Cloudera Community
SaiEdara
user rank
Cloudera Employee

LogSearch - Roles allowed property

by Cloudera Employee in Community Articles
‎01-05-2017 02:41 PM
‎01-05-2017 02:41 PM
After defining cluster roles for the users and groups, LogSearch UI is not accessible with login failure message for individual users and groups. Below was the error in logs - logsearch-audit.json {"level":"WARN","file":"LogsearchAuthenticationProvider.java","thread_name":"qtp1464642111-13","line_number":124,"log_message":"{\"principal\":\"sysair\",\"result\":\"denied\",\"reason\":\"Wrong password\",\"remote_ip\":\"192.168.0.201\",\"session\":\"1a52ertsmv7l31qpo3gl3hdsyt\",\"auth_class\":\"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\",\"user\":\"sysair\"}","logger_name":"org.apache.ambari.logsearch.audit","logtime":"1483536859578"} logsearch.json {"level":"INFO","file":"LogsearchAuthenticationProvider.java","thread_name":"qtp1464642111-14","line_number":66,"log_message":"Authenticating user:sysair, userDetail\u003dorg.springframework.security.authentication.UsernamePasswordAuthenticationToken@b48163fb: Principal: sysair; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 192.168.0.201; SessionId: b5kjfqmlkindi15hrchp9v9r; Not granted any authorities","logger_name":"org.apache.ambari.logsearch.web.security.LogsearchAuthenticationProvider","logtime":"1483536571357"} {"level":"INFO","file":"LogsearchAuthenticationProvider.java","thread_name":"qtp1464642111-14","line_number":74,"log_message":"authentication.class\u003dorg.springframework.security.authentication.UsernamePasswordAuthenticationToken","logger_name":"org.apache.ambari.logsearch.web.security.LogsearchAuthenticationProvider","logtime":"1483536571357"} {"level":"ERROR","file":"LogsearchFileAuthenticationProvider.java","thread_name":"qtp1464642111-14","line_number":81,"log_message":"Wrong password for user\u003dsysair","logger_name":"org.apache.ambari.logsearch.web.security.LogsearchFileAuthenticationProvider","logtime":"1483536571357"} By default AMBARI.ADMINISTRATOR (logsearch.roles.allowed) role is used for LogSearch users (with external ambari server authentication). Workaround - Add following attribute and comma separated values in logsearch configuration under custom logsearch.properties Attribute: logsearch.roles.allowed Possible Values: CLUSTER.ADMINISTRATOR, CLUSTER.OPERATOR, SERVICE.ADMINISTRATOR, SERVICE.OPERATOR, CLUSTER.USER ... View more
Labels:

Re: Google Storage and Kerberos integration

by Cloudera Employee in Support Questions
‎04-21-2016 01:37 PM
‎04-21-2016 01:37 PM
I concur with Sean. As long as any user, who have access to the cluster and the google personal key, they can explore GHFS bucket. I would say, google has to enhance the connector, by allowing intervention of kerberos prior to validation of the personal key. ... View more

Re: DataNode Block Report

by Cloudera Employee in Support Questions
‎01-12-2016 12:39 PM
‎01-12-2016 12:39 PM
I mean the communication sequence between namenode and datanode and information that is exchanged between them. ... View more

DataNode Block Report

by Cloudera Employee in Support Questions
‎01-10-2016 07:48 PM
‎01-10-2016 07:48 PM
What is the control flow for data node block reporting to the name node? ... View more
Contact Me
Online
Offline
Last Visited
‎12-05-2022 03:33 PM
Community Statistics
Member Since ‎07-30-2019 10:17 AM
Last Visited ‎12-05-2022 03:33 PM
Posts 7
Kudos received 2