Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Not able to view files in Filebrowser in HUE UI(3.10.0)

Not able to view files in Filebrowser in HUE UI(3.10.0)

Explorer

Hello

 

 I have installed Hue 3.10.0 and logging to HUE UI using Active Directory User credentials.

I am able to login but not able to access the Files from Filebrowser tab.

Below is the log snippet from runcpserver.log

 

 

[21/Mar/2017 11:51:19 +1100] middleware   INFO     Processing exception: Cannot access: /user/philip.crawford.  Note: you are a Hue admin but not a HDFS superuser, "mapr" or part of HDFS supergroup, "supergroup".: Traceback (most recent call last):

  File "/opt/mapr/hue/hue-3.10.0/build/env/lib/python2.6/site-packages/Django-1.6.10-py2.6.egg/django/core/handlers/base.py", line 112, in get_response

    response = wrapped_callback(request, *callback_args, **callback_kwargs)

  File "/opt/mapr/hue/hue-3.10.0/build/env/lib/python2.6/site-packages/Django-1.6.10-py2.6.egg/django/db/transaction.py", line 371, in inner

    return func(*args, **kwargs)

  File "/opt/mapr/hue/hue-3.10.0/apps/filebrowser/src/filebrowser/views.py", line 111, in index

    return view(request, path)

  File "/opt/mapr/hue/hue-3.10.0/apps/filebrowser/src/filebrowser/views.py", line 189, in view

    raise PopupException(msg , detail=e)

PopupException: Cannot access: /user/philip.crawford.  Note: you are a Hue admin but not a HDFS superuser, "mapr" or part of HDFS supergroup, "supergroup".

 

[21/Mar/2017 11:51:19 +1100] webhdfs      ERROR    Failed to determine superuser of WebHdfs at http://tstapp258vs:14000/webhdfs/v1: IOException: Error getting user info for current user, philip.crawford (error 500)

Traceback (most recent call last):

  File "/opt/mapr/hue/hue-3.10.0/desktop/libs/hadoop/src/hadoop/fs/webhdfs.py", line 173, in superuser

    sb = self.stats('/var')

  File "/opt/mapr/hue/hue-3.10.0/desktop/libs/hadoop/src/hadoop/fs/webhdfs.py", line 260, in stats

    res = self._stats(path)

  File "/opt/mapr/hue/hue-3.10.0/desktop/libs/hadoop/src/hadoop/fs/webhdfs.py", line 254, in _stats

    raise ex

WebHdfsException: IOException: Error getting user info for current user, philip.crawford (error 500)

[21/Mar/2017 11:51:19 +1100] connectionpool DEBUG    "GET /webhdfs/v1/var?op=GETFILESTATUS&user.name=mapr&doas=philip.crawford HTTP/1.1" 500 None

[21/Mar/2017 11:51:19 +1100] connectionpool INFO     Resetting dropped connection: tstapp258vs

[21/Mar/2017 11:51:19 +1100] connectionpool DEBUG    "GET /webhdfs/v1/user/philip.crawford?op=GETFILESTATUS&user.name=mapr&doas=philip.crawford HTTP/1.1" 500 None

[21/Mar/2017 11:51:19 +1100] connectionpool INFO     Resetting dropped connection: tstapp258vs

 

 

[21/Mar/2017 12:03:20 +1100] middleware   INFO     Processing exception: Cannot access: /user/philip.crawford.  Note: you are a Hue admin but not a HDFS superuser, "mapr" or part of HDFS supergroup, "supergroup".: Traceback (most recent call last):

  File "/opt/mapr/hue/hue-3.10.0/build/env/lib/python2.6/site-packages/Django-1.6.10-py2.6.egg/django/core/handlers/base.py", line 112, in get_response

    response = wrapped_callback(request, *callback_args, **callback_kwargs)

  File "/opt/mapr/hue/hue-3.10.0/build/env/lib/python2.6/site-packages/Django-1.6.10-py2.6.egg/django/db/transaction.py", line 371, in inner

    return func(*args, **kwargs)

  File "/opt/mapr/hue/hue-3.10.0/apps/filebrowser/src/filebrowser/views.py", line 111, in index

    return view(request, path)

  File "/opt/mapr/hue/hue-3.10.0/apps/filebrowser/src/filebrowser/views.py", line 189, in view

    raise PopupException(msg , detail=e)

PopupException: Cannot access: /user/philip.crawford.  Note: you are a Hue admin but not a HDFS superuser, "mapr" or part of HDFS supergroup, "supergroup".

