Hue连接开启ldap认证的impala
- 环境准备
MRS集群:版本2.x,未开启Kerberos
Impala开启ldap认证,详见博客 https://bbs.huaweicloud.com/blogs/221095
2. 修改hue配置文件(黄色标注部分为修改项)
文件目录 :/opt/Bigdata/MRS_2.x/install/FusionInsight-Hue-3.11.0/hue/desktop/conf/hue.ini
[[auth]]
backend=desktop.auth.backend.LdapBackend
[[ldap]]
ldap_url=ldaps://LdapServerIP:21780
ldap_username_pattern="cn=<username>,ou=Peoples,dc=hadoop,dc=com"
use_start_tls=false
search_bind_authentication=false
create_user_on_login=true
base_dn="ou=Peoples,dc=hadoop,dc=com"
bind_dn="cn=root,ou=Peoples,dc=hadoop,dc=com"
bind_password="LdapChangeMe@123"
[impala]
server_host=node-ana-corevdgu.392b4f58-a231-4fb4-94da-b2fa7a70a23a.com
server_port=21050
impala_principal=
impersonation_enabled=True
querycache_rows=50000
close_queries=true
server_conn_timeout=120
query_timeout_s=600
auth_password="xxx"
auth_username=xxx(该用户需要是一个impala管理员用户)
3. 修改hue py文件
文件目录: /opt/Bigdata/MRS_2.x/install/FusionInsight-Hue-3.11.0/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py
565 if self.query_server['server_name'] == 'impala':
566 if auth_password: # Force LDAP/PAM.. auth if auth_password is provided
567 use_sasl = True
568 mechanism = HiveServerClient.HS2_MECHANISMS['LDAP']
569 else:
4. 修改impala py文件
文件目录:/opt/Bigdata/MRS_2.x/install/FusionInsight-Hue-3.11.0/hue/apps/impala/src/impala/conf.py
160 AUTH_PASSWORD = Config(
161 key="auth_password",
162 help=_t("LDAP/PAM/.. password of the hue user used for authentications."),
163 private=True,
164 dynamic_default=get_auth_password)
注:需修改两个master节点文件,修改完之后,需重启hue,修改之前请注意备份原文件。
5. 添加impalad自定义参数(修改完之后需重启impala服务):
Key: --authorized_proxy_user_config
Value: xxx=* (该用户和上面hue配置项中auth_username配置的用户保持一致)
- 点赞
- 收藏
- 关注作者
评论(0)