Support Questions
Find answers, ask questions, and share your expertise

Failed to access filesystem root through Hue UI

Hello,

I've installed Hue on my cluster. When i access to my Hue UI i got the errors mentioned in "errors.png".

Hue is running through supervisor with hue user as mentioned in "hue.png". It was running correctly until i enabled kerberos on my cluster. I've made the necessary configurations to configure Hue with kerberos by following these two links:

https://www.cloudera.com/documentation/enterprise/5-6-x/topics/cdh_sg_hue_kerberos_config.html and

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/kerb-config-hue.html.

I've also enabled Ranger and Ranger KMS on my cluster.

When i access to /var/log/supervisor/hue.log, i got the error mentioned in "kerberos_log.png".

I was able to access manually to hdfs root file system with hue user as shown in "hdfs_access.png".

My question are :

1- How can hue user access to hdfs root file system on kerbereized cluster through Hue UI?

2- How can hue authenticate with my cluster components?

I'll be really grateful if someone could hep me resolve this issue.


hdfs-access.pngkerberos-log.pnghue.pngerrors.png
2 REPLIES 2

@raouia

Looking at the screen shot from https://community.hortonworks.com/storage/attachments/42663-klist.png, it appears your SPNEGO principal is incorrect. The SPNEGO principal is a service principal. So it has 2 components... the service name and the FQDN of the relevant host. In the screen shot, I see

 HTTP/ambari@ROSAFI.COM

What I expect to see is something like

HTTP/host1.rosafi.com@ROSAFI.COM

The same goes for the Hue service principal.

How where these created? If manually you will need to create all of the service principals to reflect the relevant hostnames.

@Robert Levas

Thank you very much for your reply.

- I'm working on local domain. So, i've not a FQDN. My cluster is composed of two hosts whose hostnames are ambari and ambari-slave1. All ambari principals were automatically created when i enabled kerberos on my cluster, as shown in principals.png.

- For hue, I've created manually a hue principal by following this method:Where $FQDN is the host name of the Hue server and EXAMPLE.COM is the Hadoop realm, create a principal for the Hue server:

  1. # kadmin.local
    kadmin.local: addprinc -randkey hue/$FQDN@EXAMPLE.COM
    
    Where $FQDN is the host name of the Hue server and EXAMPLE.COM is the Hadoop realm

My hue server is running with hue user. The $FQDN is the host name of the Hue server which is ambari in my case and ROSAFI.COM is the Hadoop realm.

My questions are:

- Is the FQDN necessary for enabling kerberos? Is that the major cause of my issue?


; ;