Support Questions
Find answers, ask questions, and share your expertise

Permission Denied while starting HUE

Re: Permission Denied while starting HUE

Explorer

I got the same error starting hue with ambari user. Here is the config file. @ibhatt, @Ed Gleeck, @Kuldeep Kulkarni

#####################################
# DEVELOPMENT EDITION
#####################################
# Hue configuration file
# ===================================
#
# For complete documentation about the contents of this file, run
#       $ <hue_root>/build/env/bin/hue config_help
#
# All .ini files under the current directory are treated equally.  Their
# contents are merged to form the Hue configuration, which can
# can be viewed on the Hue at
#       http://<hue_host>:<port>/dump_config
###########################################################################
# General configuration for core Desktop features (authentication, etc)
###########################################################################
[desktop]
  kredentials_dir="/tmp"
  send_dbug_messages=1
  # To show database transactions, set database_logging to 1
  database_logging=0
  # Set this to a random string, the longer the better.
  # This is used for secure hashing in the session store.
  secret_key=Je,w@j#k!9~g-77ysa*twu&uy^hjajs%HUfy$40=psSo{s[pd[9p';'s9d9s0
  # Webserver listens on this address and port
  http_host=0.0.0.0
  http_port=8000
  # Time zone name
  time_zone=America/Los_Angeles
  # Turn off debug
  django_debug_mode=1
  # Turn off backtrace for server error
  http_500_debug_mode=1
  # Server email for internal error messages
  ## django_server_email='hue@localhost.localdomain'
  # Email backend
  ## django_email_backend=django.core.mail.backends.smtp.EmailBackend
  # Set to true to use CherryPy as the webserver, set to false
  # to use Spawning as the webserver. Defaults to Spawning if
  # key is not specified.
  use_cherrypy_server=true
  # Webserver runs as this user
  server_user=hue
  server_group=hadoop
  # If set to false, runcpserver will not actually start the web server.
  # Used if Apache is being used as a WSGI container.
  ## enable_server=yes
  # Number of threads used by the CherryPy web server
  ## cherrypy_server_threads=10
  # Filename of SSL Certificate
  ## ssl_certificate=
  # Filename of SSL RSA Private Key
  ## ssl_private_key=
  # LDAP username and password of the hue user used for LDAP authentications.
  # Set it to use LDAP Authentication with HiveServer2.
  ## ldap_username=hue
  ## ldap_password=hue
  # Default encoding for site data
  ## default_site_encoding=utf-8
  # Options for X_FRAME_OPTIONS header. Default is SAMEORIGIN
  x_frame_options='ALLOWALL'
  [[supervisor]]
    ## celeryd=no
  # Administrators
  # ----------------
  [[django_admins]]
    ## [[[admin1]]]
    ## name=john
    ## email=john@doe.com
  # UI customizations
  # -------------------
  [[custom]]
  # Top banner HTML code
  ## banner_top_html=
  # Top about page HTML code
  ## about_top_html='''<div><a href="/dump_config">Visit the Hue Configuration page</a></div>'''
  # Configuration options for user authentication into the web application
  # ------------------------------------------------------------------------
  [[auth]]
