Enabling Hue Applications Using Cloudera Manager
Minimum Required Role: Configurator (also provided by Cluster Administrator, Full Administrator)
Most Hue applications are configured by default, based on the services you have installed. Cloudera Manager selects the service instance that Hue depends on. If you have more than one
service, you may want to verify or change the service dependency for Hue. Also, if you add a service such as Sqoop or Oozie after you have set up Hue, you need to set the dependency because it is not
done automatically. To add a dependency:
- Go to the Hue service and click the Configuration tab.
- Filter by and .
- Select each service name Service property to set the dependency. Select none to remove the dependency.
- Enter a Reason for change, and then click Save Changes to commit the changes.
- Restart the Hue service.
Enabling the HBase Browser Application with doAs Impersonation
Minimum Required Role: Full Administrator
The Hue HBase application communicates through the proxy, HBase Thrift Server, which forwards commands to HBase. Because Hue stands between the Thrift server and the user, all HBase operations appear to come from the Hue user and not the actual user who is logged on. In a Keberos cluster, you can enable impersonation so that operations appear to come from the actual user.
- Logon to Cloudera Manager.
- Add the HBase Thrift Server role:
- Go to the HBase service and click the Instances tab.
- Click the button, Add Role Instances.
- Click Select hosts under HBase Thrift Server.
- Click anywhere in host row to add the purple icon, "HBTS," under Existing Roles.
- Click OK and Continue.
- Check the box by your new HBase Thrift Server and select .
- If you have a Kerberos cluster, enable impersonation. If your cluster does not have
Kerberos or TLS enabled, skip to step 6..
- Click the HBase Configuration tab.
- Filter by and .
- Set the property, HBase Thrift Authentication (hbase.thrift.security.qop), to one of the following values:
- auth-conf: authentication, integrity and confidentiality checking
- auth-int: authentication and integrity checking
- auth: authentication only
- Filter by and .
- Check the Service-Wide box for Enable HBase Thrift Http Server (hbase.regionserver.thrift.http) and Enable HBase Thrift Proxy Users (hbase.thrift.support.proxyuser).
- Click Save Changes.
- If you have a Kerberos cluster with doAs and force principal names to lower case,
be sure to exclude the HTTP principal:
- Go to the HDFS service.
- Filter by and .
- Search on Additional Rules to Map Kerberos Principals to Short Names (auth_to_local) and add two HTTP rules above your
existing rules:
# Exclude HTTP RULE:[1:$1@$0](HTTP@\QEXAMPLE.COM\E$)s/@\Q.EXAMPLE.COM\E$// RULE:[2:$1@$0](HTTP@\QEXAMPLE.COM\E$)s/@\Q.EXAMPLE.COM\E$// # Force to Lower Case RULE:[1:$1@$0](.*@\QEXAMPLE.COM\E$)s/@\Q.EXAMPLE.COM\E$///L RULE:[2:$1@$0](.*@\QEXAMPLE.COM\E$)s/@\Q.EXAMPLE.COM\E$///L
- Click Save Changes.
- Select .
- Select Rolling Restart. , check the boxes for HDFS, HBase, and Hue and click
- Enable TLS/SSL for the HBase Thrift Server:
- Filter by and .
- Set the TLS/SSL properties according to your cluster configuration:
Property Description Enable TLS/SSL for HBase Thrift Server over HTTP Encrypt communication between clients and HBase Thrift Server over HTTP using Transport Layer Security (TLS). HBase Thrift Server over HTTP TLS/SSL Server JKS Keystore File Location Path to the TLS/SSL keystore file (in JKS format) with the TLS/SSL server certificate and private key. Used when HBase Thrift Server over HTTP acts as a TLS/SSL server. HBase Thrift Server over HTTP TLS/SSL Server JKS Keystore File Password Password for the HBase Thrift Server JKS keystore file. HBase Thrift Server over HTTP TLS/SSL Server JKS Keystore Key Password Password that protects the private key contained in the JKS keystore used when HBase Thrift Server over HTTP acts as a TLS/SSL server. - Enter a Reason for change, and then click Save Changes to commit the changes.
- Restart the HBase service.
- Configure Hue to point to the Thrift Server and to a valid HBase configuration directory:
- Go to the Hue service and click the Configuration tab.
- Filter by and .
- Set the property, HBase Service, to the service for which you enabled the Thrift Server role (if you have more than one HBase service instance).
- Set the property, HBase Thrift Server, to the Thrift Server role for Hue to use.
- Filter by .
- Edit the property, Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini, by adding a valid HBase configuration directory as
follows:
[hbase] hbase_conf_dir={{HBASE_CONF_DIR}}
- Enter a Reason for change, and then click Save Changes to commit the changes.