Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Beeline/jdbc connection issue to Hive SSL via Knox SSL

avatar
author-rank leszek_liberda
New Contributor

Created on ‎02-28-2020 03:43 AM - last edited on ‎02-28-2020 06:13 AM by Community Manager Community Manager

Hello, 

I'm trying to connect from beeline/jdbc to ssl enabled Hive (3.1.0) via ssl enabled Knox ( 1.0.0 ) but without success.

 

1) The same connection works perfectly fine with ssl disabled on Hive side

( Ambari -> Hive -> Configs -> Settings -> Use SSL = false )

 

 

beeline -u "jdbc:hive2://knox_gateway:8443/;ssl=true;sslTrustStore=user_keystore.jks;trustStorePassword=password;transportMode=http;httpPath=gateway/default/hive" -n valid_knox_user -p valid_knox_password

SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/usr/hdp/3.1.0.0-78/hive/lib/log4j-slf4j-impl-2.10.0.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/usr/hdp/3.1.0.0-78/hadoop/lib/slf4j-log4j12-1.7.25.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See <a href="<a href="http://www.slf4j.org/codes.html#multiple_bindings" target="_blank">http://www.slf4j.org/codes.html#multiple_bindings</a>" target="_blank"><a href="http://www.slf4j.org/codes.html#multiple_bindings</a" target="_blank">http://www.slf4j.org/codes.html#multiple_bindings</a</a>> for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
Connecting to jdbc:hive2://knox_gateway:8443/;ssl=true;sslTrustStore=user_keystore.jks;trustStorePassword=password;transportMode=http;httpPath=gateway/default/hive
Connected to: Apache Hive (version 3.1.0.3.1.0.0-78)
Driver: Hive JDBC (version 3.1.0.3.1.0.0-78)
Transaction isolation: TRANSACTION_REPEATABLE_READ
Beeline version 3.1.0.3.1.0.0-78 by Apache Hive
0: jdbc:hive2://knox_gateway>

 

 

As soon as the ssl is enabled for Hive( Ambari -> Hive -> Configs -> Settings -> Use SSL = true)

beeline throws error:

 

 

20/02/28 11:53:42 [main]: ERROR jdbc.HiveConnection: Error opening session
org.apache.thrift.transport.TTransportException: HTTP Response code: 500

 

 

And knox gateway log indicates:

 

 

2020-02-28 11:33:41,568 WARN  knox.gateway (DefaultDispatch.java:executeOutboundRequest(147)) - Connection exception dispatching request: <a href="http://hive_server:10001/cliservice?doAs=valid_knox_user" target="_blank">http://hiver_server:10001/cliservice?doAs=valid_knox_user</a> org.apache.http.client.ClientPr
otocolException
org.apache.http.client.ClientProtocolException
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:187)
...
        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
        at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.http.ProtocolException: The server failed to respond with a valid HTTP response
        at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:149)
        at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:56)
        at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:259)

 

 

Looks like some configuration is needed to instruct knox to connect to hive over ssl but can't find such. I tried to add Hive ssl certificate to Knox gateway truststore  located in /var/lib/knox/data-3.1.0.0-78/security/keystores/gateway.jks but that did not help. Any advice ?

3,005 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank leszek_liberda
New Contributor

Created ‎02-28-2020 03:55 AM

Reading my own post gave me an idea how to fix it and that actually worked. So posting the solution just in case. 

In Advance topology configuration for knox  ( Ambari -> Knox -> Configs -> Advanced topology ) 

The service for Hive had to be updated from :

            <service>
                <role>HIVE</role>
                <url>http://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>
            </service>

To

            <service>
                <role>HIVE</role>
                <url>https://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>
            </service>

 

View solution in original post

3,001 Views
2 REPLIES 2

avatar
author-rank leszek_liberda
New Contributor

Created ‎02-28-2020 03:55 AM

Reading my own post gave me an idea how to fix it and that actually worked. So posting the solution just in case. 

In Advance topology configuration for knox  ( Ambari -> Knox -> Configs -> Advanced topology ) 

The service for Hive had to be updated from :

            <service>
                <role>HIVE</role>
                <url>http://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>
            </service>

To

            <service>
                <role>HIVE</role>
                <url>https://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>
            </service>

 

3,002 Views

avatar
author-rank cjervis author-rank
Community Manager

Created ‎02-28-2020 06:14 AM

I'm happy to see you resolved your issue. Please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. 

 

Screen Shot 2019-08-06 at 1.54.47 PM.png

 

 


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
2,984 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements