Reply
Highlighted
Explorer
Posts: 18
Registered: ‎02-03-2017

Not able to view files in Filebrowser in HUE UI(3.10.0)

[ Edited ]

Hello

 

 I have installed Hue 3.10.0 and logging to HUE UI using Active Directory User credentials.

I am able to login but not able to access the Files from Filebrowser tab.

Below is the log snippet from runcpserver.log

 

 

[21/Mar/2017 11:51:19 +1100] middleware   INFO     Processing exception: Cannot access: /user/philip.crawford.  Note: you are a Hue admin but not a HDFS superuser, "mapr" or part of HDFS supergroup, "supergroup".: Traceback (most recent call last):

  File "/opt/mapr/hue/hue-3.10.0/build/env/lib/python2.6/site-packages/Django-1.6.10-py2.6.egg/django/core/handlers/base.py", line 112, in get_response

    response = wrapped_callback(request, *callback_args, **callback_kwargs)

  File "/opt/mapr/hue/hue-3.10.0/build/env/lib/python2.6/site-packages/Django-1.6.10-py2.6.egg/django/db/transaction.py", line 371, in inner

    return func(*args, **kwargs)

  File "/opt/mapr/hue/hue-3.10.0/apps/filebrowser/src/filebrowser/views.py", line 111, in index

    return view(request, path)

  File "/opt/mapr/hue/hue-3.10.0/apps/filebrowser/src/filebrowser/views.py", line 189, in view

    raise PopupException(msg , detail=e)

PopupException: Cannot access: /user/philip.crawford.  Note: you are a Hue admin but not a HDFS superuser, "mapr" or part of HDFS supergroup, "supergroup".

 

[21/Mar/2017 11:51:19 +1100] webhdfs      ERROR    Failed to determine superuser of WebHdfs at http://tstapp258vs:14000/webhdfs/v1: IOException: Error getting user info for current user, philip.crawford (error 500)

Traceback (most recent call last):

  File "/opt/mapr/hue/hue-3.10.0/desktop/libs/hadoop/src/hadoop/fs/webhdfs.py", line 173, in superuser

    sb = self.stats('/var')

  File "/opt/mapr/hue/hue-3.10.0/desktop/libs/hadoop/src/hadoop/fs/webhdfs.py", line 260, in stats

    res = self._stats(path)

  File "/opt/mapr/hue/hue-3.10.0/desktop/libs/hadoop/src/hadoop/fs/webhdfs.py", line 254, in _stats

    raise ex

WebHdfsException: IOException: Error getting user info for current user, philip.crawford (error 500)

[21/Mar/2017 11:51:19 +1100] connectionpool DEBUG    "GET /webhdfs/v1/var?op=GETFILESTATUS&user.name=mapr&doas=philip.crawford HTTP/1.1" 500 None

[21/Mar/2017 11:51:19 +1100] connectionpool INFO     Resetting dropped connection: tstapp258vs

[21/Mar/2017 11:51:19 +1100] connectionpool DEBUG    "GET /webhdfs/v1/user/philip.crawford?op=GETFILESTATUS&user.name=mapr&doas=philip.crawford HTTP/1.1" 500 None

[21/Mar/2017 11:51:19 +1100] connectionpool INFO     Resetting dropped connection: tstapp258vs

 

 

[21/Mar/2017 12:03:20 +1100] middleware   INFO     Processing exception: Cannot access: /user/philip.crawford.  Note: you are a Hue admin but not a HDFS superuser, "mapr" or part of HDFS supergroup, "supergroup".: Traceback (most recent call last):

  File "/opt/mapr/hue/hue-3.10.0/build/env/lib/python2.6/site-packages/Django-1.6.10-py2.6.egg/django/core/handlers/base.py", line 112, in get_response

    response = wrapped_callback(request, *callback_args, **callback_kwargs)

  File "/opt/mapr/hue/hue-3.10.0/build/env/lib/python2.6/site-packages/Django-1.6.10-py2.6.egg/django/db/transaction.py", line 371, in inner

    return func(*args, **kwargs)

  File "/opt/mapr/hue/hue-3.10.0/apps/filebrowser/src/filebrowser/views.py", line 111, in index

    return view(request, path)

  File "/opt/mapr/hue/hue-3.10.0/apps/filebrowser/src/filebrowser/views.py", line 189, in view

    raise PopupException(msg , detail=e)

PopupException: Cannot access: /user/philip.crawford.  Note: you are a Hue admin but not a HDFS superuser, "mapr" or part of HDFS supergroup, "supergroup".

