Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (1)
Super Collaborator

To secure the Spark Thrift server first we need to change the mode from binary to http then secure the channel with the certificates.

Login to Ambari-> Spark(2)-> Configs -> Custom spark-hive-site-override:

Set the following parameters :

hive.server2.transport.mode : http 
hive.server2.thrift.http.port : 10015 /  10016 ( in case of spark 2)
hive.server2.http.endpoint : cliservice

#Enabling the SSL mode

hive.server2.use.SSL : true 
hive.server2.keystore.path : </path/to/your/keystore/jks>
hive.server2.keystore.password : <keystorepassword>

in case of server certs are not available process to create self-signed certs (from Hive Wiki page)

Setting up SSL with self-signed certificates

Use the following steps to create and verify self-signed SSL certificates for use with HiveServer2:

  1. Create the self-signed certificate and add it to a keystore file using: keytool -genkey -alias example.com -keyalg RSA -keystore keystore.jks -keysize 2048 Ensure the name used in the self signed certificate matches the hostname where Thrift server will run.
  2. List the keystore entries to verify that the certificate was added. Note that a keystore can contain multiple such certificates: keytool -list -keystore keystore.jks
  3. Export this certificate from keystore.jks to a certificate file: keytool -export -alias example.com -file example.com.crt -keystore keystore.jks
  4. Add this certificate to the client's truststore to establish trust: keytool -import -trustcacerts -alias example.com -file example.com.crt -keystore truststore.jks
  5. Verify that the certificate exists in truststore.jks: keytool -list -keystore truststore.jks
  6. Then start Spark Thrift server, use spark-sql form spark bin or try to connect with beeline using: jdbc:hive2://<host>:<port>/<database>;ssl=true;sslTrustStore=<path-to-truststore>;trustStorePassword=<truststore-password>
1,294 Views
Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎12-21-2017 12:24 AM
Updated by:
 
Contributors
Top Kudoed Authors