Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Hive with TLS fails when using host template for creating new cluster

Hive with TLS fails when using host template for creating new cluster

New Contributor

I am trying to push a host template on a cloudera cluster with level 3 TLS enabled for Cloudera manager and agent. I am able to enable tls for HDFS, YARN and MR, but if I make changes to host_template with "hiveserver2_enable_ssl
hiveserver2_keystore_password
hiveserver2_keystore_path
hiveserver2_truststore_file
hiveserver2_truststore_password"


It cause a connection refused on the db for hive user. But if i enable tls for hive as a post installation step, it works without any issues. My complete host template is below


################


{
    "cdhVersion": "5.13",
    "cmVersion": "5.13",
    "displayName": "CDLK_CLUSTER",
    "hostTemplates": [
        {
            "cardinality": 1,
            "refName": "host_group_0",
            "roleConfigGroupsRefNames": [
                "hue-HUE_SERVER-BASE",
                "hive-HIVEMETASTORE-BASE",
                "hbase-REGIONSERVER-BASE",
                "yarn-RESOURCEMANAGER-BASE",
                "yarn-GATEWAY-BASE",
                "oozie-OOZIE_SERVER-BASE",
                "hive-GATEWAY-BASE",
                "yarn-JOBHISTORY-BASE",
                "hdfs-SECONDARYNAMENODE-BASE",
                "hdfs-GATEWAY-BASE",
                "zookeeper-SERVER-BASE",
                "hdfs-DATANODE-BASE",
                "hbase-MASTER-BASE",
                "hdfs-NAMENODE-BASE",
                "yarn-NODEMANAGER-BASE",
                "hive-HIVESERVER2-BASE",
                "hbase-HBASETHRIFTSERVER-BASE",
                "hue-KT_RENEWER-BASE"
            ]
        }
    ],
    "instantiator": {
        "clusterName": "CDLK_CLUSTER",
        "hosts": [
            {
                "hostName": "hostname_of_vm",
                "hostTemplateRefName": "host_group_0",
                "roleRefNames": [
                    "hbase-HBASETHRIFTSERVER-1"
                ]
            }
        ],
        "variables": [
            {
                "name": "oozie-OOZIE_SERVER-BASE-oozie_database_host",
                "value": "hostname_of_vm"
            },
            {
                "name": "oozie-OOZIE_SERVER-BASE-oozie_database_name",
                "value": "etcd_clcm_std_1_node_clouder__oozie"
            },
            {
                "name": "oozie-OOZIE_SERVER-BASE-oozie_database_user",
                "value": "oozie"
            },
            {
                "name": "oozie-OOZIE_SERVER-BASE-oozie_database_password",
                "value": "oozie"
            },
            {
                "name": "oozie-OOZIE_SERVER-BASE-oozie_database_type",
                "value": "mysql"
            },
            {
                "name": "oozie-OOZIE_SERVER-BASE-oozie_load_balancer",
                "value": ""
            },
            {
                "name": "hue-database_host",
                "value": "vm-asdf-asdf1-2702.novalocal"
            },
            {
                "name": "hue-database_name",
                "value": "etcd_clcm_std_1_node_clouder_asdf_hue"
            },
            {
                "name": "hue-database_port",
                "value": "3306"
            },
            {
                "name": "hue-database_password",
                "value": "hue"
            },
            {
                "name": "hue-database_type",
                "value": "mysql"
            },
            {
                "name": "hive-hive_metastore_database_host",
                "value": "vm-asdf-asdf1-2702.novalocal"
            },
            {
                "name": "hive-hive_metastore_database_name",
                "value": "etcd_clcm_std_1_node_clouder_asdf_db1"
            },
            {
                "name": "hive-hive_metastore_database_port",
                "value": "3306"
            },
            {
                "name": "hive-hive_metastore_database_password",
                "value": "hive"
            },
            {
                "name": "hive-hive_metastore_database_type",
                "value": "mysql"
            },
            {
                "name": "hive-HIVESERVER2-BASE-hiverserver2_load_balancer",
                "value": ""
            },
            {
                "name": "hive-HIVEMETASTORE-BASE-hive_metastore_delegation_token_store",
                "value": "org.apache.hadoop.hive.thrift.DBTokenStore"
            }
        ]
    },
    "products": [
        {
            "product": "CDH",
            "version": "5.13.1-1.cdh5.13.1.p0.2"
        }
    ],
    "repositories": [
        "xxx"
    ],
    "services": [
        {
            "refName": "hdfs",
            "roleConfigGroups": [
                {
                    "base": true,
                    "configs": [
                        {
                            "name": "process_auto_restart",
                            "value": "true"
                        },
                        {
                            "name": "dfs_datanode_http_port",
                            "value": "1006"
                        },
                        {
                            "name": "dfs_datanode_data_dir_perm",
                            "value": "700"
                        },
