Table of Contents |
---|
...
- Click + (plus) button and select Connection or right-click in the browser and select Create new > Connection.
- From drop-down list, select HiveServer2 (JDBC) as the connection type. Click Next.
Enter the Hive host name, port and URL properties.
Enter any additional connection properties, if needed.
Currently, the connector is for import only.
Select an authentication method and add the required username and password.Select the checkbox to enable SSL and enter the TrustStore address and password.
Click Next.
Panel Helpful keystore and truststore information
In order to use SSL you need two pieces, a keystore and a truststore.
Keystore
A keystore is located on the server side only. This file contains the private key to decrypt messages. A keystore isn't delivered by the JDK. You have to create your own keystore and import the key you got from your Certificate Authority (CA) or you can import a self generated key into your keystore.
Truststore
A truststore is located on the client side (e.g., Datameer). This file contains:
- The public part of the private key from the keystore backed in a certificate (in case of self signed certificates).
- All other root certificates called CA-certificates. These certificates are used to verify if the private key from the server is valid (SSL Handshake).
You can use the truststore provided by the JDK from Oracle. This file is located under
$JAVA_HOME/jre/lib/security/cacerts
.Hive Server Side
You can turn on SSL if you want to protect the communication between Hive Sever and any other Hive Client. To do that edit your hive-site.xml and add the following lines. (The values are just examples)
Code Block language xml <property> <name>hive.server2.use.SSL</name> <value>true</value> <description>enable/disable SSL </description> </property> <property> <name>hive.server2.keystore.path</name> <value>/home/datameer/hive/security/hive.jks</value> <description>path to keystore file</description> </property> <property> <name>hive.server2.keystore.password</name> <value>datameer</value> <description>keystore password</description> </property>
The property
hive.server2.keystore.path
is a java keystore (JKS) which contains the private key to decrypt messages.Hive Client Side
The client is using a truststore to hold certificates which are trustworthy. You can define an own truststore or you can use the default truststore provided by Oracle. This truststore is located under $JAVA_HOME/jre/lib/security/cacerts.
There are two types of a certificate you can import into a truststore, a self signed certificate or a CA signed certificate.
Self signed certificate:
These certificates aren't part of the default truststore provided by Oracle located under
$JAVA_HOME/jre/lib/security/cacerts
. You must import the self signed certificate into your truststore if you want to use self signed certificates for SSL.CA signed certificate:
You can buy a certificate by a Certificate Authority (CA). Oracle trust many different CA's. You can look into this truststore via the command
keytool -list -keystore $JAVA_HOME
/jre/lib/security/cacerts
You don't need to import your CA signed certificate into the JDK truststore, if your CA where you bought your cert is part of the truststore of the JDK.
- If required, add a description and click Save.
...