Wed Dec 01, 2021 4:45 pm
Login Register Lost Password? Contact Us


File Spray from Thor to Roxie - Access Denied

Post questions specific to installation or configuration for the HPCC Systems platform

Mon May 24, 2021 6:16 pm Change Time Zone

Hi Guys,

I'm installing a roxie cluster into Azure (installation using VMs) and I'm running a Thor cluster where I built the necessary keys to my queries. I want to be able to have several Thor clusters where I can copy files to this Roxie running in Azure. However, when I try to perform a remote copy, I'm facing an error, saying that my ESP Server (client) doesn't have permission to copy from Thor's dali server (attached the error into this post).

Probably I'm missing a very small detail for this problem, however, I've tried several solutions and didn't work. What I've tried:
- Added the thor node into hardware list of my roxie cluster
- Added authentication (same user) in thor and roxie ECLWatch/ESP
- Disabled UDP Multicast (Azure doesn't support Multicast - I though this could be impacting the communication between nodes, but It was a shot in the dark).

Thanks for your help,

Artur Baruchi
Attachments
file_spray_error.png
(5.13 KiB) Not downloaded yet
abaruchi
 
Posts: 19
Joined: Thu Apr 18, 2019 4:50 pm

Wed May 26, 2021 8:25 am Change Time Zone

In recent versions of HPCC access to dali is protected with a whitelist. You will need to add an exception for the azure cluster to the whitelist.

See https://track.hpccsystems.com/browse/HPCC-22355 and linked issues for more details.

In future versions (probably 8.4) the need to directly connect to dali will be removed and the remote copying will be routed through esp.
ghalliday
Community Advisory Board Member
Community Advisory Board Member
 
Posts: 198
Joined: Wed May 18, 2011 9:48 am

Wed May 26, 2021 8:31 am Change Time Zone

Hi,

this is being caused by Dali's AllowList mechanism, which prevents unknown/unauthorized clients from accessing Dali meta data (this feature was added in version 7.4).

By default only clients within the same environment are permitted (they are implicitly added to the AllowList).

However you can add other clients to the AllowList, or disable the feature.
To disable the feature, you would need to add:
<AllowList enabled="false"/>


as a property under DaliServerProcess in the environment.xml

There is more info in the HPCC Systems® Administrator's Guide, under the section 'The AllowList in Dali'.

Hope that helps.
jsmith
Community Advisory Board Member
Community Advisory Board Member
 
Posts: 81
Joined: Tue Jul 19, 2011 12:58 pm

Thu May 27, 2021 1:53 pm Change Time Zone

Hi,

Thanks for your replies. Looks like, after adding the ESP server in White List, the error disappeared. I still not able to copy the index, but I think it is a different error now. I'm investigating the problem right now, however, I really appreciate your help.

Regards,
Artur
abaruchi
 
Posts: 19
Joined: Thu Apr 18, 2019 4:50 pm


Return to Installation

Who is online

Users browsing this forum: No registered users and 1 guest

cron