Hue is a data development platform that can connect to various execution engines, such as Hive, Spark, Impala, and Presto. If you want to connect Hue to an execution engine for which LDAP authentication is enabled, you must add some custom configurations to Hue. This topic describes how to configure Hue to connect to the execution engines for which LDAP authentication is enabled.
Prerequisites
An E-MapReduce (EMR) Hadoop cluster is created. For more information, see Create a cluster.
Step 1: Create a proxy account to pass LDAP authentication
If LDAP authentication is enabled for an execution engine, access to this engine from Hue is rejected because LDAP authentication fails. In this case, you must perform the following steps to create a proxy account so that Hue can use this account to pass LDAP authentication and run jobs:
Connect to the master node of the EMR cluster in SSH mode. For more information, see Log on to a cluster.
Create a hue.ldif file that contains the following content:
dn: uid=hue,ou=people,o=emr objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson userPassword: <password> sn: hue cn: hue uid: hue
NoteCustomize password, which is required in Step 2: Configure Hue to connect to the execution engines for which LDAP authentication is enabled.
Create a proxy account for Hue.
ldapadd -x -H ldap://emr-header-1:10389 -D uid=admin,o=emr -w <admin_pwd> -f hue.ldif
<admin_pwd>: the password of the LDAP admin account. To obtain the value, choose in the left-side navigation pane of the Cluster Overview page in the EMR console. On the OpenLDAP service page, click the Configure tab. In the Service Configuration section, view the value of the manager_password parameter.
Step 2: Configure Hue to connect to the execution engines for which LDAP authentication is enabled
Go to the Hue service page.
Log on to the Alibaba Cloud EMR console.
In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
Click the Cluster Management tab. Find your cluster and click Details in the Actions column.
In the left-side navigation pane, choose .
On the Hue service page, click the Configure tab.
In the Service Configuration section, click the hue tab.
Customize configurations for Hue.
In the upper-right corner of the Service Configuration section, click Custom Configuration.
In the Add Configuration Item dialog box, add configuration items. The required configuration items depend on the execution engine.
Add the following configuration items if the execution engine is Hive or Spark.
Configuration item
Description
beeswax.auth_username
Set it to hue.
beeswax.auth_password
The password of the proxy account that you created for Hue. For more information, see Step 1: Create a proxy account to pass LDAP authentication.
Add the following configuration items if the execution engine is Impala.
Configuration item
Description
impala.auth_username
Set it to hue.
impala.auth_password
The password of the proxy account that you created for Hue. For more information, see Step 1: Create a proxy account to pass LDAP authentication.
Add the following configuration item if the execution engine is Presto:
notebook.interpreters.presto.options. Set this configuration item to the following content:
{"url": "jdbc:presto://<hostname>:7778/hive/default?SSL=true&SSLKeyStorePath=/etc/ecm/presto-conf/keystore&SSLKeyStorePassword=<keystore_pwd>", "driver": "com.facebook.presto.jdbc.PrestoDriver", "has_impersonation": true}
The following table describes the parameters that you must configure in the preceding content.
Parameter
Description
hostname
The hostname. You can run the
hostname
command on the node that runs PrestoMaster to obtain the hostname.You must set this parameter in the emr-header-1.cluster-xxx format.
keystore_pwd
The keystore password. To obtain the value, choose keystore_password parameter.
in the left-side navigation pane of the Cluster Overview page in the EMR console. On the Presto service page, click the Configure tab. In the Service Configuration section, view the value of theNoteIf you cannot find the keystore_password parameter on the Presto service page, log on to the master node of the cluster by using SSH and run the
sed -n 's/http-server.https.keystore.key=\([^;]*\)/\1/p' /etc/ecm/presto-conf/config.properties
command to obtain the password. For more information about how to log on to the cluster, see Log on to a cluster.To use Presto in Hue, you must enter a valid LDAP username and password pair. Otherwise, you cannot execute SQL statements.
Click OK.
Save the configurations.
In the upper-right corner of the Service Configuration section, click Save.
In the Confirm Changes dialog box, specify Description and turn on Auto-update Configuration.
Click OK.
Restart Hue.
Click History to view the configuration progress of Hue.
After configuration is complete, choose in the upper-right corner of the Hue service page.
In the Cluster Activities dialog box, specify Description and click OK.
In the Confirm message, click OK.
After the restart is complete, you can access a specific execution engine for which LDAP authentication is enabled from Hue.