Modifying the hue.ini File

In the kerberos section of the hue.ini file, make the following changes:

  1. Supply the path to Hue's kerberos keytab file.
  2. Supply the kerberos principal name for Hue.
  3. Supply the path to kinit.
  4. Complete the following steps in the [[yarn_clusters]] [[[default]]] section:
    • For Hue versions prior to Hue 3.7-1505:
      1. Set security_enabled=True .
      2. Change port number assignments and change http to https for the following URL values:
        • resourcemanager_api_url
        • proxy_api_url
        • history_server_api_url
    • For Hue 3.7 versions prior to Hue 3.7-1505: Set mechanism=GSSAPI.
    If you are using a certificate signed by the CA (Certificate Authority), set the ssl_cert_ca_verify value to True. (If you are using a self-signed certificate or no certificate, leave the value set to False.)
  5. For Hue with secure Hive:
    1. In the beeswax section, make sure that the hive_conf_dir property points to a directory containing a valid hive-site.xml file (either the original or a synced copy).
    2. Provide the fully-qualified domain name (FQDN) for the hive_server_host.
      Note: For Hue to work with HiveServer2 with security enabled, you must provide the fully-qualified domain name (FQDN) for the hive_server_host. This must match the FQDN of the hue_principal property.
  6. For Oozie only, set the oozie_url parameter in the liboozie section.
    Note: For Hue to work with Oozie with security enabled, you must provide the URL where the Oozie service is running by setting the oozie_url parameter in the liboozie section.
  7. For Hbase with Hue 3.7 versions prior to Hue 3.7-1505, Set mechanism=GSSAPI in the [hbase] section.

The changes are summarized in the following hue.ini files, which you can use as a template:

[desktop]
  [[kerberos]]
    # Path to Hue's Kerberos keytab file
      hue_keytab=/opt/mapr/conf/mapr.keytab
  
    # Kerberos principal name for Hue
    # hue_principal=mapr/<hostname>@<realm>
    # Substitute your hostname and realm in the example below
      hue_principal=mapr/perfnode181.perf.lab@dev-maprtech
  
    # Path to kinit
    # Note that the actual path depends on which Linux OS you are using
      kinit_path=/usr/bin/kinit
  
[beeswax]
  # If Kerberos security is enabled, use fully-qualified domain name
  # (FQDN)
    hive_server_host=<FQDN of Hive Server>
  # Hive configuration directory, where hive-site.xml is located.
    hive_conf_dir=/opt/mapr/hive/hive-<version>/conf
  
[hadoop]
  ....
 [[yarn_clusters]]
   [[[default]]]
     # Enter the host on which you are running the ResourceManager
     ## resourcemanager_host=localhost
  
     # The port where the ResourceManager IPC listens on
     ## resourcemanager_port=8032
  
     # Whether to submit jobs to this cluster
     submit_to=true
  
     # Change this if your YARN cluster is secured
     security_enabled=${security_enabled}
  
     # URL of the ResourceManager API
     ## resourcemanager_api_url=https://localhost:8090
  
     # URL of the ProxyServer API
     ## proxy_api_url=https://localhost:8090
  
     # URL of the HistoryServer API
     history_server_api_url=https://localhost:19890
    
     # Security mechanism of authentication none/GSSAPI/MAPR-SECURITY
      mechanism=${mechanism}    
  
     # In secure mode (HTTPS), if SSL certificates from Resource Manager's
     # Rest Server have to be verified against certificate authority
     ssl_cert_ca_verify=False
    
 [liboozie]
  # The URL where the Oozie service runs on. This is required in order for
  # users to submit jobs.
    oozie_url=http://perfnode181.perf.lab:11000/oozie
  
  # Requires FQDN in oozie_url if enabled
    security_enabled=${security_enabled}
 
[hbase]
  # Security mechanism of authentication none/GSSAPI/MAPR-SECURITY
    mechanism=${mechanism}
Note: As of Hue 3.7-1505, the security_enabled and mechanism properties are automatically configured based on cluster configuration. Therefore, you do not need to configure values.