                        {
                            "name": "dfs_datanode_port",
                            "value": "1044"
                        }
                    ],
                    "refName": "hdfs-DATANODE-BASE",
                    "roleType": "DATANODE"
                },
                {
                    "base": true,
                    "configs": [
                        {
                            "name": "autofailover_enabled",
                            "value": "true"
                        },
                        {
                            "name": "process_auto_restart",
                            "value": "true"
                        }
                    ],
                    "refName": "hdfs-NAMENODE-BASE",
                    "roleType": "NAMENODE"
                },
                {
                    "base": true,
                    "configs": [
                        {
                            "name": "process_auto_restart",
                            "value": "true"
                        }
                    ],
                    "refName": "hdfs-SECONDARYNAMENODE-BASE",
                    "roleType": "SECONDARYNAMENODE"
                },
                {
                    "base": true,
                    "refName": "hdfs-BALANCER-BASE",
                    "roleType": "BALANCER"
                },
                {
                    "base": true,
                    "refName": "hdfs-GATEWAY-BASE",
                    "roleType": "GATEWAY"
                }
            ],
            "serviceConfigs": [
                {
                    "name": "hadoop_security_authentication",
                    "value": "kerberos"
                },
                {
                    "name": "hadoop_security_authorization",
                    "value": "true"
                },
                {
                    "name": "dfs_umaskmode",
                    "value": "002"
                },
                {
                    "name": "dfs_encrypt_data_transfer_algorithm",
                    "value": "AES/CTR/NoPadding"
                },
                {
                    "name": "ssl_server_keystore_password",
                    "value": "Keyst0re"
                },
                {
                    "name": "ssl_server_keystore_location",
                    "value": "/opt/cloudera/security/jks/node-keystore.jks"
                },
                {
                    "name": "ssl_client_truststore_location",
                    "value": "/usr/java/jdk1.8.0_131/jre/lib/security/jssecacerts"
                },
                {
                    "name": "ssl_client_truststore_password",
                    "value": "Trustst0re"
                },
                {
                    "name": "ssl_server_keystore_keypassword",
                    "value": "Keyst0re"
                },
                {
                    "name": "dfs_data_transfer_protection",
                    "value": "privacy"
                },
                {
                    "name": "hdfs_hadoop_ssl_enabled",
                    "value": "true"
                },
                {
                    "name": "dfs_encrypt_data_transfer",
                    "value": "true"
                },
                {
                    "name": "hadoop_rpc_protection",
                    "value": "privacy"
                }
            ],
            "serviceType": "HDFS"
        },
        {
            "refName": "zookeeper",
            "roleConfigGroups": [
                {
                    "base": true,
                    "configs": [
                        {
                            "name": "process_auto_restart",
                            "value": "true"
                        }
                    ],
                    "refName": "zookeeper-SERVER-BASE",
                    "roleType": "SERVER"
                }
            ],
            "serviceConfigs": [
                {
                    "name": "enableSecurity",
                    "value": "true"
                }
            ],
            "serviceType": "ZOOKEEPER"
        },
        {
            "refName": "hbase",
            "roleConfigGroups": [
                {
                    "base": true,
                    "configs": [
                        {
                            "name": "process_auto_restart",
                            "value": "true"
                        },
                        {
                            "name": "hbase_coprocessor_region_classes",
                            "value": "org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint"
                        }
                    ],
                    "refName": "hbase-REGIONSERVER-BASE",
                    "roleType": "REGIONSERVER"
                },
                {
                    "base": true,
                    "configs": [
                        {
                            "name": "process_auto_restart",
                            "value": "true"
                        }
                    ],
                    "refName": "hbase-MASTER-BASE",
                    "roleType": "MASTER"
                },
                {
                    "base": true,
                    "configs": [