 

[21/Mar/2017 12:03:20 +1100] webhdfs      ERROR    Failed to determine superuser of WebHdfs at http://tstapp258vs:14000/webhdfs/v1: IOException: Error getting user info for current user, philip.crawford (error 500)

Traceback (most recent call last):

  File "/opt/mapr/hue/hue-3.10.0/desktop/libs/hadoop/src/hadoop/fs/webhdfs.py", line 173, in superuser

    sb = self.stats('/var')

 

HUE.INI

[desktop]

# Set this to a random string, the longer the better.
# This is used for secure hashing in the session store.
secret_key=asdf0w993q02495uperw9poijsdfqweoriu23o4iuoweifjlkasdjfwiqeru034590345098

# Execute this script to produce the Django secret key. This will be used when
# `secret_key` is not set.
## secret_key_script=

# Webserver listens on this address and port
http_host=0.0.0.0
http_port=8888

# Time zone name
time_zone=Australia/Canberra

# Enable or disable Django debug mode.
django_debug_mode=true

# Enable or disable database debug mode.
## database_logging=false

# Whether to send debug messages from JavaScript to the server logs.
## send_dbug_messages=false

# Enable or disable backtrace for server error
http_500_debug_mode=true

# Enable or disable memory profiling.
## memory_profiler=false

# Server email for internal error messages
## django_server_email='hue@localhost.localdomain'

# Email backend
## django_email_backend=django.core.mail.backends.smtp.EmailBackend

# Webserver runs as this user
server_user=mapr
server_group=mapr

# This should be the Hue admin and proxy user
default_user=mapr
# This should be the hadoop cluster admin
default_hdfs_superuser=mapr

default_jobtracker_host=maprfs:///
# If set to false, runcpserver will not actually start the web server.
# Used if Apache is being used as a WSGI container.
## enable_server=yes

# Number of threads used by the CherryPy web server
## cherrypy_server_threads=40

# Filename of SSL Certificate
## ssl_certificate=

# Filename of SSL RSA Private Key
## ssl_private_key=

# Filename of SSL Certificate Chain
## ssl_certificate_chain=

# SSL certificate password
## ssl_password=

# Execute this script to produce the SSL password. This will be used when `ssl_password` is not set.
## ssl_password_script=

# List of allowed and disallowed ciphers in cipher list format.
# See http://www.openssl.org/docs/apps/ciphers.html for more information on
# cipher list format. This list is from
# https://wiki.mozilla.org/Security/Server_Side_TLS v3.7 intermediate
# recommendation, which should be compatible with Firefox 1, Chrome 1, IE 7,
# Opera 5 and Safari 1.
## ssl_cipher_list=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

# Path to default Certificate Authority certificates.
## ssl_cacerts=/opt/mapr/hue/hue-3.10.0/cert.pem

# Choose whether Hue should validate certificates received from the server.
## validate=true

# Default LDAP/PAM/.. username and password of the hue user used for authentications with other services.
# Inactive if password is empty.
# e.g. LDAP pass-through authentication for HiveServer2 or Impala. Apps can override them individually.
auth_username=mapr
auth_password=########

# Default encoding for site data
## default_site_encoding=utf-8

# Help improve Hue with anonymous usage analytics.
# Use Google Analytics to see how many times an application or specific section of an application is used, nothing more.
## collect_usage=true

# Tile layer server URL for the Leaflet map charts
# Read more on http://leafletjs.com/reference.html#tilelayer
## leaflet_tile_layer=http://{s}.tile.osm.org/{z}/{x}/{y}.png

# The copyright message for the specified Leaflet maps Tile Layer
## leaflet_tile_layer_attribution='&copy; <a href="http://osm.org/copyright">OpenStreetMap</a> contributors'

# X-Frame-Options HTTP header value. Use 'DENY' to deny framing completely
## http_x_frame_options=SAMEORIGIN

# Enable X-Forwarded-Host header if the load balancer requires it.
## use_x_forwarded_host=false

# Support for HTTPS termination at the load-balancer level with SECURE_PROXY_SSL_HEADER.
## secure_proxy_ssl_header=false

# Comma-separated list of Django middleware classes to use.
# See https://docs.djangoproject.com/en/1.4/ref/middleware/ for more details on middlewares in Django.
## middleware=desktop.auth.backend.LdapSynchronizationBackend

# Comma-separated list of regular expressions, which match the redirect URL.
# For example, to restrict to your local domain and FQDN, the following value can be used:
# ^\/.*$,^http:\/\/www.mydomain.com\/.*$
## redirect_whitelist=^(\/[a-zA-Z0-9]+.*|\/)$