    # Authentication backend. Common settings are:
    # - django.contrib.auth.backends.ModelBackend (entirely Django backend)
    # - desktop.auth.backend.AllowAllBackend (allows everyone)
    # - desktop.auth.backend.AllowFirstUserDjangoBackend
    #     (Default. Relies on Django and user manager, after the first login)
    # - desktop.auth.backend.LdapBackend
    # - desktop.auth.backend.PamBackend
    # - desktop.auth.backend.SpnegoDjangoBackend
    # - desktop.auth.backend.RemoteUserDjangoBackend
    backend=desktop.auth.backend.AllowFirstUserDjangoBackend
    ## pam_service=login
    # When using the desktop.auth.backend.RemoteUserDjangoBackend, this sets
    # the normalized name of the header that contains the remote user.
    # The HTTP header in the request is converted to a key by converting
    # all characters to uppercase, replacing any hyphens with underscores
    # and adding an HTTP_ prefix to the name. So, for example, if the header
    # is called Remote-User that would be configured as HTTP_REMOTE_USER
    #
    # Defaults to HTTP_REMOTE_USER
    ## remote_user_header=HTTP_REMOTE_USER
    # Ignore the case of usernames when searching for existing users.
    # Only supported in remoteUserDjangoBackend.
    ## ignore_username_case=false
    # Ignore the case of usernames when searching for existing users to authenticate with.
    # Only supported in remoteUserDjangoBackend.
    ## force_username_lowercase=false
  # Configuration options for connecting to LDAP and Active Directory
  # -------------------------------------------------------------------
   [[ldap]]
    # The search base for finding users and groups
    ## base_dn="DC=mycompany,DC=com"
    # URL of the LDAP server
    ## ldap_url=ldap://auth.mycompany.com
    # A PEM-format file containing certificates for the CA's that
    # Hue will trust for authentication over TLS.
    # The certificate for the CA that signed the
    # LDAP server certificate must be included among these certificates.
    # See more here http://www.openldap.org/doc/admin24/tls.html.
    ## ldap_cert=
    ## use_start_tls=true
    # Distinguished name of the user to bind as -- not necessary if the LDAP server
    # supports anonymous searches
    ## bind_dn="CN=ServiceAccount,DC=mycompany,DC=com"
    # Password of the bind user -- not necessary if the LDAP server supports
    # anonymous searches
    ## bind_password=
    # Pattern for searching for usernames -- Use <username> for the parameter
    # For use when using LdapBackend for Hue authentication
    ## ldap_username_pattern="uid=<username>,ou=People,dc=mycompany,dc=com"
    # Create users in Hue when they try to login with their LDAP credentials
    # For use when using LdapBackend for Hue authentication
    ## create_users_on_login = true
    # Synchronize a users groups when they login
    ## sync_groups_on_login=false
    # Ignore the case of usernames when searching for existing users in Hue.
    ## ignore_username_case=false
    # Force usernames to lowercase when creating new users from LDAP.
    ## force_username_lowercase=false
    # Use search bind authentication.
    ## search_bind_authentication=true
    # Choose which kind of subgrouping to use: nested or suboordinate (deprecated).
    ## subgroups=suboordinate
    # Define the number of levels to search for nested members.
    ## nested_members_search_depth=10
    # Whether or not to follow referrals
    ## follow_referrals=false
    [[[users]]]
      # Base filter for searching for users
      ## user_filter="objectclass=*"
      # The username attribute in the LDAP schema
      ## user_name_attr=sAMAccountName
    [[[groups]]]
      # Base filter for searching for groups
      ## group_filter="objectclass=*"
      # The username attribute in the LDAP schema
      ## group_name_attr=cn
    [[[ldap_servers]]]
