File Spray from Thor to Roxie - Access Denied
Mon May 24, 2021 6:16 pm 
Hi Guys,
I'm installing a roxie cluster into Azure (installation using VMs) and I'm running a Thor cluster where I built the necessary keys to my queries. I want to be able to have several Thor clusters where I can copy files to this Roxie running in Azure. However, when I try to perform a remote copy, I'm facing an error, saying that my ESP Server (client) doesn't have permission to copy from Thor's dali server (attached the error into this post).
Probably I'm missing a very small detail for this problem, however, I've tried several solutions and didn't work. What I've tried:
- Added the thor node into hardware list of my roxie cluster
- Added authentication (same user) in thor and roxie ECLWatch/ESP
- Disabled UDP Multicast (Azure doesn't support Multicast - I though this could be impacting the communication between nodes, but It was a shot in the dark).
Thanks for your help,
Artur Baruchi
I'm installing a roxie cluster into Azure (installation using VMs) and I'm running a Thor cluster where I built the necessary keys to my queries. I want to be able to have several Thor clusters where I can copy files to this Roxie running in Azure. However, when I try to perform a remote copy, I'm facing an error, saying that my ESP Server (client) doesn't have permission to copy from Thor's dali server (attached the error into this post).
Probably I'm missing a very small detail for this problem, however, I've tried several solutions and didn't work. What I've tried:
- Added the thor node into hardware list of my roxie cluster
- Added authentication (same user) in thor and roxie ECLWatch/ESP
- Disabled UDP Multicast (Azure doesn't support Multicast - I though this could be impacting the communication between nodes, but It was a shot in the dark).
Thanks for your help,
Artur Baruchi
- Attachments
-
file_spray_error.png- (5.13 KiB) Not downloaded yet
- abaruchi
- Posts: 19
- Joined: Thu Apr 18, 2019 4:50 pm
Wed May 26, 2021 8:25 am
In recent versions of HPCC access to dali is protected with a whitelist. You will need to add an exception for the azure cluster to the whitelist.
See https://track.hpccsystems.com/browse/HPCC-22355 and linked issues for more details.
In future versions (probably 8.4) the need to directly connect to dali will be removed and the remote copying will be routed through esp.
See https://track.hpccsystems.com/browse/HPCC-22355 and linked issues for more details.
In future versions (probably 8.4) the need to directly connect to dali will be removed and the remote copying will be routed through esp.
- ghalliday
- Community Advisory Board Member
- Posts: 199
- Joined: Wed May 18, 2011 9:48 am
Wed May 26, 2021 8:31 am
Hi,
this is being caused by Dali's AllowList mechanism, which prevents unknown/unauthorized clients from accessing Dali meta data (this feature was added in version 7.4).
By default only clients within the same environment are permitted (they are implicitly added to the AllowList).
However you can add other clients to the AllowList, or disable the feature.
To disable the feature, you would need to add:
as a property under DaliServerProcess in the environment.xml
There is more info in the HPCC Systems® Administrator's Guide, under the section 'The AllowList in Dali'.
Hope that helps.
this is being caused by Dali's AllowList mechanism, which prevents unknown/unauthorized clients from accessing Dali meta data (this feature was added in version 7.4).
By default only clients within the same environment are permitted (they are implicitly added to the AllowList).
However you can add other clients to the AllowList, or disable the feature.
To disable the feature, you would need to add:
<AllowList enabled="false"/>
as a property under DaliServerProcess in the environment.xml
There is more info in the HPCC Systems® Administrator's Guide, under the section 'The AllowList in Dali'.
Hope that helps.
- jsmith
- Community Advisory Board Member
- Posts: 82
- Joined: Tue Jul 19, 2011 12:58 pm
Thu May 27, 2021 1:53 pm
Hi,
Thanks for your replies. Looks like, after adding the ESP server in White List, the error disappeared. I still not able to copy the index, but I think it is a different error now. I'm investigating the problem right now, however, I really appreciate your help.
Regards,
Artur
Thanks for your replies. Looks like, after adding the ESP server in White List, the error disappeared. I still not able to copy the index, but I think it is a different error now. I'm investigating the problem right now, however, I really appreciate your help.
Regards,
Artur
- abaruchi
- Posts: 19
- Joined: Thu Apr 18, 2019 4:50 pm
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 1 guest