 

[21/Mar/2017 12:03:20 +1100] webhdfs      ERROR    Failed to determine superuser of WebHdfs at http://tstapp258vs:14000/webhdfs/v1: IOException: Error getting user info for current user, philip.crawford (error 500)

Traceback (most recent call last):

  File "/opt/mapr/hue/hue-3.10.0/desktop/libs/hadoop/src/hadoop/fs/webhdfs.py", line 173, in superuser

    sb = self.stats('/var')

 

HUE.INI

[desktop]

# Set this to a random string, the longer the better.
# This is used for secure hashing in the session store.
secret_key=asdf0w993q02495uperw9poijsdfqweoriu23o4iuoweifjlkasdjfwiqeru034590345098

# Execute this script to produce the Django secret key. This will be used when
# `secret_key` is not set.
## secret_key_script=

# Webserver listens on this address and port
http_host=0.0.0.0
http_port=8888

# Time zone name
time_zone=Australia/Canberra

# Enable or disable Django debug mode.
django_debug_mode=true

# Enable or disable database debug mode.
## database_logging=false

# Whether to send debug messages from JavaScript to the server logs.
## send_dbug_messages=false

# Enable or disable backtrace for server error
http_500_debug_mode=true

# Enable or disable memory profiling.
## memory_profiler=false

# Server email for internal error messages
## django_server_email='hue@localhost.localdomain'

# Email backend
## django_email_backend=django.core.mail.backends.smtp.EmailBackend

# Webserver runs as this user
server_user=mapr
server_group=mapr

# This should be the Hue admin and proxy user
default_user=mapr
# This should be the hadoop cluster admin
default_hdfs_superuser=mapr

default_jobtracker_host=maprfs:///
# If set to false, runcpserver will not actually start the web server.
# Used if Apache is being used as a WSGI container.
## enable_server=yes

# Number of threads used by the CherryPy web server
## cherrypy_server_threads=40

# Filename of SSL Certificate
## ssl_certificate=

# Filename of SSL RSA Private Key
## ssl_private_key=

# Filename of SSL Certificate Chain
## ssl_certificate_chain=

# SSL certificate password
## ssl_password=

# Execute this script to produce the SSL password. This will be used when `ssl_password` is not set.
## ssl_password_script=

# List of allowed and disallowed ciphers in cipher list format.
# See http://www.openssl.org/docs/apps/ciphers.html for more information on
# cipher list format. This list is from
# https://wiki.mozilla.org/Security/Server_Side_TLS v3.7 intermediate
# recommendation, which should be compatible with Firefox 1, Chrome 1, IE 7,
# Opera 5 and Safari 1.
## ssl_cipher_list=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

# Path to default Certificate Authority certificates.
## ssl_cacerts=/opt/mapr/hue/hue-3.10.0/cert.pem

# Choose whether Hue should validate certificates received from the server.
## validate=true

# Default LDAP/PAM/.. username and password of the hue user used for authentications with other services.
# Inactive if password is empty.
# e.g. LDAP pass-through authentication for HiveServer2 or Impala. Apps can override them individually.
auth_username=mapr
auth_password=########

# Default encoding for site data
## default_site_encoding=utf-8

# Help improve Hue with anonymous usage analytics.
# Use Google Analytics to see how many times an application or specific section of an application is used, nothing more.
## collect_usage=true

# Tile layer server URL for the Leaflet map charts
# Read more on http://leafletjs.com/reference.html#tilelayer
## leaflet_tile_layer=http://{s}.tile.osm.org/{z}/{x}/{y}.png

# The copyright message for the specified Leaflet maps Tile Layer
## leaflet_tile_layer_attribution='&copy; <a href="http://osm.org/copyright">OpenStreetMap</a> contributors'

# X-Frame-Options HTTP header value. Use 'DENY' to deny framing completely
## http_x_frame_options=SAMEORIGIN

# Enable X-Forwarded-Host header if the load balancer requires it.
## use_x_forwarded_host=false

# Support for HTTPS termination at the load-balancer level with SECURE_PROXY_SSL_HEADER.
## secure_proxy_ssl_header=false

# Comma-separated list of Django middleware classes to use.
# See https://docs.djangoproject.com/en/1.4/ref/middleware/ for more details on middlewares in Django.
## middleware=desktop.auth.backend.LdapSynchronizationBackend

# Comma-separated list of regular expressions, which match the redirect URL.
# For example, to restrict to your local domain and FQDN, the following value can be used:
# ^\/.*$,^http:\/\/www.mydomain.com\/.*$
## redirect_whitelist=^(\/[a-zA-Z0-9]+.*|\/)$

