hue 3.1.2 启用kerberose认证

hue安装与编译

系统环境是Redhat 7.5
基础数据平台是ambari 2.7.4
启用了kerberose认证

1.hue的编译

1.1.下载hue

下载hue 4.0以下的,因为需要python 3.0及以上的版本,要重新把python进行升级
这里我是从git上面上面下载 hue 3.1.2
解压至/opt/hue

1.2.编译hue

安装依赖

yum install ant asciidoc cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-plain gcc gcc-c++ krb5-devel libffi-devel libxml2-devel libxslt-devel make mysql mysql-devel openldap-devel python-devel sqlite-devel gmp-devel

安装mvn
下载mvn 3.6.0,解压至 /usr/local/mvn3.6.0,在环境变量加入mvn
如下:

export MAVEN_HOME=/usr/local/maven-3.6.0
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL
export PATH=$PATH:$MAVEN_HOME/bin

进入 /opt/hue 执行 make apps

2.hue 的安装

hue的安装位置在/opt/hue
2.1.初始化keytab文件
在kerberose的kdc服务器上面的Kadmin.local加入princ,设置密码,并生成keytab文件

addprinc hue/cebcstag2@TCLOUD.COM
addprinc -pw 111111  hue/cebcstag2
ktadd -k /etc/security/keytabs/hue.keytab -norandkey hue/cebcstag2

修改过期期限

modprinc -maxrenewlife 90day krbtgt/TCLOUD.COM@TCLOUD.COM
modprinc -maxrenewlife 90day +allow_renewable hue/cebcstag2@TCLOUD.COM

2.2.hue无数据改为mysql

用的元数据库默认用的是sqllite,把元数据库改成mysql

2.2.1.首先创建元数据库

CREATE DATABASE hue; 
use hue;
CREATE USER 'hue'@'%' IDENTIFIED BY 'abc123';
GRANT ALL PRIVILEGES ON *.* TO 'hue'@'%';
CREATE USER 'hue'@'localhost' IDENTIFIED BY 'abc123';
GRANT ALL PRIVILEGES ON *.* TO 'hue'@'localhost';
CREATE USER 'hue'@'cebcstag2' IDENTIFIED BY 'abc123';
GRANT ALL PRIVILEGES ON *.* TO 'hue'@'cebcstag2';
FLUSH PRIVILEGES;

2.2.2.元数据改成mysql

/opt/hue/desktop/conf/pseudo-distributed.ini 改变如下配置节

[[database]]
    engine=mysql
    host=cebcstag1
    port=3306
    user=hue
    password=abc123
name=hue

运行如下命令初始化元数据库

/opt/hue/build/env/bin/hue syncdb
/opt/hue/build/env/bin/hue migrate --merge

2.2.3.为了hue界面支持中文,改变其字符集

进入mysql,执行如下

alter database hue character set latin1;
use hue;
alter table beeswax_queryhistory modify `query` longtext character set utf8 collate utf8_general_ci not null;
alter table desktop_document2 modify column name varchar(255) character set utf8;
alter table desktop_document2 modify column description longtext character set utf8;
alter table desktop_document2 modify column search longtext character set utf8;

2.3.创建hue的用户组

groupadd hue
   useradd -m -g hue hue

2.4.在ambari中,加入的配置如下

core-site.xml

hadoop.proxyuser.hue.groups     *
hadoop.proxyuser.hue.hosts        *

在这里插入图片描述

hive-site.xml中加入如下配置
hive.server2.proxy.user
在这里插入图片描述

2.5.修改hue的配置文件

/opt/hue/desktop/conf/pseudo-distributed.ini

2.5.1.Hive配置节

 [beeswax]
  # Host where HiveServer2 is running.
  # If Kerberos security is enabled, use fully-qualified domain name (FQDN).
  hive_server_host=cebcstag2
  # Port where HiveServer2 Thrift server runs on.
  ## hive_server_port=10000
  # Hive configuration directory, where hive-site.xml is located
   hive_conf_dir=/etc/hive/conf

2.5.2.kerberose配置节

 [[kerberos]]
    # Path to Hue's Kerberos keytab file
    hue_keytab=/etc/security/keytabs/hue.keytab
    # Kerberos principal name for Hue
    hue_principal=hue/cebcstag2@TCLOUD.COM
    # Path to kinit
    kinit_path=/usr/bin/kinit

2.5.3.hadoop配置节

[hadoop]

 # Configuration for HDFS NameNode
  # ------------------------------------------------------------------------
  [[hdfs_clusters]]
    # HA support by using HttpFs
    [[[default]]]
      # Enter the filesystem uri
      fs_defaultfs=hdfs://cebcstag1:8020
      # NameNode logical name.
      ## logical_name=
      # Use WebHdfs/HttpFs as the communication mechanism.
      # Domain should be the NameNode or HttpFs host.
      # Default port is 14000 for HttpFs.
       webhdfs_url=http://cebcstag1:50070/webhdfs/v1
      # Change this if your HDFS cluster is Kerberos-secured
       security_enabled=true
      # In secure mode (HTTPS), if SSL certificates from YARN Rest APIs
      # have to be verified against certificate authority
      ## ssl_cert_ca_verify=True

      # Directory of the Hadoop configuration
       hadoop_conf_dir=/etc/hadoop/conf

2.6.启动hue

注意 /opt/hue的用户组要改成hue
切换 hue用户

su hue
/opt/hue/build/env/bin/supervisor -d

注意事项:

如果出现如下错误:

Could not start SASL: Error in sasl_client_start (-4) SASL(-4): no mechanism available: No worthy mechs found
yum install cyrus-sasl-plain  cyrus-sasl-devel  cyrus-sasl-gssapi

在这里插入图片描述
libmysqlclient.so.18 cannot open shared object file
安装 mysql-devel

yum -y install mysql-devel 
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值