Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Hive JDBC via Knox and configuring Hive in Ranger

avatar
author-rank ssen
Rising Star

Created ‎09-25-2015 08:10 PM

I have HDP-2.2 cluster with FreeIPA configured.But when we are trying to access hive jdbc via knox. Following is the JDBC uri that we are using:

jdbc:hive2://xxxxxxxxxxx:8443/;ssl=true;sslTrustStore=/var/lib/knox/data/security/keystores/gateway.jks;trustStorePassword=xxxxxxxxxxxx?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/default/hive

Below is the error I am getting: _

Keystore was tampered with, or password was incorrect (state=08S01,code=0)

It seems that password of trustStore does not match as that of mentioned in JDBC URI.I tried changing the Knox Master password but ambari does not allow to change the it.Is their any way wherein I can change the trustStore password and create new knox master? Will it affect the other services if the master secret password is changed?

In addition to that if I use the same uri for creating hive repository in Ranger we get _"Connection failed" _error.Is the same JDBC uri to be used in ranger to create repository for hive?

Note: If I set hive transport mode to "binary" instead of "http" then we are able to create repository in ranger but in that case hive over knox will not work as it requires "http" mode

3,101 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank abajwa author-rank
Guru

Created ‎09-25-2015 08:49 PM

Hi Saptak, here are the usual passwords for Knox that I have seen. You can try those
  • Default if not specified: hadoop
  • On Sandbox: knox

As for changing it, I haven't done it before, but you can check the knoxcli.sh for that

http://knox.apache.org/books/knox-0-6-0/user-guide.html

Master secret persistence
bin/knoxcli.sh create-master [--force][--help]
Creates and persists an encrypted master secret in a file within {GATEWAY_HOME}/data/security/master.
NOTE: This command fails when there is an existing master file in the expected location. You may force it to overwrite the master file with the --force switch. NOTE: this will require you to change passwords protecting the keystores for the gateway identity keystores and all credential stores.

View solution in original post

1,576 Views
2 REPLIES 2

avatar
author-rank abajwa author-rank
Guru

Created ‎09-25-2015 08:49 PM

Hi Saptak, here are the usual passwords for Knox that I have seen. You can try those
  • Default if not specified: hadoop
  • On Sandbox: knox

As for changing it, I haven't done it before, but you can check the knoxcli.sh for that

http://knox.apache.org/books/knox-0-6-0/user-guide.html

Master secret persistence
bin/knoxcli.sh create-master [--force][--help]
Creates and persists an encrypted master secret in a file within {GATEWAY_HOME}/data/security/master.
NOTE: This command fails when there is an existing master file in the expected location. You may force it to overwrite the master file with the --force switch. NOTE: this will require you to change passwords protecting the keystores for the gateway identity keystores and all credential stores.
1,577 Views

avatar
author-rank kevin_minder
Guru

Created ‎11-02-2015 03:15 PM

Just to add context to this correct answer, the password required here to access the gateway.jks keystore is the password provided as the Knox master secret in Ambari when Knox was installed. The Ambari install scripts for Knox use the described knoxcli.sh create-master command "under the covers".

1,576 Views
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements