I've installed Hue on my cluster. When i access to my Hue UI i got the errors mentioned in "errors.png".
Hue is running through supervisor with hue user as mentioned in "hue.png". It was running correctly until i enabled kerberos on my cluster. I've made the necessary configurations to configure Hue with kerberos by following these two links:
I've also enabled Ranger and Ranger KMS on my cluster.
When i access to /var/log/supervisor/hue.log, i got the error mentioned in "kerberos_log.png".
I was able to access manually to hdfs root file system with hue user as shown in "hdfs_access.png".
My question are :
1- How can hue user access to hdfs root file system on kerbereized cluster through Hue UI?
2- How can hue authenticate with my cluster components?
I'll be really grateful if someone could hep me resolve this issue.
Looking at the screen shot from https://community.hortonworks.com/storage/attachments/42663-klist.png, it appears your SPNEGO principal is incorrect. The SPNEGO principal is a service principal. So it has 2 components... the service name and the FQDN of the relevant host. In the screen shot, I see
What I expect to see is something like
The same goes for the Hue service principal.
How where these created? If manually you will need to create all of the service principals to reflect the relevant hostnames.
Thank you very much for your reply.
- I'm working on local domain. So, i've not a FQDN. My cluster is composed of two hosts whose hostnames are ambari and ambari-slave1. All ambari principals were automatically created when i enabled kerberos on my cluster, as shown in principals.png.
- For hue, I've created manually a hue principal by following this method:Where $FQDN is the host name of the Hue server and EXAMPLE.COM is the Hadoop realm, create a principal for the Hue server:
# kadmin.local kadmin.local: addprinc -randkey hue/$FQDN@EXAMPLE.COM Where $FQDN is the host name of the Hue server and EXAMPLE.COM is the Hadoop realm
My hue server is running with hue user. The $FQDN is the host name of the Hue server which is ambari in my case and ROSAFI.COM is the Hadoop realm.
My questions are:
- Is the FQDN necessary for enabling kerberos? Is that the major cause of my issue?