Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

ODBC access via Knox to HiveServer2 with Hive ODBC driver v2.0.5

avatar
Rising Star

There was a tutorial that covers the configuration with older Knox version and Hive ODBC driver.

http://hortonworks.com/hadoop-tutorial/secure-jdbc-odbc-clients-access-hiveserver2-using-apache-knox...

For Hive ODBC v2.0.5, does the same solution work with HDP 2.3.2 (Knox 0.5)?

Or, do we have any known issues?

1 ACCEPTED SOLUTION

avatar

Similar. Some tips: SSL Encryption

Support is provided for SSL encryption (Hive 0.13 onward, see HIVE-5351). To enable, set the following configurations in hive-site.xml:
  • hive.server2.use.SSL – Set this to true.
  • hive.server2.keystore.path – Set this to your keystore path.
  • hive.server2.keystore.password – Set this to your keystore password.
In ODBC Driver:
  • ENABLE SSL must be selected in the ODBC SSL Options window.
  • Ensure the "Allow Common Name Host Name Mismatch" is checked.

View solution in original post

5 REPLIES 5

avatar

Similar. Some tips: SSL Encryption

Support is provided for SSL encryption (Hive 0.13 onward, see HIVE-5351). To enable, set the following configurations in hive-site.xml:
  • hive.server2.use.SSL – Set this to true.
  • hive.server2.keystore.path – Set this to your keystore path.
  • hive.server2.keystore.password – Set this to your keystore password.
In ODBC Driver:
  • ENABLE SSL must be selected in the ODBC SSL Options window.
  • Ensure the "Allow Common Name Host Name Mismatch" is checked.

avatar

Yes it works...I tried this recently on 2.3.2. See cheatsheet here

avatar
Rising Star

Thanks for comment @Ali Bajwa

Did you try Hive ODBC v2.0.5? (just want to double check)

avatar

The cheatsheet says "without them having to request kerberos ticket".

Does this mean it would need different configuration to work with Kerberoised HiveServer2?

avatar

A primary benefit of using Knox is that it insulates the clients from needing to be aware of Kerberos. However, if the HDP cluster is configured with Kerberos then Knox will need to be configured to interact with the cluster securely via Kerberos with the cluster. The clients however will be unaffected.