Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Getting Error While accessing Hive through Hue

Labels:
avatar
author-rank bkandalkar
Contributor

Created ‎05-15-2018 12:17 PM

Hi,

We are using HDP-2.3.4.0 and Hue-3.8 in our environment. We have enabled SSL for Hiveserver2. We haven't enabled SSL for Hue.

Now, when we are trying to access SSL enabled Hive through Hue we are getting following error:

Error!

Failed to retrieve tables for database: default
[Errno 185090050] _ssl.c:344: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib

In hue.ini, under besswax I set following:

  [[ssl]]
 # SSL communication enabled for this server. (optional since Hue 3.8)
  enabled=true
   # Path to Certificate Authority certificates.
  cacerts=/home/dev/hive-certificate/ca-chaincert.pem
  # Choose whether Hue should validate certificates received from the server.
  validate=true

ca-chaincert.pem has following certificates:

echo -n | openssl s_client -connect hadmgrndcc03-2.test.org:10001 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > hadmgrndcc03-2.test.org.pem

keytool -import -alias hadmgrndcc03-2.test.org -file hadmgrndcc03-2.test.org.pem -keystore ca-chaincert.pem

keytool -import -alias rootca -file rootca -keystore ca-chaincert.pem

keytool -import -alias intermediate -file intermediate -keystore ca-chaincert.pem

How to access SSL enabled Hive through Hue? What configurations needs to be done?

Please suggest.

Thanks.

5,189 Views
0 Kudos
10 REPLIES 10

avatar
author-rank bkandalkar
Contributor

Created ‎05-16-2018 07:21 AM

@Neeraj Sabharwal @Kuldeep Kulkarni @Alexandru Anghel @Andy LoPresto ...Please suggest.

4,705 Views
0 Kudos

avatar
author-rank Shelton
Master Mentor

Created ‎05-16-2018 08:43 AM

@Bhushan Kandalkar

Here is a tip

In the [[ssl]] section of the filehue.ini (under the beeswax section), set validate to true.

[[ssl]]
# SSL communication enabled for this server.
# Path to certificate authority certificates.
## cacerts=/path/cert.pem
# Choose whether Hue should validate certificates received from the server.
validate=true

On a secure cluster: Make sure that no custom authentication mechanism is turned on and configure the hive-site.xml with the following properties:

<name>hive.server2.thrift.sasl.qop</name>
<value>auth-conf</value>
<description>Sasl QOP value; one of 'auth', 'auth-int' and 'auth-conf'</description>
</property>
  • To restart Hue
  • To restart Hive Metastore
  • To restart HiveServer2
4,705 Views
0 Kudos

avatar
author-rank bkandalkar
Contributor

Created ‎05-16-2018 11:20 AM

@Geoffrey Shelton Okot, What about cacert? do we need to include it?

4,705 Views
0 Kudos

avatar
author-rank Shelton
Master Mentor

Created ‎05-16-2018 11:29 AM

@Bhushan Kandalkar

When you start or restart Hue on a secure cluster, keys are generated at $HUE_HOME. If generated keystore files already exist in that location, the script does nothing. The script is located here: $HUE_HOME/bin/secure.sh, and it runs with a set of default parameters, which should not be changed.

What is your current cacert path?

4,705 Views
0 Kudos

avatar
author-rank bkandalkar
Contributor

Created ‎05-16-2018 11:47 AM

@Geoffrey Shelton Okot, I haven't set cacert path. Do we need to import certificates of Hive servers in cacert file? How can I create cacert file? We have internal CA signed certificate for Hive.

4,705 Views
0 Kudos

avatar
author-rank bkandalkar
Contributor

Created ‎05-17-2018 10:09 AM

@Geoffrey Shelton Okot, here is the info:

In hue.ini, under besswax I set following:

[[ssl]]
# SSL communication enabled for this server. (optional since Hue 3.8)
enabled=true
# Path to Certificate Authority certificates.
cacerts=/home/dev/hive-certificate/ca-chaincert.pem
# Choose whether Hue should validate certificates received from the server.
validate=true

ca-chaincert.pem has following certificates:

echo -n | openssl s_client -connect hadmgrndcc03-2.test.org:10001| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'> hadmgrndcc03-2.test.org.pem
keytool -import-alias hadmgrndcc03-2.test.org -file hadmgrndcc03-2.test.org.pem -keystore ca-chaincert.pem
keytool -import-alias rootca -file rootca -keystore ca-chaincert.pem
keytool -import-alias intermediate -file intermediate -keystore ca-chaincert.pem
4,705 Views
0 Kudos

avatar
author-rank Shelton
Master Mentor

Created ‎05-16-2018 02:27 PM

@Bhushan Kandalkar

I think you need to check this documentation it will help you configure connectivity between Hue and HS2.

Please revert

4,705 Views
0 Kudos

avatar
author-rank bkandalkar
Contributor

Created ‎05-17-2018 06:20 AM

@Geoffrey Shelton Okot, could you please share link.
4,705 Views
0 Kudos

avatar
author-rank KuldeepK author-rank
Master Guru

Created ‎05-16-2018 05:20 PM

@Bhushan Kandalkar

Yes. you will have to import hive server certs into Hue's truststore.

Personally, I have never tried this however this link can give you more background.

4,705 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements