar
Contributor

@bsaini @Artem Ervits : After making changes in core-site.xml Whenever I follow the steps,I see this exception occurs:Unauthorized connection for super-user: oozie from IP X.X.X.X & when I change its ownership to any other user then org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException): Permission denied. user=ambari-qa is not the owner of inode=MirrorTest occurs..After that if I change its ownership to "ambari-qa",then I again get Unauthorized connection for super-user: oozie from IP X.X.X.X.. Is there anything or a location I am missing some where wrong ?

avatar
@Hefei Li

Do you have knox or Ranger in your environwment?

avatar
Explorer

After the HDP installation 2.4, I had issue with similar error as

Unauthorized connection for super-user: oozie from IP..

As suggested above i made changes on proxyuser.oozie.hosts & group to *.

Additionally I had to copy shared library file to HDFS.

cd /tmp

tar xvf <HDP_install_dir>/oozie/oozie-sharelib.tar.gz

sudo -u oozie hadoop fs -put share /user/oozie/share

Now you can start Oozie from Ambari.

=========================

Another trouble shooting check is to find whether the DB is perfectly configured as per DB name,user & password specified in /etc/oozie/conf/oozie-site.xml

sudo -u oozie /usr/lib/oozie/bin/ooziedb.sh create -run

If it is perfectly configured it states that DB is configured.

In my installation I had to grant DB privileges to oozie user..

avatar
New Contributor

Thanks - this problem was driving me nuts