      ## [[[[mycompany]]]]
        # The search base for finding users and groups
        ## base_dn="DC=mycompany,DC=com"
        # URL of the LDAP server
        ## ldap_url=ldap://auth.mycompany.com
        # A PEM-format file containing certificates for the CA's that
        # Hue will trust for authentication over TLS.
        # The certificate for the CA that signed the
        # LDAP server certificate must be included among these certificates.
        # See more here http://www.openldap.org/doc/admin24/tls.html.
        ## ldap_cert=
        ## use_start_tls=true
        # Distinguished name of the user to bind as -- not necessary if the LDAP server
        # supports anonymous searches
        ## bind_dn="CN=ServiceAccount,DC=mycompany,DC=com"
        # Password of the bind user -- not necessary if the LDAP server supports
        # anonymous searches
        ## bind_password=
        # Pattern for searching for usernames -- Use <username> for the parameter
        # For use when using LdapBackend for Hue authentication
        ## ldap_username_pattern="uid=<username>,ou=People,dc=mycompany,dc=com"
        # Whether or not to follow referrals
        ## follow_referrals=false
        ## [[[[[users]]]]]
          # Base filter for searching for users
          ## user_filter="objectclass=Person"
          # The username attribute in the LDAP schema
          ## user_name_attr=sAMAccountName
        ## [[[[[groups]]]]]
          # Base filter for searching for groups
          ## group_filter="objectclass=groupOfNames"
          # The username attribute in the LDAP schema
          ## group_name_attr=cn
  # Configuration options for specifying the Desktop Database.  For more info,
  # see http://docs.djangoproject.com/en/1.1/ref/settings/#database-engine
  # ------------------------------------------------------------------------
  [[database]]
    # engine=sqlite3
    # name=/var/lib/hue/desktop.db
    # Database engine is typically one of:
    # postgresql_psycopg2, mysql, or sqlite3
    #
    # Note that for sqlite3, 'name', below is a filename;
    # for other backends, it is the database name.
    # engine=mysql
    # host=plsq00029m1.corp.sprint.com
    # port=3306
    # user=hue
    # password=29HueSqldb
    # name=huedb
  # Configuration options for connecting to an external SMTP server
  # ------------------------------------------------------------------------
  [[smtp]]
    # The SMTP server information for email notification delivery
    host=localhost
    port=25
    user=
    password=
    # Whether to use a TLS (secure) connection when talking to the SMTP server
    tls=no
    # Default email address to use for various automated notification from Hue
    ## default_from_email=hue@localhost
  # Configuration options for Kerberos integration for secured Hadoop clusters
  # ------------------------------------------------------------------------
  [[kerberos]]
    # Path to Hue's Kerberos keytab file
    ## hue_keytab=/etc/security/keytabs/hue.service.keytab
    # Kerberos principal name for Hue
    ## hue_principal=hue/FQDN@REALM
    # Path to kinit
    ## kinit_path=/usr/bin/kinit
    ## Frequency in seconds with which Hue will renew its keytab. Default 1h.
    ## reinit_frequency=3600
    ## Path to keep Kerberos credentials cached.
    ## ccache_path=/tmp/hue_krb5_ccache
###########################################################################
# Settings to configure your Hadoop cluster.
###########################################################################
[hadoop]
  # Configuration for HDFS NameNode
  # ------------------------------------------------------------------------
  [[hdfs_clusters]]
    [[[default]]]
      # Enter the filesystem uri
      fs_defaultfs=hdfs://plsq00023m1.corp.sprint.com:8020
      # Use WebHdfs/HttpFs as the communication mechanism. To fallback to
      # using the Thrift plugin (used in Hue 1.x), this must be uncommented
      # and explicitly set to the empty value.
      webhdfs_url=http://plsq00023m1.corp.sprint.com:50070/webhdfs/v1/
      ## security_enabled=true
      # Default umask for file and directory creation, specified in an octal value.
      ## umask=022
  [[yarn_clusters]]
    [[[default]]]