# Comma separated list of apps to not load at server startup.
# e.g.: pig,zookeeper
app_blacklist=search,rdbms,zookeeper,impala,pig,spark,sqoop,security

# Choose whether to show the new SQL editor.
## use_new_editor=true

# The directory where to store the auditing logs. Auditing is disable if the value is empty.
# e.g. /var/log/hue/audit.log
## audit_event_log_dir=

# Size in KB/MB/GB for audit log to rollover.
## audit_log_max_file_size=100MB

# A json file containing a list of log redaction rules for cleaning sensitive data
# from log files. It is defined as:
#
# {
# "version": 1,
# "rules": [
# {
# "description": "This is the first rule",
# "trigger": "triggerstring 1",
# "search": "regex 1",
# "replace": "replace 1"
# },
# {
# "description": "This is the second rule",
# "trigger": "triggerstring 2",
# "search": "regex 2",
# "replace": "replace 2"
# }
# ]
# }
#
# Redaction works by searching a string for the [TRIGGER] string. If found,
# the [REGEX] is used to replace sensitive information with the
# [REDACTION_MASK]. If specified with `log_redaction_string`, the
# `log_redaction_string` rules will be executed after the
# `log_redaction_file` rules.
#
# For example, here is a file that would redact passwords and social security numbers:

# {
# "version": 1,
# "rules": [
# {
# "description": "Redact passwords",
# "trigger": "password",
# "search": "password=\".*\"",
# "replace": "password=\"???\""
# },
# {
# "description": "Redact social security numbers",
# "trigger": "",
# "search": "\d{3}-\d{2}-\d{4}",
# "replace": "XXX-XX-XXXX"
# }
# ]
# }
## log_redaction_file=

# Comma separated list of strings representing the host/domain names that the Hue server can serve.
# e.g.: localhost,domain1,*
## allowed_hosts=*

# Administrators
# ----------------
[[django_admins]]
## [[[admin1]]]
## name=john
## email=john@doe.com

# UI customizations
# -------------------
[[custom]]

# Top banner HTML code
# e.g. <H4>Test Lab A2 Hue Services</H4>
## banner_top_html=

# Login splash HTML code
# e.g. WARNING: You are required to have authorization before you proceed
## login_splash_html=<h4>GetHue.com</h4><br/><br/>WARNING: You have accessed a computer managed by GetHue. You are required to have authorization from GetHue before you proceed.

# Cache timeout in milliseconds for the assist, autocomplete, etc.
# defaults to 86400000 (1 day), set to 0 to disable caching
## cacheable_ttl=86400000

# Configuration options for user authentication into the web application
# ------------------------------------------------------------------------
[[auth]]

# Authentication backend. Common settings are:
# - django.contrib.auth.backends.ModelBackend (entirely Django backend)
# - desktop.auth.backend.AllowAllBackend (allows everyone)
# - desktop.auth.backend.AllowFirstUserDjangoBackend
# (Default. Relies on Django and user manager, after the first login)
# - desktop.auth.backend.LdapBackend
# - desktop.auth.backend.PamBackend - WARNING: existing users in Hue may be unaccessible if they not exist in OS
# - desktop.auth.backend.SpnegoDjangoBackend
# - desktop.auth.backend.RemoteUserDjangoBackend
# - libsaml.backend.SAML2Backend
# - libopenid.backend.OpenIDBackend
# - liboauth.backend.OAuthBackend
# (New oauth, support Twitter, Facebook, Google+ and Linkedin
# Multiple Authentication backends are supported by specifying a comma-separated list in order of priority.
# However, in order to enable OAuthBackend, it must be the ONLY backend configured.
# backend=desktop.auth.backend.PamBackend
backend=desktop.auth.backend.LdapBackend

# Class which defines extra accessor methods for User objects.
## user_aug=desktop.auth.backend.DefaultUserAugmentor

# The service to use when querying PAM.
pam_service=sudo sshd login

# When using the desktop.auth.backend.RemoteUserDjangoBackend, this sets
# the normalized name of the header that contains the remote user.
# The HTTP header in the request is converted to a key by converting
# all characters to uppercase, replacing any hyphens with underscores
# and adding an HTTP_ prefix to the name. So, for example, if the header
# is called Remote-User that would be configured as HTTP_REMOTE_USER
#
# Defaults to HTTP_REMOTE_USER
## remote_user_header=HTTP_REMOTE_USER

# Ignore the case of usernames when searching for existing users.
# Supported in remoteUserDjangoBackend and SpnegoDjangoBackend
## ignore_username_case=true

