- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Getting Error While accessing Hive through Hue
- Labels:
-
Apache Hive
-
Cloudera Hue
Created ‎05-15-2018 12:17 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
We are using HDP-2.3.4.0 and Hue-3.8 in our environment. We have enabled SSL for Hiveserver2. We haven't enabled SSL for Hue.
Now, when we are trying to access SSL enabled Hive through Hue we are getting following error:
Error! Failed to retrieve tables for database: default [Errno 185090050] _ssl.c:344: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
In hue.ini, under besswax I set following:
[[ssl]] # SSL communication enabled for this server. (optional since Hue 3.8) enabled=true # Path to Certificate Authority certificates. cacerts=/home/dev/hive-certificate/ca-chaincert.pem # Choose whether Hue should validate certificates received from the server. validate=true
ca-chaincert.pem has following certificates:
echo -n | openssl s_client -connect hadmgrndcc03-2.test.org:10001 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > hadmgrndcc03-2.test.org.pem keytool -import -alias hadmgrndcc03-2.test.org -file hadmgrndcc03-2.test.org.pem -keystore ca-chaincert.pem keytool -import -alias rootca -file rootca -keystore ca-chaincert.pem keytool -import -alias intermediate -file intermediate -keystore ca-chaincert.pem
How to access SSL enabled Hive through Hue? What configurations needs to be done?
Please suggest.
Thanks.
Created ‎05-16-2018 07:21 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Neeraj Sabharwal @Kuldeep Kulkarni @Alexandru Anghel @Andy LoPresto ...Please suggest.
Created ‎05-16-2018 08:43 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is a tip
In the [[ssl]] section of the filehue.ini
(under the beeswax section), set validate to true.
[[ssl]] # SSL communication enabled for this server. # Path to certificate authority certificates. ## cacerts=/path/cert.pem # Choose whether Hue should validate certificates received from the server. validate=true
On a secure cluster: Make sure that no custom authentication mechanism is turned on and configure the hive-site.xml
with the following properties:
<name>hive.server2.thrift.sasl.qop</name> <value>auth-conf</value> <description>Sasl QOP value; one of 'auth', 'auth-int' and 'auth-conf'</description> </property>
- To restart Hue
- To restart Hive Metastore
- To restart HiveServer2
Created ‎05-16-2018 11:20 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Geoffrey Shelton Okot, What about cacert? do we need to include it?
Created ‎05-16-2018 11:29 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you start or restart Hue on a secure cluster, keys are generated at $HUE_HOME. If generated keystore files already exist in that location, the script does nothing. The script is located here: $HUE_HOME/bin/secure.sh, and it runs with a set of default parameters, which should not be changed.
What is your current cacert path?
Created ‎05-16-2018 11:47 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Geoffrey Shelton Okot, I haven't set cacert path. Do we need to import certificates of Hive servers in cacert file? How can I create cacert file? We have internal CA signed certificate for Hive.
Created ‎05-17-2018 10:09 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Geoffrey Shelton Okot, here is the info:
In hue.ini, under besswax I set following:
[[ssl]]
# SSL communication enabled for this server. (optional since Hue 3.8)
enabled=true
# Path to Certificate Authority certificates.
cacerts=/home/dev/hive-certificate/ca-chaincert.pem
# Choose whether Hue should validate certificates received from the server.
validate=true
ca-chaincert.pem has following certificates:
echo -n | openssl s_client -connect hadmgrndcc03-2.test.org:10001| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'> hadmgrndcc03-2.test.org.pem
keytool -import-alias hadmgrndcc03-2.test.org -file hadmgrndcc03-2.test.org.pem -keystore ca-chaincert.pem
keytool -import-alias rootca -file rootca -keystore ca-chaincert.pem
keytool -import-alias intermediate -file intermediate -keystore ca-chaincert.pem
Created ‎05-16-2018 02:27 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think you need to check this documentation it will help you configure connectivity between Hue and HS2.
Please revert
Created ‎05-17-2018 06:20 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Created ‎05-16-2018 05:20 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes. you will have to import hive server certs into Hue's truststore.
Personally, I have never tried this however this link can give you more background.
