Known Issues in Hue in Cloudera Data Warehouse service on public clouds
- DWX-4814: Impala query coordinator does not authorize Hue-Thrift connection
- Problem: When you run a query in Hue, Hue forwards the query to the Impala query
coordinator as the service user, which is admin. However, the admin user is not a part of the
restricted group (cdp_hue) in the Virtual Warehouse. Moreover, the hue user does not exist in
the default FreeIPA users. As a result, the Impala query coordinator does not authorize the
Hue-Thrift connection, and you may see the following error
TSocket read 0 bytes (code THRIFTTRANSPORT): TTransportException(‘TSocket read 0 bytes’,)
- Workaround: Add the admin user to the restricted group.To add the admin user to the restricted group:
- Check the impalad-coordinator log by running the following
kubectl logs coordinator-0 -c impalad-coordinatorYou may see an output as shown in the following example:
I0717 19:55:05.979328 402 TAcceptQueueServer.cpp:340] New connection to server hiveserver2-frontend from client <Host: x.y.z.1 Port: 46596> ... ... E0717 19:55:05.988016 406 authentication.cc:160] SASL message (LDAP): Password verification failed I0717 19:55:05.988131 406 thrift-util.cc:96] TAcceptQueueServer: hiveserver2-frontend connection setup failed for client <Host: x.y.z.1 Port: 46596>. Caught TException: SASL(-13): user not found: Password verification failed
- SSH into the bastion host.
- SSH into the FreeIPA master host.
- Change user to “admin” by running the following command:
- Specify a password for the admin user.
- Add the admin user to the
cdp_huegroup by running the following command:
ipa group-add-member cdp_hue --users=admin
- Check whether you can query the Impala query coordinator without the error by viewing the
kubectl logs coordinator-0 -c impalad-coordinatorIf the operation is successful, then the impalad-coordinator log would look as shown in the following example:
I0717 19:55:05.979328 402 TAcceptQueueServer.cpp:340] New connection to server hiveserver2-frontend from client <Host: x.y.z.1 Port: 46596> ... ... I0717 19:59:27.250118 404 authentication.cc:389] Successfully authenticated client user "admin" I0717 19:59:27.250178 404 TAcceptQueueServer.cpp:245] TAcceptQueueServer: hiveserver2-frontend finished connection setup for client <Host: x.y.z.1 Port: 46596>
- Check the impalad-coordinator log by running the following command:
- DWX-4713: CDW service upgrade restarts Hive Virtual Warehouse and gets stuck in the starting state as Hue pods are stuck at init
- Problem: If you have created a Hive Virtual Warehouse in the R3 release of CDW service (CDW version 126.96.36.199-173 or CDP version 188.8.131.52-364), then you will not be able to upgrade to the latest release (R7) because Hue is not supported to run in the Hive Virtual Warehouse (R3) when SAML is enabled. The health check feature that has been introduced in this release checks for the compatibility and will not allow the Hive Virtual Warehouse to start.
- Workaround: You must recreate the Hive Virtual Warehouse in the current release (R7) and then use Hue with it.