                        {
                            "name": "process_auto_restart",
                            "value": "true"
                        }
                    ],
                    "refName": "hbase-HBASETHRIFTSERVER-BASE",
                    "roleType": "HBASETHRIFTSERVER"
                }
            ],
            "roles": [
                {
                    "refName": "hbase-HBASETHRIFTSERVER-1",
                    "roleType": "HBASETHRIFTSERVER"
                }
            ],
            "serviceConfigs": [
                {
                    "name": "zookeeper_service",
                    "ref": "zookeeper"
                },
                {
                    "name": "hdfs_service",
                    "ref": "hdfs"
                },
                {
                    "name": "hbase_security_authorization",
                    "value": "true"
                },
                {
                    "name": "hbase_thriftserver_security_authentication",
                    "value": "auth-conf"
                },
                {
                    "name": "hbase_security_authentication",
                    "value": "kerberos"
                },
                {
                    "name": "hbase_superuser",
                    "value": "hadoop.admin"
                }
            ],
            "serviceType": "HBASE"
        },
        {
            "refName": "yarn",
            "roleConfigGroups": [
                {
                    "base": true,
                    "configs": [
                        {
                            "name": "process_auto_restart",
                            "value": "true"
                        },
                        {
                            "name": "yarn_scheduler_maximum_allocation_mb",
                            "value": "5120"
                        }
                    ],
                    "refName": "yarn-RESOURCEMANAGER-BASE",
                    "roleType": "RESOURCEMANAGER"
                },
                {
                    "base": true,
                    "configs": [
                        {
                            "name": "process_auto_restart",
                            "value": "true"
                        }
                    ],
                    "refName": "yarn-JOBHISTORY-BASE",
                    "roleType": "JOBHISTORY"
                },
                {
                    "base": true,
                    "configs": [
                        {
                            "name": "process_auto_restart",
                            "value": "true"
                        },
                        {
                            "name": "yarn_nodemanager_resource_memory_mb",
                            "value": "5120"
                        }
                    ],
                    "refName": "yarn-NODEMANAGER-BASE",
                    "roleType": "NODEMANAGER"
                },
                {
                    "base": true,
                    "configs": [
                        {
                            "name": "mapreduce_reduce_memory_mb",
                            "value": "1024"
                        },
                        {
                            "name": "mapreduce_map_memory_mb",
                            "value": "1024"
                        }
                    ],
                    "refName": "yarn-GATEWAY-BASE",
                    "roleType": "GATEWAY"
                }
            ],
            "serviceConfigs": [
                {
                    "name": "ssl_server_keystore_password",
                    "value": "Keyst0re"
                },
                {
                    "name": "ssl_server_keystore_location",
                    "value": "/opt/cloudera/security/jks/node-keystore.jks"
                },
                {
                    "name": "ssl_client_truststore_location",
                    "value": "/usr/java/jdk1.8.0_131/jre/lib/security/jssecacerts"
                },
                {
                    "name": "ssl_client_truststore_password",
                    "value": "Trustst0re"
                },
                {
                    "name": "ssl_server_keystore_keypassword",
                    "value": "Keyst0re"
                }
            ],
            "serviceType": "YARN"
        },
        {
            "refName": "hive",
            "roleConfigGroups": [
                {
                    "base": true,
                    "configs": [
                        {
                            "name": "hive_metastore_delegation_token_store",
                            "variable": "hive-HIVEMETASTORE-BASE-hive_metastore_delegation_token_store"
                        },
                        {
                            "name": "hive_enable_db_notification",
                            "value": "true"
                        },
                        {
                            "name": "process_auto_restart",
                            "value": "true"
                        }
                    ],
                    "refName": "hive-HIVEMETASTORE-BASE",
                    "roleType": "HIVEMETASTORE"
                },
                {
                    "base": true,
                    "configs": [
