Configure Hue to use MapR-SASL
You can configure Hue to use MapR-SASL for its communications with various components on a secure MapR cluster. As of Hue 3.7-1505, Hue automatically detects and sets the security configuration of the cluster and its components. Therefore, in some cases, minimal configuration is required.
- Hive
- Sqoop2
- HttpFS
- MRv1
- Oozie
- YARN
hue.ini
, you must restart Hue. However, if
you configure multiple sections of the same file, you can restart Hue one time after
your updates are complete. Configure Hue to use MapR-SASL for Hive
As of Hue 3.7-1505, Hue can use MapR-SASL to communicate with Hive 0.13-1504 or greater on a secure MapR cluster that is version 4.1 or greater.
When Hive is configured to use MapR-SASL and the cluster is secure, Hue automatically uses MapR-SASL with Hive.
Configure Hue to use MapR-SASL for Sqoop2
As of Hue 3.8.1, Hue can use MapR-SASL to communicate with Sqoop2 1.99.6 or greater on a secure MapR cluster that is version 5.0 or greater.
When Sqoop2 is configured to use MapR-SASL and the cluster is secure, Hue automatically uses MapR-SASL with Sqoop2.
Configure Hue to use MapR-SASL for HttpFS
As of Hue 3.7-1505, Hue uses MapR-SASL to communicate with HttpFS 1.0-1504 or greater on a secure MapR cluster that is version 4.0.1 cluster or greater.
The default hui.ini file that is installed with Hue (version 3.7-1505 and above) includes the following configurations that allow Hue to automatically detect and set the security configuration:
[[hdfs_clusters]]
# HA support by using HttpFs
[[[default]]]
...
# Change this if your HDFS cluster is secured
security_enabled=${security_enabled}
# Security mechanism of authentication none/GSSAPI/MAPR-SECURITY
mechanism=${mechanism}
...
security_enabled=True
and
mechanism=MAPR-SECURITY
, MapR-SASL will still be used; however, no
automatic configuration will occur. Configure Hue to use MapR-SASL for MRv1
As of Hue 3.7, Hue can use MapR-SASL to communicate with JobTracker on a secure MapR cluster that is version 4.0.2 or greater. You cannot configure Hue to use both Kerberos and MapR-SASL for its communications with MRv1.
The default hue.ini
file that is installed with Hue (version
3.7-1505 and above) includes the following configurations that
allow Hue to automatically detect and set the security
configuration:
[[mapred_clusters]]
[[[default]]]
...
# Change this if your MapReduce cluster is secured
security_enabled=${security_enabled}
# Security mechanism of authentication none/GSSAPI/MAPR-SECURITY
mechanism=${mechanism}
...
security_enabled=True
and
mechanism=MAPR-SECURITY
. For Hue 3.7-1505 or greater, when you set
security_enabled=True
and mechanism=MAPR-SECURITY
, MapR-SASL will be
used; however, no automatic configuration will occur. Configure Hue to use MapR-SASL for Oozie
As of Hue 3.7-1505, Hue can use MapR-SASL to communicate with Oozie 4.0.1 on a secure MapR cluster that is version 4.0.1 or greater.
The default hui.ini file that is installed with Hue (version 3.7-1505 and above) includes the following configurations that allow Hue to automatically detect and set the security configuration:
[liboozie]
...
# Requires FQDN in oozie_url if enabled
security_enabled=${security_enabled}
...
# Security mechanism of authentication none/GSSAPI/MAPR-SECURITY
mechanism=${mechanism}
security_enabled=True
and
mechanism=MAPR-SECURITY
, MapR-SASL will still be used; however, no
automatic configuration will occur. Configure Hue to use MapR-SASL for YARN
As of Hue 3.7-1505, Hue can use MapR-SASL to communicate with YARN on a secure MapR cluster that is version MapR 4.0.1 or greater.
To configure Hue to use MapR-SASL for YARN, complete the
following steps to in the [[yarn_clusters]] [[[default]]]
section of the hue.ini
file
- Verify that
security_enabled=true
orsecurity_enabled=${security_enabled}
- Verify that
mechanism=MAPR-SECURITY
ormechanism=${mechanism}
- Set
ssl_cert_ca_verify=False
. The changes are summarized in the followinghue.ini
file:[[yarn_clusters]] [[[default]]] ... # Change this if your YARN cluster is secured security_enabled=${security_enabled} ... # Security mechanism of authentication none/GSSAPI/MAPR-SECURITY mechanism=${mechanism} # In secure mode (HTTPS), if SSL certificates from Resource Manager's # Rest Server have to be verified against certificate authority ssl_cert_ca_verify=False
NOTE: Ifsecurity_enabled=True
andmechanism=MAPR-SECURITY
, MapR-SASL will still be used; however, no automatic configuration will occur.