hue 3.1.2 启用kerberose认证
生活随笔
收集整理的這篇文章主要介紹了
hue 3.1.2 启用kerberose认证
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
hue安裝與編譯
系統環境是Redhat 7.5
基礎數據平臺是ambari 2.7.4
啟用了kerberose認證
1.hue的編譯
1.1.下載hue
下載hue 4.0以下的,因為需要python 3.0及以上的版本,要重新把python進行升級
這里我是從git上面上面下載 hue 3.1.2
解壓至/opt/hue
1.2.編譯hue
安裝依賴
yum install ant asciidoc cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-plain gcc gcc-c++ krb5-devel libffi-devel libxml2-devel libxslt-devel make mysql mysql-devel openldap-devel python-devel sqlite-devel gmp-devel安裝mvn
下載mvn 3.6.0,解壓至 /usr/local/mvn3.6.0,在環境變量加入mvn
如下:
進入 /opt/hue 執行 make apps
2.hue 的安裝
hue的安裝位置在/opt/hue
2.1.初始化keytab文件
在kerberose的kdc服務器上面的Kadmin.local加入princ,設置密碼,并生成keytab文件
修改過期期限
modprinc -maxrenewlife 90day krbtgt/TCLOUD.COM@TCLOUD.COM modprinc -maxrenewlife 90day +allow_renewable hue/cebcstag2@TCLOUD.COM2.2.hue無數據改為mysql
用的元數據庫默認用的是sqllite,把元數據庫改成mysql
2.2.1.首先創建元數據庫
CREATE DATABASE hue; use hue; CREATE USER 'hue'@'%' IDENTIFIED BY 'abc123'; GRANT ALL PRIVILEGES ON *.* TO 'hue'@'%'; CREATE USER 'hue'@'localhost' IDENTIFIED BY 'abc123'; GRANT ALL PRIVILEGES ON *.* TO 'hue'@'localhost'; CREATE USER 'hue'@'cebcstag2' IDENTIFIED BY 'abc123'; GRANT ALL PRIVILEGES ON *.* TO 'hue'@'cebcstag2'; FLUSH PRIVILEGES;2.2.2.元數據改成mysql
在 /opt/hue/desktop/conf/pseudo-distributed.ini 改變如下配置節
[[database]]engine=mysqlhost=cebcstag1port=3306user=huepassword=abc123 name=hue運行如下命令初始化元數據庫
/opt/hue/build/env/bin/hue syncdb /opt/hue/build/env/bin/hue migrate --merge2.2.3.為了hue界面支持中文,改變其字符集
進入mysql,執行如下
alter database hue character set latin1; use hue; alter table beeswax_queryhistory modify `query` longtext character set utf8 collate utf8_general_ci not null; alter table desktop_document2 modify column name varchar(255) character set utf8; alter table desktop_document2 modify column description longtext character set utf8; alter table desktop_document2 modify column search longtext character set utf8;2.3.創建hue的用戶組
groupadd hueuseradd -m -g hue hue2.4.在ambari中,加入的配置如下
core-site.xml
hadoop.proxyuser.hue.groups * hadoop.proxyuser.hue.hosts *hive-site.xml中加入如下配置
hive.server2.proxy.user
2.5.修改hue的配置文件
/opt/hue/desktop/conf/pseudo-distributed.ini2.5.1.Hive配置節
[beeswax]# Host where HiveServer2 is running.# If Kerberos security is enabled, use fully-qualified domain name (FQDN).hive_server_host=cebcstag2# Port where HiveServer2 Thrift server runs on.## hive_server_port=10000# Hive configuration directory, where hive-site.xml is locatedhive_conf_dir=/etc/hive/conf2.5.2.kerberose配置節
[[kerberos]]# Path to Hue's Kerberos keytab filehue_keytab=/etc/security/keytabs/hue.keytab# Kerberos principal name for Huehue_principal=hue/cebcstag2@TCLOUD.COM# Path to kinitkinit_path=/usr/bin/kinit2.5.3.hadoop配置節
[hadoop]
# Configuration for HDFS NameNode# ------------------------------------------------------------------------[[hdfs_clusters]]# HA support by using HttpFs[[[default]]]# Enter the filesystem urifs_defaultfs=hdfs://cebcstag1:8020# NameNode logical name.## logical_name=# Use WebHdfs/HttpFs as the communication mechanism.# Domain should be the NameNode or HttpFs host.# Default port is 14000 for HttpFs.webhdfs_url=http://cebcstag1:50070/webhdfs/v1# Change this if your HDFS cluster is Kerberos-securedsecurity_enabled=true# In secure mode (HTTPS), if SSL certificates from YARN Rest APIs# have to be verified against certificate authority## ssl_cert_ca_verify=True# Directory of the Hadoop configurationhadoop_conf_dir=/etc/hadoop/conf2.6.啟動hue
注意 /opt/hue的用戶組要改成hue
切換 hue用戶
注意事項:
如果出現如下錯誤:
Could not start SASL: Error in sasl_client_start (-4) SASL(-4): no mechanism available: No worthy mechs found yum install cyrus-sasl-plain cyrus-sasl-devel cyrus-sasl-gssapi
libmysqlclient.so.18 cannot open shared object file
安裝 mysql-devel
總結
以上是生活随笔為你收集整理的hue 3.1.2 启用kerberose认证的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 易语言多线程API模块综合应用
- 下一篇: 交通状态预测 | Python实现基于L