Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Hive JDBC via Knox and configuring Hive in Ranger

avatar
author-rank ssen
Rising Star

Created ‎09-25-2015 08:10 PM

I have HDP-2.2 cluster with FreeIPA configured.But when we are trying to access hive jdbc via knox. Following is the JDBC uri that we are using:

jdbc:hive2://xxxxxxxxxxx:8443/;ssl=true;sslTrustStore=/var/lib/knox/data/security/keystores/gateway.jks;trustStorePassword=xxxxxxxxxxxx?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/default/hive

Below is the error I am getting: _

Keystore was tampered with, or password was incorrect (state=08S01,code=0)

It seems that password of trustStore does not match as that of mentioned in JDBC URI.I tried changing the Knox Master password but ambari does not allow to change the it.Is their any way wherein I can change the trustStore password and create new knox master? Will it affect the other services if the master secret password is changed?

In addition to that if I use the same uri for creating hive repository in Ranger we get _"Connection failed" _error.Is the same JDBC uri to be used in ranger to create repository for hive?

Note: If I set hive transport mode to "binary" instead of "http" then we are able to create repository in ranger but in that case hive over knox will not work as it requires "http" mode

3,401 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank abajwa author-rank
Guru

Created ‎09-25-2015 08:49 PM

Hi Saptak, here are the usual passwords for Knox that I have seen. You can try those
  • Default if not specified: hadoop
  • On Sandbox: knox

As for changing it, I haven't done it before, but you can check the knoxcli.sh for that

http://knox.apache.org/books/knox-0-6-0/user-guide.html

Master secret persistence
bin/knoxcli.sh create-master [--force][--help]
Creates and persists an encrypted master secret in a file within {GATEWAY_HOME}/data/security/master.
NOTE: This command fails when there is an existing master file in the expected location. You may force it to overwrite the master file with the --force switch. NOTE: this will require you to change passwords protecting the keystores for the gateway identity keystores and all credential stores.

View solution in original post

1,876 Views
2 REPLIES 2

avatar
author-rank abajwa author-rank
Guru

Created ‎09-25-2015 08:49 PM

Hi Saptak, here are the usual passwords for Knox that I have seen. You can try those
  • Default if not specified: hadoop
  • On Sandbox: knox

As for changing it, I haven't done it before, but you can check the knoxcli.sh for that

http://knox.apache.org/books/knox-0-6-0/user-guide.html

Master secret persistence
bin/knoxcli.sh create-master [--force][--help]
Creates and persists an encrypted master secret in a file within {GATEWAY_HOME}/data/security/master.
NOTE: This command fails when there is an existing master file in the expected location. You may force it to overwrite the master file with the --force switch. NOTE: this will require you to change passwords protecting the keystores for the gateway identity keystores and all credential stores.
1,877 Views

avatar
author-rank kevin_minder
Guru

Created ‎11-02-2015 03:15 PM

Just to add context to this correct answer, the password required here to access the gateway.jks keystore is the password provided as the Knox master secret in Ambari when Knox was installed. The Ambari install scripts for Knox use the described knoxcli.sh create-master command "under the covers".

1,876 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements