Hello, Hue administrators,
The Apache Knox™ Gateway is an Application Gateway for interacting with the REST APIs and UIs of Apache Hadoop deployments.
Hue supports KnoxSpnegoDjango since Hue4.6, we can turn on Hue’s KnoxSpnegoDjango auth by updating Hue configurations through CM UI or hue.ini.
On any cluster with Knox service installed, update hue.ini as following and restart Hue:
[desktop] [[auth]] backend=desktop.auth.backend.KnoxSpnegoDjangoBackend [[knox]] knox_principal=knox knox_proxyhosts=weixia-1.domain.site,weixia-2.domain.site
Or on any CM managed cluster, Hue can be configured with KnoxSpnegoDjango backend through CM UI:
Fill knox_proxyhosts field with accurate knox proxy hostname, you can get the hosts by navigating to Clusters->KNOX, and click on ‘Instances’ tab: For Knox HA cluster, you can fill in all the hosts by clicking on “+” icon:
Click ‘Save Changes’, you will see a warning about role missing kerberos keytab. Click on “Administration”–>”Security” as shown below: Then navigate back to Clusters->HUE-1, click on the “stale configuration: Restart” icon beside the “Actions” button, follow the wizard to choose “Restart staled services”, select “Re-deploy client configuration” and click on “Restart Now”, wait till it finishes.
Navigate to Hue’s Web UI dropdown and select “Knox Gateway UI” to load Knox UI: Then click on “+” icon of “+cdp-proxy” to expand:
Now click on the Hue icon:
You should be able to log in to hue page:
- If you hit error like “The username or password you entered is incorrect.”
Check on your knox proxy hosts that user or password is correct.
ssh [email protected] useradd weixia passwd weixia
- If you hit 403 error:
Log in to your ranger service and ensure your user or group say ‘public’ has proper permissions.
Weixia Xu from the Hue Team