                        {
                            "name": "process_auto_restart",
                            "value": "true"
                        }
                    ],
                    "refName": "hive-HIVESERVER2-BASE",
                    "roleType": "HIVESERVER2"
                },
                {
                    "base": true,
                    "refName": "hive-GATEWAY-BASE",
                    "roleType": "GATEWAY"
                }
            ],
            "serviceConfigs": [
                {
                    "name": "hiveserver2_keystore_password",
                    "value": "Keyst0re"
                },
                {
                    "name": "hiveserver2_keystore_path",
                    "value": "/opt/cloudera/security/jks/node-keystore.jks"
                },
                {
                    "name": "hiveserver2_truststore_file",
                    "value": "/usr/java/jdk1.8.0_131/jre/lib/security/jssecacerts"
                },
                {
                    "name": "hiveserver2_truststore_password",
                    "value": "Trustst0re"
                },
                {
                    "name": "hiveserver2_enable_ssl",
                    "value": "true"
                }
            ],
            "serviceType": "HIVE"
        },
        {
            "refName": "oozie",
            "roleConfigGroups": [
                {
                    "base": true,
                    "configs": [
                        {
                            "name": "oozie_database_user",
                            "variable": "oozie-OOZIE_SERVER-BASE-oozie_database_user"
                        },
                        {
                            "name": "process_auto_restart",
                            "value": "true"
                        },
                        {
                            "name": "oozie_database_host",
                            "variable": "oozie-OOZIE_SERVER-BASE-oozie_database_host"
                        },
                        {
                            "name": "oozie_database_type",
                            "variable": "oozie-OOZIE_SERVER-BASE-oozie_database_type"
                        },
                        {
                            "name": "oozie_database_password",
                            "variable": "oozie-OOZIE_SERVER-BASE-oozie_database_password"
                        },
                        {
                            "name": "oozie_database_name",
                            "variable": "oozie-OOZIE_SERVER-BASE-oozie_database_name"
                        },
                        {
                            "name": "oozie_web_console",
                            "value": "true"
                        }
                    ],
                    "refName": "oozie-OOZIE_SERVER-BASE",
                    "roleType": "OOZIE_SERVER"
                }
            ],
            "serviceConfigs": [
                {
                    "name": "oozie_load_balancer",
                    "variable": "oozie-OOZIE_SERVER-BASE-oozie_load_balancer"
                },
                {
                    "name": "zookeeper_service",
                    "ref": "zookeeper"
                },
                {
                    "name": "mapreduce_yarn_service",
                    "ref": "yarn"
                },
                {
                    "name": "hive_service",
                    "ref": "hive"
                }
            ],
            "serviceType": "OOZIE"
        },
        {
            "refName": "hue",
            "roleConfigGroups": [
                {
                    "base": true,
                    "configs": [
                        {
                            "name": "process_auto_restart",
                            "value": "true"
                        }
                    ],
                    "refName": "hue-HUE_SERVER-BASE",
                    "roleType": "HUE_SERVER"
                },
                {
                    "base": true,
                    "refName": "hue-KT_RENEWER-BASE",
                    "roleType": "KT_RENEWER"
                }
            ],
 \           "serviceConfigs": [
                {
                    "name": "database_name",
                    "variable": "hue-database_name"
                },
                {
                    "name": "database_type",
                    "variable": "hue-database_type"
                },
                {
                    "name": "database_password",
                    "variable": "hue-database_password"
                },
                {
                    "name": "database_host",
                    "variable": "hue-database_host"
                },
                {
                    "name": "zookeeper_service",
                    "ref": "zookeeper"
                },
                {
                    "name": "oozie_service",
                    "ref": "oozie"
                },
                {
                    "name": "hue_hbase_thrift",
                    "ref": "hbase-HBASETHRIFTSERVER-1"
                },
                {
                    "name": "hive_service",
                    "ref": "hive"
                }
            ],
            "serviceType": "HUE"
        }
    ]
}