Configure Hue to use MapR-SASL

You can configure Hue to use MapR-SASL for its communications with various components on a secure MapR cluster. As of Hue 3.7-1505, Hue automatically detects and sets the security configuration of the cluster and its components. Therefore, in some cases, minimal configuration is required.

Configure Hue to use MapR-SASL for Hive

As of Hue 3.7-1505, Hue can use MapR-SASL to communicate with Hive 0.13-1504 or greater on a secure MapR cluster that is version 4.1 or greater.

When Hive is configured to use MapR-SASL and the cluster is secure, Hue automatically uses MapR-SASL with Hive.

Configure Hue to use MapR-SASL for Sqoop2

As of Hue 3.8.1, Hue can use MapR-SASL to communicate with Sqoop2 1.99.6 or greater on a secure MapR cluster that is version 5.0 or greater.

When Sqoop2 is configured to use MapR-SASL and the cluster is secure, Hue automatically uses MapR-SASL with Sqoop2.

Configure Hue to use MapR-SASL for HttpFS

As of Hue 3.7-1505, Hue uses MapR-SASL to communicate with HttpFS 1.0-1504 or greater on a secure MapR cluster that is version 4.0.1 cluster or greater.

The default hui.ini file that is installed with Hue (version 3.7-1505 and above) includes the following configurations that allow Hue to automatically detect and set the security configuration:

 [[hdfs_clusters]]
    # HA support by using HttpFs
    [[[default]]]
      ...
      # Change this if your HDFS cluster is secured
      security_enabled=${security_enabled}

     # Security mechanism of authentication none/GSSAPI/MAPR-SECURITY
      mechanism=${mechanism}
      ...

Configure Hue to use MapR-SASL for MRv1

As of Hue 3.7, Hue can use MapR-SASL to communicate with JobTracker on a secure MapR cluster that is version 4.0.2 or greater. You cannot configure Hue to use both Kerberos and MapR-SASL for its communications with MRv1.

The default hue.ini file that is installed with Hue (version 3.7-1505 and above) includes the following configurations that allow Hue to automatically detect and set the security configuration:

 [[mapred_clusters]]

    [[[default]]]
      ...
      # Change this if your MapReduce cluster is secured
      security_enabled=${security_enabled}

      # Security mechanism of authentication none/GSSAPI/MAPR-SECURITY
      mechanism=${mechanism}
      ...

Configure Hue to use MapR-SASL for Oozie

As of Hue 3.7-1505, Hue can use MapR-SASL to communicate with Oozie 4.0.1 on a secure MapR cluster that is version 4.0.1 or greater.

The default hui.ini file that is installed with Hue (version 3.7-1505 and above) includes the following configurations that allow Hue to automatically detect and set the security configuration:

[liboozie]
...
# Requires FQDN in oozie_url if enabled
security_enabled=${security_enabled}
...
# Security mechanism of authentication none/GSSAPI/MAPR-SECURITY
mechanism=${mechanism}

Configure Hue to use MapR-SASL for YARN

As of Hue 3.7-1505, Hue can use MapR-SASL to communicate with YARN on a secure MapR cluster that is version MapR 4.0.1 or greater.

To configure Hue to use MapR-SASL for YARN, complete the following steps to in the [[yarn_clusters]] [[[default]]] section of the hue.ini file

1. Verify that security_enabled=true or security_enabled=${security_enabled}
2. Verify that mechanism=MAPR-SECURITY or mechanism=${mechanism}
3. Set ssl_cert_ca_verify=False. The changes are summarized in the following hue.ini file:

   [[yarn_clusters]] [[[default]]] 
   ... 
   # Change this if your YARN cluster is secured 
   security_enabled=${security_enabled} 
   ... 
   # Security mechanism of authentication none/GSSAPI/MAPR-SECURITY 
   mechanism=${mechanism}
   # In secure mode (HTTPS), if SSL certificates from Resource Manager's 
   # Rest Server have to be verified against certificate authority 
   ssl_cert_ca_verify=False 

   NOTE: If security_enabled=True and mechanism=MAPR-SECURITY, MapR-SASL will still be used; however, no automatic configuration will occur.