You can secure passwords in Hue by using one consolidated script, or multiple
individual scripts. Hue runs each password script at startup and extracts
passwords from stdout.
Store scripts in a directory that only Hue can read, write, and execute. You can choose
password script names but you cannot change hue.ini property names to which
you assign those scripts. Add the suffix _script to any password property
and set it equal to the script name.
-
At the command line, create one or more password scripts. For
example, create a consolidated script named
my_passwords_script.sh:
#!/bin/bash
SERVICE=$1
if [[ ${SERVICE} == "ldap_password" ]]
then
echo "<your_ldap_password>"
fi
if [[ ${SERVICE} == "ssl_password" ]]
then
echo "<your_ssl_password>"
fi
if [[ ${SERVICE} == "bind_password" ]]
then
echo "<your_bind_password>"
fi
if [[ ${SERVICE} == "db_password" ]]
then
echo "<your_database_password>"
fi
-
Log on to Cloudera Manager and go to
.
-
Search on Hue Service Advanced Configuration Snippet
(Safety Valve) for hue_safety_valve.ini.
-
Add script properties. In the following example, the required
_script
is added to the password property:
[desktop]
ldap_username=hueservice
ldap_password_script="/var/lib/hue/password_script.sh ldap_password"
ssl_password_script="/var/lib/hue/password_script.sh ssl_password"
[[ldap]]
bind_password_script="/var/lib/hue/password_script.sh bind_password"
[[database]]
db_password_script="/var/lib/hue/password_script.sh db_password"
-
Click Save Changes and Restart
Hue.
