Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Failed to access filesystem root through Hue UI

kabadou_rawia
Explorer

Created ‎11-14-2017 02:54 PM

Hello,

I've installed Hue on my cluster. When i access to my Hue UI i got the errors mentioned in "errors.png".

Hue is running through supervisor with hue user as mentioned in "hue.png". It was running correctly until i enabled kerberos on my cluster. I've made the necessary configurations to configure Hue with kerberos by following these two links:

https://www.cloudera.com/documentation/enterprise/5-6-x/topics/cdh_sg_hue_kerberos_config.html and

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/kerb-config-hue.html.

I've also enabled Ranger and Ranger KMS on my cluster.

When i access to /var/log/supervisor/hue.log, i got the error mentioned in "kerberos_log.png".

I was able to access manually to hdfs root file system with hue user as shown in "hdfs_access.png".

My question are :

1- How can hue user access to hdfs root file system on kerbereized cluster through Hue UI?

2- How can hue authenticate with my cluster components?

I'll be really grateful if someone could hep me resolve this issue.


hdfs-access.pngkerberos-log.pnghue.pngerrors.png
1,601 Views
0 Kudos
2 REPLIES 2

rlevas
Guru

Created ‎11-17-2017 01:56 PM

@raouia

Looking at the screen shot from https://community.hortonworks.com/storage/attachments/42663-klist.png, it appears your SPNEGO principal is incorrect. The SPNEGO principal is a service principal. So it has 2 components... the service name and the FQDN of the relevant host. In the screen shot, I see

 HTTP/ambari@ROSAFI.COM

What I expect to see is something like 

HTTP/host1.rosafi.com@ROSAFI.COM

The same goes for the Hue service principal.

How where these created? If manually you will need to create all of the service principals to reflect the relevant hostnames.

1,017 Views
0 Kudos

kabadou_rawia
Explorer

Created ‎11-20-2017 09:40 AM

@Robert Levas

Thank you very much for your reply.

- I'm working on local domain. So, i've not a FQDN. My cluster is composed of two hosts whose hostnames are ambari and ambari-slave1. All ambari principals were automatically created when i enabled kerberos on my cluster, as shown in principals.png.

- For hue, I've created manually a hue principal by following this method:Where $FQDN is the host name of the Hue server and EXAMPLE.COM is the Hadoop realm, create a principal for the Hue server:

  1. # kadmin.local
kadmin.local: addprinc -randkey hue/$FQDN@EXAMPLE.COM

Where $FQDN is the host name of the Hue server and EXAMPLE.COM is the Hadoop realm

My hue server is running with hue user. The $FQDN is the host name of the Hue server which is ambari in my case and ROSAFI.COM is the Hadoop realm.

My questions are:

- Is the FQDN necessary for enabling kerberos? Is that the major cause of my issue?


1,017 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Product Announcements
CDP Public Cloud Release Summary: July 2022
What's New @ Cloudera
CML Backup & Restore is now available on AWS
What's New @ Cloudera
Cloudera Data Engineering (CDE) 1.16 for the Public Cloud introduces in-place upgrades, Airflow scale improvements, and Azure private storage
What's New @ Cloudera
Cloudera Machine Learning now supports disabling ML Runtime variants
Community Announcements
July 2022 Community Highlights
View More Announcements