Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
We’ve updated our product names and community labels - click here for full details
Solved Go to solution

Beeline/jdbc connection issue to Hive SSL via Knox SSL

avatar
author-rank leszek_liberda
Frequent Visitor

Created on ‎02-28-2020 03:43 AM - last edited on ‎02-28-2020 06:13 AM by Community Manager Community Manager

Hello, 

I'm trying to connect from beeline/jdbc to ssl enabled Hive (3.1.0) via ssl enabled Knox ( 1.0.0 ) but without success.

 

1) The same connection works perfectly fine with ssl disabled on Hive side

( Ambari -> Hive -> Configs -> Settings -> Use SSL = false )

 

 

beeline -u "jdbc:hive2://knox_gateway:8443/;ssl=true;sslTrustStore=user_keystore.jks;trustStorePassword=password;transportMode=http;httpPath=gateway/default/hive" -n valid_knox_user -p valid_knox_password

SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/usr/hdp/3.1.0.0-78/hive/lib/log4j-slf4j-impl-2.10.0.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/usr/hdp/3.1.0.0-78/hadoop/lib/slf4j-log4j12-1.7.25.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See <a href="<a href="http://www.slf4j.org/codes.html#multiple_bindings" target="_blank">http://www.slf4j.org/codes.html#multiple_bindings</a>" target="_blank"><a href="http://www.slf4j.org/codes.html#multiple_bindings</a" target="_blank">http://www.slf4j.org/codes.html#multiple_bindings</a</a>> for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
Connecting to jdbc:hive2://knox_gateway:8443/;ssl=true;sslTrustStore=user_keystore.jks;trustStorePassword=password;transportMode=http;httpPath=gateway/default/hive
Connected to: Apache Hive (version 3.1.0.3.1.0.0-78)
Driver: Hive JDBC (version 3.1.0.3.1.0.0-78)
Transaction isolation: TRANSACTION_REPEATABLE_READ
Beeline version 3.1.0.3.1.0.0-78 by Apache Hive
0: jdbc:hive2://knox_gateway>

 

 

As soon as the ssl is enabled for Hive( Ambari -> Hive -> Configs -> Settings -> Use SSL = true)

beeline throws error:

 

 

20/02/28 11:53:42 [main]: ERROR jdbc.HiveConnection: Error opening session
org.apache.thrift.transport.TTransportException: HTTP Response code: 500

 

 

And knox gateway log indicates:

 

 

2020-02-28 11:33:41,568 WARN  knox.gateway (DefaultDispatch.java:executeOutboundRequest(147)) - Connection exception dispatching request: <a href="http://hive_server:10001/cliservice?doAs=valid_knox_user" target="_blank">http://hiver_server:10001/cliservice?doAs=valid_knox_user</a> org.apache.http.client.ClientPr
otocolException
org.apache.http.client.ClientProtocolException
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:187)
...
        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
        at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.http.ProtocolException: The server failed to respond with a valid HTTP response
        at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:149)
        at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:56)
        at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:259)

 

 

Looks like some configuration is needed to instruct knox to connect to hive over ssl but can't find such. I tried to add Hive ssl certificate to Knox gateway truststore  located in /var/lib/knox/data-3.1.0.0-78/security/keystores/gateway.jks but that did not help. Any advice ?

4,832 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank leszek_liberda
Frequent Visitor

Created ‎02-28-2020 03:55 AM

Reading my own post gave me an idea how to fix it and that actually worked. So posting the solution just in case. 

In Advance topology configuration for knox  ( Ambari -> Knox -> Configs -> Advanced topology ) 

The service for Hive had to be updated from :

            <service>
                <role>HIVE</role>
                <url>http://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>
            </service>

To

            <service>
                <role>HIVE</role>
                <url>https://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>
            </service>

 

View solution in original post

4,828 Views
2 REPLIES 2

avatar
author-rank leszek_liberda
Frequent Visitor

Created ‎02-28-2020 03:55 AM

Reading my own post gave me an idea how to fix it and that actually worked. So posting the solution just in case. 

In Advance topology configuration for knox  ( Ambari -> Knox -> Configs -> Advanced topology ) 

The service for Hive had to be updated from :

            <service>
                <role>HIVE</role>
                <url>http://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>
            </service>

To

            <service>
                <role>HIVE</role>
                <url>https://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>
            </service>

 

4,829 Views

avatar
author-rank cjervis author-rank
Community Manager

Created ‎02-28-2020 06:14 AM

I'm happy to see you resolved your issue. Please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. 

 

Screen Shot 2019-08-06 at 1.54.47 PM.png

 

 


Keep the questions coming,

Cy Jervis | Senior Manager, Knowledge Programs

if (helpful) { mark_as_solution(); } | if (appreciated) { give_kudos(); }
4,811 Views
0 Kudos
Announcements
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
What's New @ Cloudera
Announcing Cloudera Data Services 1.5.5 SP2: AI Inference an...
What's New @ Cloudera
Announcing Cloudera Streams Messaging Operator for Kubernete...
View More Announcements