Support Questions

Find answers, ask questions, and share your expertise

how to setup the hive client url ssl=true?

avatar
Explorer

Hi,

I am getting the following error message while trying to connect to the jdbc connection. I don't have kerberos authentication enabled. I guess I need to update the information about my jdbc url. Can you please suggest how/where to update the jdbc url information and the property ssl=true

ERROR [HiveServer2-Handler-Pool: Thread-45]: server.TThreadPoolServer (TThreadPoolServer.java:run(296)) - Error occurred during processing of message.

java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)

at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:268)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:745)

Caused by: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

Thanks

Pash

6 REPLIES 6

avatar

@khaja pasha shake

To use SSL for Hiveserver2, you will need to first enable SSL for Hiveserver2. Assuming you've already done that, your JDBC connection string will need to look something like:

jdbc:hive2//server.name:10000/mydb;ssl=true;sslTrustStore=/path/to/truststore.jks;trustStorePassword=MyBadPass1

avatar
Explorer

@emaxwell

Thanks for replying. Yes, I am able to connect from beeline with the above command, but where can I update this setting so that it can take the authentication to simple and ssl=true automatically from Ambari, I don't use beeline for connecting/authentication.

Hope you understand my issue.

Thanks again

Pash

avatar

@khaja pasha shake

In the configuration for the Hive view, you can add the SSL parameters to the authorization section. Here is a screenshot that should help:

5307-screen-shot-2016-06-28-at-104608-am.png

avatar
Explorer

emaxwell, thak you!

Just to update, these settings were already updated iin hive-site.xml file.

Just to be clear I'm getting the reported error when I'm trying to run HiveDRTool, to copy data from source to destination cluster using falcon hive replication.

I think the client cannot validate the servers certificate because it does not have the truststore set in the jdbc url and I'm not sure where to setup the truststore in the jdbc url and where would the jdbc url is located?

Hope I'm clear this time and sorry for any confusion earlier.

Thanks

Pash

avatar

@khaja pasha shake

The truststore needs to exist on the node where you are running the Falcon commands (e.g. the Falcon server node). You can create the keystore with the keytool command and import the certificate into that node's keystone. Then specify the location on the Falcon server node for the keystore .

avatar
Cloudera Employee

Hi @khaja pasha shaik

Current HiveDR functionality doesn't support SSL.

Thanks

Juan