      # Whether to submit jobs to this cluster
      submit_to=true
      ## security_enabled=false
      # Resource Manager logical name (required for HA)
      ## logical_name=
      # URL of the ResourceManager webapp address (yarn.resourcemanager.webapp.address)
      resourcemanager_api_url=http://plsq00028m2.corp.sprint.com:8088
      # URL of Yarn RPC adress (yarn.resourcemanager.address)
      resourcemanager_rpc_url=http://plsq00028m2.corp.sprint.com:8050
      # URL of the ProxyServer API
      proxy_api_url=http://plsq00028m2.corp.sprint.com:8088
      # URL of the HistoryServer API
      history_server_api_url=http://plsq00023m2.corp.sprint.com:19888
      # URL of the AppTimelineServer API
      app_timeline_server_api_url=http://plsq00028m2.corp.sprint.com:8188
      # URL of the NodeManager API
      node_manager_api_url=http://plsq00028m2.corp.sprint.com:8042
      # HA support by specifying multiple clusters
      # e.g.
      # [[[ha]]]
        # Enter the host on which you are running the failover Resource Manager
        resourcemanager_api_url=http://plsq00023m2.corp.sprint.com:8088
        logical_name=rm2
        submit_to=True
###########################################################################
# Settings to configure liboozie
###########################################################################
[liboozie]
  # The URL where the Oozie service runs on. This is required in order for
  # users to submit jobs.
  oozie_url=http://plsq00028m2.corp.sprint.com:11000/oozie
  ## security_enabled=true
  # Location on HDFS where the workflows/coordinator are deployed when submitted.
  ## remote_deployement_dir=/user/hue/oozie/deployments
###########################################################################
# Settings to configure the Oozie app
###########################################################################
[oozie]
  # Location on local FS where the examples are stored.
  ## local_data_dir=..../examples
  # Location on local FS where the data for the examples is stored.
  ## sample_data_dir=...thirdparty/sample_data
  # Location on HDFS where the oozie examples and workflows are stored.
  ## remote_data_dir=/user/hue/oozie/workspaces
  # Share workflows and coordinators information with all users. If set to false,
  # they will be visible only to the owner and administrators.
  ## share_jobs=true
  # Maximum of Oozie workflows or coodinators to retrieve in one API call.
  ## oozie_jobs_count=100
  # Comma separated list of parameters which should be obfuscated in Oozie job configuration.
  ## oozie_obfuscate_params=password,pwd
  # Maximum count of actions of Oozie coodinators to be shown on the one page.
  ## oozie_job_actions_count=50
###########################################################################
# Settings to configure Beeswax
###########################################################################
[beeswax]
  # Host where Hive server Thrift daemon is running.
  # If Kerberos security is enabled, use fully-qualified domain name (FQDN).
  hive_server_host=plsq00028m1.corp.sprint.com
  # Port where HiveServer2 Thrift server runs on.
  hive_server_port=10000
  # Hive configuration directory, where hive-site.xml is located
  ## hive_conf_dir=/etc/hive/conf
  # Timeout in seconds for thrift calls to Hive service
  ## server_conn_timeout=120
  # Set a LIMIT clause when browsing a partitioned table.
  # A positive value will be set as the LIMIT. If 0 or negative, do not set any limit.
  ## browse_partitioned_table_limit=250
  # A limit to the number of rows that can be downloaded from a query.
  # A value of -1 means there will be no limit.
  # A maximum of 65,000 is applied to XLS downloads.
  ## download_row_limit=1000000
  # Hue will try to close the Hive query when the user leaves the editor page.
  # This will free all the query resources in HiveServer2, but also make its results inaccessible.
  ## close_queries=false
  # Option to show execution engine choice.
  ## show_execution_engine=False
  # "Go to column pop up on query result page. Set to false to disable"
  ## go_to_column=true
  [[ssl]]
    # SSL communication enabled for this server.
    ## enabled=false
    # Path to Certificate Authority certificates.
    ## cacerts=/etc/hue/cacerts.pem
    # Path to the private key file.
    ## key=/etc/hue/key.pem
    # Path to the public certificate file.
    ## cert=/etc/hue/cert.pem
    # Choose whether Hue should validate certificates received from the server.
    ## validate=true
###########################################################################
# Settings to configure Job Designer
###########################################################################
[jobsub]
  # Location on HDFS where the jobsub examples and templates are stored.
  ## remote_data_dir=/user/hue/jobsub
  # Location on local FS where examples and template are stored.
  ## local_data_dir=..../data
  # Location on local FS where sample data is stored
  ## sample_data_dir=...thirdparty/sample_data
###########################################################################
# Settings to configure Job Browser
###########################################################################
[jobbrowser]
  # Share submitted jobs information with all users. If set to false,
  # submitted jobs are visible only to the owner and administrators.
  ## share_jobs=true
###########################################################################
# Settings for the User Admin application
###########################################################################
[useradmin]
  # The name of the default user group that users will be a member of
  default_user_group=hadoop
  default_username=hue
  default_user_password=1111
[hcatalog]
  templeton_url=http://plsq00028m1.corp.sprint.com:50111/templeton/v1/
  security_enabled=false
[about]
  tutorials_installed=false
[pig]
  udf_path="/tmp/udfs"
$