Hue is a data development platform that can connect to various execution engines, such as Hive, Spark, Impala, and Presto. If you want to connect Hue to an execution engine for which LDAP authentication is enabled, you must add some custom configurations to Hue. This topic describes how to configure Hue to connect to the execution engines for which LDAP authentication is enabled.

Prerequisites

An E-MapReduce (EMR) Hadoop cluster is created. For more information, see Create a cluster.

Step 1: Create a proxy account to pass LDAP authentication

If LDAP authentication is enabled for an execution engine, access to this engine from Hue is rejected because LDAP authentication fails. In this case, you must perform the following steps to create a proxy account so that Hue can use this account to pass LDAP authentication and run jobs:

  1. Connect to the master node of the EMR cluster in SSH mode. For more information, see Log on to a cluster.
  2. Create a hue.ldif file that contains the following content:
    dn: uid=hue,ou=people,o=emr
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    userPassword: <password>
    sn: hue
    cn: hue
    uid: hue
  3. Create a proxy account for Hue.
    ldapadd -x -H ldap://emr-header-1:10389 -D uid=admin,o=emr -w <admin_pwd> -f hue.ldif

    <admin_pwd>: the password of the LDAP admin account. To obtain the value, choose Cluster Service > OpenLDAP in the left-side navigation pane of the Cluster Overview page in the EMR console. On the OpenLDAP service page, click the Configure tab. In the Service Configuration section, view the value of the manager_password parameter.

    manager_password_zh

Step 2: Configure Hue to connect to the execution engines for which LDAP authentication is enabled

  1. Go to the Hue service page.
    1. Log on to the Alibaba Cloud EMR console.
    2. In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
    3. Click the Cluster Management tab. Find your cluster and click Details in the Actions column.
    4. In the left-side navigation pane, choose Cluster Service > Hue.
    5. On the Hue service page, click the Configure tab.
    6. In the Service Configuration section, click the hue tab.
  2. Customize configurations for Hue.
    1. In the upper-right corner of the Service Configuration section, click Custom Configuration.
    2. In the Add Configuration Item dialog box, add configuration items. The required configuration items depend on the execution engine.
      • Add the following configuration items if the execution engine is Hive or Spark.
        Configuration item Description
        beeswax.auth_username Set it to hue.
        beeswax.auth_password The password of the proxy account that you created for Hue. For more information, see Step 1: Create a proxy account to pass LDAP authentication.
      • Add the following configuration items if the execution engine is Impala.
        Configuration item Description
        impala.auth_username Set it to hue.
        impala.auth_password The password of the proxy account that you created for Hue. For more information, see Step 1: Create a proxy account to pass LDAP authentication.
      • Add the following configuration item if the execution engine is Presto:
        notebook.interpreters.presto.options. Set this configuration item to the following content:
        {"url": "jdbc:presto://<hostname>:7778/hive/default?SSL=true&SSLKeyStorePath=/etc/ecm/presto-conf/keystore&SSLKeyStorePassword=<keystore_pwd>", "driver": "com.facebook.presto.jdbc.PrestoDriver", "has_impersonation": true}
        The following table describes the parameters that you must configure in the preceding content.
        Parameter Description
        hostname The hostname. You can run the hostname command on the node that runs PrestoMaster to obtain the hostname.

        You must set this parameter in the emr-header-1.cluster-xxx format.

        keystore_pwd The keystore password. To obtain the value, choose Cluster Service > Presto in the left-side navigation pane of the Cluster Overview page in the EMR console. On the Presto service page, click the Configure tab. In the Service Configuration section, view the value of the keystore_password parameter.
        Note If you cannot find the keystore_password parameter on the Presto service page, log on to the master node of the cluster by using SSH and run the sed -n 's/http-server.https.keystore.key=\([^;]*\)/\1/p' /etc/ecm/presto-conf/config.properties command to obtain the password. For more information about how to log on to the cluster, see Log on to a cluster.
        To use Presto in Hue, you must enter a valid LDAP username and password pair. Otherwise, you cannot execute SQL statements. hue-presto
    3. Click OK.
  3. Save the configurations.
    1. In the upper-right corner of the Service Configuration section, click Save.
    2. In the Confirm Changes dialog box, specify Description and turn on Auto-update Configuration.
    3. Click OK.
  4. Restart Hue.
    1. Click History to view the configuration progress of Hue.
    2. After configuration is complete, choose Actions > Restart Hue in the upper-right corner of the Hue service page.
    3. In the Cluster Activities dialog box, specify Description and click OK.
    4. In the Confirm message, click OK.
    After the restart is complete, you can access a specific execution engine for which LDAP authentication is enabled from Hue.