Created on 02-28-2020 03:43 AM - last edited on 02-28-2020 06:13 AM by cjervis
Hello,
I'm trying to connect from beeline/jdbc to ssl enabled Hive (3.1.0) via ssl enabled Knox ( 1.0.0 ) but without success.
1) The same connection works perfectly fine with ssl disabled on Hive side
( Ambari -> Hive -> Configs -> Settings -> Use SSL = false )
beeline -u "jdbc:hive2://knox_gateway:8443/;ssl=true;sslTrustStore=user_keystore.jks;trustStorePassword=password;transportMode=http;httpPath=gateway/default/hive" -n valid_knox_user -p valid_knox_password
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/usr/hdp/3.1.0.0-78/hive/lib/log4j-slf4j-impl-2.10.0.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/usr/hdp/3.1.0.0-78/hadoop/lib/slf4j-log4j12-1.7.25.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See <a href="<a href="http://www.slf4j.org/codes.html#multiple_bindings" target="_blank">http://www.slf4j.org/codes.html#multiple_bindings</a>" target="_blank"><a href="http://www.slf4j.org/codes.html#multiple_bindings</a" target="_blank">http://www.slf4j.org/codes.html#multiple_bindings</a</a>> for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
Connecting to jdbc:hive2://knox_gateway:8443/;ssl=true;sslTrustStore=user_keystore.jks;trustStorePassword=password;transportMode=http;httpPath=gateway/default/hive
Connected to: Apache Hive (version 3.1.0.3.1.0.0-78)
Driver: Hive JDBC (version 3.1.0.3.1.0.0-78)
Transaction isolation: TRANSACTION_REPEATABLE_READ
Beeline version 3.1.0.3.1.0.0-78 by Apache Hive
0: jdbc:hive2://knox_gateway>
As soon as the ssl is enabled for Hive( Ambari -> Hive -> Configs -> Settings -> Use SSL = true)
beeline throws error:
20/02/28 11:53:42 [main]: ERROR jdbc.HiveConnection: Error opening session
org.apache.thrift.transport.TTransportException: HTTP Response code: 500
And knox gateway log indicates:
2020-02-28 11:33:41,568 WARN knox.gateway (DefaultDispatch.java:executeOutboundRequest(147)) - Connection exception dispatching request: <a href="http://hive_server:10001/cliservice?doAs=valid_knox_user" target="_blank">http://hiver_server:10001/cliservice?doAs=valid_knox_user</a> org.apache.http.client.ClientPr
otocolException
org.apache.http.client.ClientProtocolException
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:187)
...
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.http.ProtocolException: The server failed to respond with a valid HTTP response
at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:149)
at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:56)
at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:259)
Looks like some configuration is needed to instruct knox to connect to hive over ssl but can't find such. I tried to add Hive ssl certificate to Knox gateway truststore located in /var/lib/knox/data-3.1.0.0-78/security/keystores/gateway.jks but that did not help. Any advice ?
Created 02-28-2020 03:55 AM
Reading my own post gave me an idea how to fix it and that actually worked. So posting the solution just in case.
In Advance topology configuration for knox ( Ambari -> Knox -> Configs -> Advanced topology )
The service for Hive had to be updated from :
<service>
<role>HIVE</role>
<url>http://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>
</service>
To
<service>
<role>HIVE</role>
<url>https://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>
</service>
Created 02-28-2020 03:55 AM
Reading my own post gave me an idea how to fix it and that actually worked. So posting the solution just in case.
In Advance topology configuration for knox ( Ambari -> Knox -> Configs -> Advanced topology )
The service for Hive had to be updated from :
<service>
<role>HIVE</role>
<url>http://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>
</service>
To
<service>
<role>HIVE</role>
<url>https://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>
</service>
Created 02-28-2020 06:14 AM
I'm happy to see you resolved your issue. Please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future.