# Comma separated list of apps to not load at server startup.
# e.g.: pig,zookeeper
app_blacklist=search,rdbms,zookeeper,impala,pig,spark,sqoop,security

# Choose whether to show the new SQL editor.
## use_new_editor=true

# The directory where to store the auditing logs. Auditing is disable if the value is empty.
# e.g. /var/log/hue/audit.log
## audit_event_log_dir=

# Size in KB/MB/GB for audit log to rollover.
## audit_log_max_file_size=100MB

# A json file containing a list of log redaction rules for cleaning sensitive data
# from log files. It is defined as:
#
# {
# "version": 1,
# "rules": [
# {
# "description": "This is the first rule",
# "trigger": "triggerstring 1",
# "search": "regex 1",
# "replace": "replace 1"
# },
# {
# "description": "This is the second rule",
# "trigger": "triggerstring 2",
# "search": "regex 2",
# "replace": "replace 2"
# }
# ]
# }
#
# Redaction works by searching a string for the [TRIGGER] string. If found,
# the [REGEX] is used to replace sensitive information with the
# [REDACTION_MASK]. If specified with `log_redaction_string`, the
# `log_redaction_string` rules will be executed after the
# `log_redaction_file` rules.
#
# For example, here is a file that would redact passwords and social security numbers:

# {
# "version": 1,
# "rules": [
# {
# "description": "Redact passwords",
# "trigger": "password",
# "search": "password=\".*\"",
# "replace": "password=\"???\""
# },
# {
# "description": "Redact social security numbers",
# "trigger": "",
# "search": "\d{3}-\d{2}-\d{4}",
# "replace": "XXX-XX-XXXX"
# }
# ]
# }
## log_redaction_file=

# Comma separated list of strings representing the host/domain names that the Hue server can serve.
# e.g.: localhost,domain1,*
## allowed_hosts=*

# Administrators
# ----------------
[[django_admins]]
## [[[admin1]]]
## name=john
## email=john@doe.com

# UI customizations
# -------------------
[[custom]]

# Top banner HTML code
# e.g. <H4>Test Lab A2 Hue Services</H4>
## banner_top_html=

# Login splash HTML code
# e.g. WARNING: You are required to have authorization before you proceed
## login_splash_html=<h4>GetHue.com</h4><br/><br/>WARNING: You have accessed a computer managed by GetHue. You are required to have authorization from GetHue before you proceed.

# Cache timeout in milliseconds for the assist, autocomplete, etc.
# defaults to 86400000 (1 day), set to 0 to disable caching
## cacheable_ttl=86400000

# Configuration options for user authentication into the web application
# ------------------------------------------------------------------------
[[auth]]

# Authentication backend. Common settings are:
# - django.contrib.auth.backends.ModelBackend (entirely Django backend)
# - desktop.auth.backend.AllowAllBackend (allows everyone)
# - desktop.auth.backend.AllowFirstUserDjangoBackend
# (Default. Relies on Django and user manager, after the first login)
# - desktop.auth.backend.LdapBackend
# - desktop.auth.backend.PamBackend - WARNING: existing users in Hue may be unaccessible if they not exist in OS
# - desktop.auth.backend.SpnegoDjangoBackend
# - desktop.auth.backend.RemoteUserDjangoBackend
# - libsaml.backend.SAML2Backend
# - libopenid.backend.OpenIDBackend
# - liboauth.backend.OAuthBackend
# (New oauth, support Twitter, Facebook, Google+ and Linkedin
# Multiple Authentication backends are supported by specifying a comma-separated list in order of priority.
# However, in order to enable OAuthBackend, it must be the ONLY backend configured.
# backend=desktop.auth.backend.PamBackend
backend=desktop.auth.backend.LdapBackend

# Class which defines extra accessor methods for User objects.
## user_aug=desktop.auth.backend.DefaultUserAugmentor

# The service to use when querying PAM.
pam_service=sudo sshd login

# When using the desktop.auth.backend.RemoteUserDjangoBackend, this sets
# the normalized name of the header that contains the remote user.
# The HTTP header in the request is converted to a key by converting
# all characters to uppercase, replacing any hyphens with underscores
# and adding an HTTP_ prefix to the name. So, for example, if the header
# is called Remote-User that would be configured as HTTP_REMOTE_USER
#
# Defaults to HTTP_REMOTE_USER
## remote_user_header=HTTP_REMOTE_USER

# Ignore the case of usernames when searching for existing users.
# Supported in remoteUserDjangoBackend and SpnegoDjangoBackend
## ignore_username_case=true

