Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Hue with Impala editor with LDAP

Labels:
avatar
author-rank mfulwiler
Explorer

Created on ‎01-09-2018 10:00 AM - edited ‎09-16-2022 05:43 AM

Hello all, 

 

I have been facing an issue for the past week where I can not access the Impala editor in hue. I have setup LDAP for Hue, Hive, and Impala and Impala is the only one not working via Hue. I am able to access impala via the command shell, but when I try to connect to impala through hue I get an error. "'hue' is not authorized to delegate to 'username'. User delegation is disabled" (impersination is enabled and I have set hue=* for the Proxy user configueration under the impala config in clouder manager). 

 

Also when I run the check configuration on the hue home page I see impala - No available impalad to send queries to.   

5,708 Views
0 Kudos
10 REPLIES 10

avatar
saranvisa author-rank
Champion

Created ‎01-09-2018 11:33 AM

@mfulwiler

 

As you have access via CLI but getting issue only in Hue, it should be permission setup issue in Hue againts your user id.

 

You can try this: Hue -> Login as admin user (top right drop down and choose as admin) -> Permissions tab -> choose the required services like impala, etc against your user id

 

 

5,331 Views
0 Kudos

avatar
author-rank mfulwiler
Explorer

Created ‎01-09-2018 11:46 AM

Thanks for the reply @saranvisa 

 

After checking it looks like both users have permission to impala. 

 

I even tried to log in as the hue user and I get these two error messages. 


Screen Shot 2018-01-09 at 1.45.25 PM.png
5,327 Views
0 Kudos

avatar
saranvisa author-rank
Champion

Created on ‎01-09-2018 12:01 PM - edited ‎01-09-2018 12:01 PM

@mfulwiler

 

 

Go to Cloudera Manager -> Hue -> Configuration -> Impala Service -> Pls make sure it is enabled

 

Also Please make sure that you meet the "Configuring Impala Delegation for Hue and BI Tools" details mentioned in the below link

 

https://www.cloudera.com/documentation/enterprise/5-5-x/topics/impala_authentication.html

 

 

5,322 Views
0 Kudos

avatar
author-rank mfulwiler
Explorer

Created on ‎01-09-2018 12:49 PM - edited ‎01-09-2018 12:49 PM

@saranvisa

 

I have gone through and checked all these things mentioned in the documents and they are all set corretly. Also implas service is enabled under the Hue.

 

 

5,307 Views
0 Kudos

avatar
author-rank bgooley author-rank
Master Guru

Created ‎01-09-2018 08:23 PM

@mfulwiler,

 

The "delegation is disabled" error occurs for one reason:

 

  if (authorized_proxy_user_config_.size() == 0) {
    error_msg << " User delegation is disabled.";
    return Status(error_msg.str());
  }

 

That means the daemon is not seeing the configuration you mentioned you added for hue=*.  Can you share a screen shot of your Cloudera Manager config and then also show us the "--authorized_proxy_user_config" value during the daemon startup?  It should be in your "/var/log/imapad/impald.INFO" most likely

 

Based on what we see in the error response, Impalad is not configured for delegation, so Hue cannot leverage delegation.

 

-Ben

5,288 Views
0 Kudos

avatar
author-rank mfulwiler
Explorer

Created on ‎01-11-2018 08:07 AM - edited ‎01-11-2018 08:08 AM

I must be missing someting as here is the cloudera config setting to allow hue but when I look in the impald.INFO file it doesnt show any thing is set. 


Screen Shot 2018-01-10 at 4.35.29 PM.png
5,273 Views
0 Kudos

avatar
author-rank mfulwiler
Explorer

Created ‎01-11-2018 08:08 AM

wouldn't let me add two screenshots to a post..


Screen Shot 2018-01-10 at 4.36.03 PM.png
5,271 Views
0 Kudos

avatar
author-rank bgooley author-rank
Master Guru

Created ‎01-11-2018 08:33 AM

@mfulwiler,

 

If that last screen shot is from your most recent start of the impala daemon, it appears that Cloudera Manager is not starting it with the change you made in the configuration. Please make sure you did restart Impala service after making the change to authorized_proxy_user_config.  This seems to be more an issue of your configuration for Impala in Cloudera Manager than Hue itself.

 

If you see the correct configuration in the above steps, please take a screen shot of the Proxy User Configuration as it appears so we can look for clues. It could be that another role configuration for Impalad is overriding the Service-Wide configuration.

 

I assume you are using Sentry, but want to confirm.  I don't think that Hue can utilize Impala impersonation if Impala is not implemented with Sentry.

5,267 Views
0 Kudos

avatar
author-rank mfulwiler
Explorer

Created ‎01-11-2018 08:43 AM

@bgooley

 

We are not using Sentry as the plan was to set up Ldap then get Sentry setup. Maybe I completely missed it but, I have not seen any documentation stating that Sentry is needed to have Hue impersonation impala.

 

I have verify it was restarted and just for kicks I restarted it again, but still not seeing anything in the config for authorized_proxy_user_config. Not really sure where to look to tell if another role is overriding the config.

5,262 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements