question

francis.ofougwuka_151231 avatar image
francis.ofougwuka_151231 asked Erick Ramirez edited

DSE spark client remote connection

Hello,

I have dse tarball downloaded on my laptop. I am trying to make a remote access to dse spark cluster using a ldap authentication but it fails after starting a spark session. But when i tried using the super user it was successful and everything works fine.


I have granted the ldap user the below permissions but it still fails

GRANT ALL PERMISSIONS ON REMOTE OBJECT DseResourceManager TO role_name;
GRANT ALL PERMISSIONS ON REMOTE OBJECT DseClientTool TO role_name;
GRANT ALL PERMISSIONS ON ANY SUBMISSION TO role;
GRANT ALL PERMISSIONS ON ANY WORKPOOL TO role;

NOTE: cqlsh connection using the ldap user works fine


Below is the command line i executed from my laptop

./bin/dse -u ldap_user spark --master dse://node_ip? --num-executors 2 --executor-memory 2GB --total-executor-cores 4

I am seeing the below error in the node system log

NFO  [RemoteMessageServer query worker - 7] 2019-10-10 12:26:04,292  RpcMethod.java:199 - Failed to execute method DseResourceManager.heartbeat
java.lang.reflect.InvocationTargetException: null
        at sun.reflect.GeneratedMethodAccessor105.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at com.datastax.bdp.util.rpc.RpcMethod.execute(RpcMethod.java:162)
        at com.datastax.bdp.router.InternalQueryRouterProtocol$RpcRoutingServerProcessor.process(InternalQueryRouterProtocol.java:84)
        at com.datastax.bdp.router.InternalQueryRouterProtocol$RpcRoutingServerProcessor.process(InternalQueryRouterProtocol.java:76)
        at com.datastax.bdp.node.transport.MessageServer$MessageRequestHandler.lambda$channelRead$0(MessageServer.java:267)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.AccessControlException: Not authorized to perform this action
        at org.apache.spark.deploy.rm.DseResourceManagerRPC.throwSecurityExceptionIfFalse(DseResourceManagerRPC.scala:253)
        at org.apache.spark.deploy.rm.DseResourceManagerRPC.heartbeat(DseResourceManagerRPC.scala:219)
        ... 10 common frames omitted
INFO  [RemoteMessageServer query worker - 7] 2019-10-10 12:26:04,292  RpcExecutionException.java:39 - Failed to execute method DseResourceManager.heartbeat
ERROR [RemoteMessageServer query worker - 7] 2019-10-10 12:26:04,292  MessageServer.java:278 - Failed to process request:
Flags: []
Id: 599475
Type: 4:3
Version: 1
Body: com.datastax.bdp.router.RoutedRpcRequest@7723bc71
com.datastax.bdp.util.rpc.RpcExecutionException: Not authorized to perform this action
        at com.datastax.bdp.util.rpc.RpcExecutionException.create(RpcExecutionException.java:40)
        at com.datastax.bdp.util.rpc.RpcMethod.createRpcExecutionException(RpcMethod.java:200)
        at com.datastax.bdp.util.rpc.RpcMethod.execute(RpcMethod.java:188)
        at com.datastax.bdp.router.InternalQueryRouterProtocol$RpcRoutingServerProcessor.process(InternalQueryRouterProtocol.java:84)
        at com.datastax.bdp.router.InternalQueryRouterProtocol$RpcRoutingServerProcessor.process(InternalQueryRouterProtocol.java:76)
        at com.datastax.bdp.node.transport.MessageServer$MessageRequestHandler.lambda$channelRead$0(MessageServer.java:267)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.AccessControlException: Not authorized to perform this action
        at org.apache.spark.deploy.rm.DseResourceManagerRPC.throwSecurityExceptionIfFalse(DseResourceManagerRPC.scala:253)
        at org.apache.spark.deploy.rm.DseResourceManagerRPC.heartbeat(DseResourceManagerRPC.scala:219)
        at sun.reflect.GeneratedMethodAccessor105.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at com.datastax.bdp.util.rpc.RpcMethod.execute(RpcMethod.java:162)
        ... 6 common frames omitted


Can anyone help me out point out what I am missing.


dseanalytics
10 |1000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered francis.ofougwuka_151231 edited

@francis.ofougwuka_151231 could you try granting permissions for the size estimates and the Spark metastore tables to the role? 

cassandra@cqlsh> GRANT SELECT ON system.size_estimates TO role_name;
cassandra@cqlsh> GRANT SELECT, MODIFY ON "HiveMetaStore".sparkmetastore TO role_name;

For more details, see Setting up DSE Spark application permissions. Cheers!

1 comment Share
10 |1000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

francis.ofougwuka_151231 avatar image francis.ofougwuka_151231 commented ·

I did that already but still doesn't work and getting the same error.

Below is the permissions i have grated the role

0 Likes 0 ·
screen-shot-2019-10-15-at-80528-am.png (172.2 KiB)