# Forcibly cast usernames to lowercase, takes precedence over force_username_uppercase
# Supported in remoteUserDjangoBackend and SpnegoDjangoBackend
## force_username_lowercase=true

# Forcibly cast usernames to uppercase, cannot be combined with force_username_lowercase
## force_username_uppercase=false

# Users will expire after they have not logged in for 'n' amount of seconds.
# A negative number means that users will never expire.
## expires_after=-1

# Apply 'expires_after' to superusers.
## expire_superusers=true

# Users will automatically be logged out after 'n' seconds of inactivity.
# A negative number means that idle sessions will not be timed out.
idle_session_timeout=-1

# Force users to change password on first login with desktop.auth.backend.AllowFirstUserDjangoBackend
## change_default_password=false

# Number of login attempts allowed before a record is created for failed logins
## login_failure_limit=3

# After number of allowed login attempts are exceeded, do we lock out this IP and optionally user agent?
## login_lock_out_at_failure=false

# If set, defines period of inactivity in seconds after which failed logins will be forgotten
## login_cooloff_time=60

# If True, lock out based on IP and browser user agent
## login_lock_out_by_combination_browser_user_agent_and_ip=false

# If True, lock out based on IP and user
## login_lock_out_by_combination_user_and_ip=false

# Configuration options for connecting to LDAP and Active Directory
# -------------------------------------------------------------------
[[ldap]]

# The search base for finding users and groups
base_dn="dc=test,dc=act,dc=gov,dc=au"

# URL of the LDAP server
ldap_url=ldap://ldap.test.act.gov.au:389

# The NT domain used for LDAP authentication
nt_domain=test.act.gov.au

# A PEM-format file containing certificates for the CA's that
# Hue will trust for authentication over TLS.
# The certificate for the CA that signed the
# LDAP server certificate must be included among these certificates.
# See more here http://www.openldap.org/doc/admin24/tls.html.
## ldap_cert=
use_start_tls=false

# Distinguished name of the user to bind as -- not necessary if the LDAP server
# supports anonymous searches
bind_dn="CN=svc_Map-R,OU=Service Accounts,OU=IS Windows,DC=test,DC=act,DC=gov,DC=au"

# Password of the bind user -- not necessary if the LDAP server supports
# anonymous searches
bind_password="#########"

# Execute this script to produce the bind user password. This will be used
# when `bind_password` is not set.
## bind_password_script=

# Pattern for searching for usernames -- Use <username> for the parameter
# For use when using LdapBackend for Hue authentication
# If nt_domain is specified, this config is completely ignored.
# If nt_domain is not specified, this should take on the form "cn=<username>,dc=example,dc=com",
# where <username> is replaced by whatever is provided at the login page. Depending on your ldap schema,
# you can also specify additional/alternative comma-separated attributes like uid, ou, etc
#ldap_username_pattern="sAMAccountName={user}"

# Create users in Hue when they try to login with their LDAP credentials
# For use when using LdapBackend for Hue authentication
## create_users_on_login = true

# Synchronize a users groups when they login
## sync_groups_on_login=false

# Ignore the case of usernames when searching for existing users in Hue.
## ignore_username_case=true

# Force usernames to lowercase when creating new users from LDAP.
# Takes precedence over force_username_uppercase
## force_username_lowercase=true

# Force usernames to uppercase, cannot be combined with force_username_lowercase
## force_username_uppercase=false

# Use search bind authentication.
# If set to true, hue will perform ldap search using bind credentials above (bind_dn, bind_password)
# Hue will then search using the 'base_dn' for an entry with attr defined in 'user_name_attr', with the value
# of short name provided on the login page. The search filter defined in 'user_filter' will also be used to limit
# the search. Hue will search the entire subtree starting from base_dn.
# If search_bind_authentication is set to false, Hue performs a direct bind to LDAP using the credentials provided
# (not bind_dn and bind_password specified in hue.ini). There are 2 modes here - 'nt_domain' is specified or not.
search_bind_authentication=true

# Choose which kind of subgrouping to use: nested or suboordinate (deprecated).
## subgroups=suboordinate

# Define the number of levels to search for nested members.
## nested_members_search_depth=10

# Whether or not to follow referrals
## follow_referrals=false

# Enable python-ldap debugging.
debug=true

# Sets the debug level within the underlying LDAP C lib.
debug_level=255

# Possible values for trace_level are 0 for no logging, 1 for only logging the method calls with arguments,
# 2 for logging the method calls with arguments and the complete results and 9 for also logging the traceback of method calls.
trace_level=9