# Forcibly cast usernames to lowercase, takes precedence over force_username_uppercase
# Supported in remoteUserDjangoBackend and SpnegoDjangoBackend
## force_username_lowercase=true

# Forcibly cast usernames to uppercase, cannot be combined with force_username_lowercase
## force_username_uppercase=false

# Users will expire after they have not logged in for 'n' amount of seconds.
# A negative number means that users will never expire.
## expires_after=-1

# Apply 'expires_after' to superusers.
## expire_superusers=true

# Users will automatically be logged out after 'n' seconds of inactivity.
# A negative number means that idle sessions will not be timed out.
idle_session_timeout=-1

# Force users to change password on first login with desktop.auth.backend.AllowFirstUserDjangoBackend
## change_default_password=false

# Number of login attempts allowed before a record is created for failed logins
## login_failure_limit=3

# After number of allowed login attempts are exceeded, do we lock out this IP and optionally user agent?
## login_lock_out_at_failure=false

# If set, defines period of inactivity in seconds after which failed logins will be forgotten
## login_cooloff_time=60

# If True, lock out based on IP and browser user agent
## login_lock_out_by_combination_browser_user_agent_and_ip=false

# If True, lock out based on IP and user
## login_lock_out_by_combination_user_and_ip=false

# Configuration options for connecting to LDAP and Active Directory
# -------------------------------------------------------------------
[[ldap]]

# The search base for finding users and groups
base_dn="dc=test,dc=act,dc=gov,dc=au"

# URL of the LDAP server
ldap_url=ldap://ldap.test.act.gov.au:389

# The NT domain used for LDAP authentication
nt_domain=test.act.gov.au

# A PEM-format file containing certificates for the CA's that
# Hue will trust for authentication over TLS.
# The certificate for the CA that signed the
# LDAP server certificate must be included among these certificates.
# See more here http://www.openldap.org/doc/admin24/tls.html.
## ldap_cert=
use_start_tls=false

# Distinguished name of the user to bind as -- not necessary if the LDAP server
# supports anonymous searches
bind_dn="CN=svc_Map-R,OU=Service Accounts,OU=IS Windows,DC=test,DC=act,DC=gov,DC=au"

# Password of the bind user -- not necessary if the LDAP server supports
# anonymous searches
bind_password="#########"

# Execute this script to produce the bind user password. This will be used
# when `bind_password` is not set.
## bind_password_script=

# Pattern for searching for usernames -- Use <username> for the parameter
# For use when using LdapBackend for Hue authentication
# If nt_domain is specified, this config is completely ignored.
# If nt_domain is not specified, this should take on the form "cn=<username>,dc=example,dc=com",
# where <username> is replaced by whatever is provided at the login page. Depending on your ldap schema,
# you can also specify additional/alternative comma-separated attributes like uid, ou, etc
#ldap_username_pattern="sAMAccountName={user}"

# Create users in Hue when they try to login with their LDAP credentials
# For use when using LdapBackend for Hue authentication
## create_users_on_login = true

# Synchronize a users groups when they login
## sync_groups_on_login=false

# Ignore the case of usernames when searching for existing users in Hue.
## ignore_username_case=true

# Force usernames to lowercase when creating new users from LDAP.
# Takes precedence over force_username_uppercase
## force_username_lowercase=true

# Force usernames to uppercase, cannot be combined with force_username_lowercase
## force_username_uppercase=false

# Use search bind authentication.
# If set to true, hue will perform ldap search using bind credentials above (bind_dn, bind_password)
# Hue will then search using the 'base_dn' for an entry with attr defined in 'user_name_attr', with the value
# of short name provided on the login page. The search filter defined in 'user_filter' will also be used to limit
# the search. Hue will search the entire subtree starting from base_dn.
# If search_bind_authentication is set to false, Hue performs a direct bind to LDAP using the credentials provided
# (not bind_dn and bind_password specified in hue.ini). There are 2 modes here - 'nt_domain' is specified or not.
search_bind_authentication=true

# Choose which kind of subgrouping to use: nested or suboordinate (deprecated).
## subgroups=suboordinate

# Define the number of levels to search for nested members.
## nested_members_search_depth=10

# Whether or not to follow referrals
## follow_referrals=false

# Enable python-ldap debugging.
debug=true

# Sets the debug level within the underlying LDAP C lib.
debug_level=255

# Possible values for trace_level are 0 for no logging, 1 for only logging the method calls with arguments,
# 2 for logging the method calls with arguments and the complete results and 9 for also logging the traceback of method calls.
trace_level=9