Enabling SSL for the Spark SQL Thrift Server

Communication with the Spark SQL Thrift Server can be encrypted using SSL.

Communication between the JDBC driver and Spark SQL Thrift Server can be encrypted using SSL.

The following instructions give an example of how to set up SSL with a self-signed keystore and truststore.

hive-site.xml

For use with Spark, the default location of the hive-site.xml file is:

Package installations
Installer-Services installations

/etc/dse/spark/hive-site.xml

Tarball installations
Installer-No Services installations

installation_location/resources/spark/conf/hive-site.xml

Procedure

  1. Create the keystore and truststore using the keytool command.
  2. Add the required settings to enable SSL to the hive-site.xml configuration file.
        <property>
            <name>hive.server2.thrift.bind.host</name>
            <value>hostname</value>
        </property>
        <property>
            <name>hive.server2.use.SSL</name>
            <value>true</value>
        </property>
        <property>
            <name>hive.server2.keystore.path</name>
            <value>path to keystore/keystore.jks</value>
        </property>
        <property>
            <name>hive.server2.keystore.password</name>
            <value>keystore password</value>
        </property>
  3. Start or restart the Spark SQL Thrift server.
    Note: Changes in the hive-site.xml configuration file only require a restart of Spark SQL Thriftserver service, not DSE.
    dse spark-sql-thriftserver start
  4. Test the connection with Beeline.
    dse beeline
    beeline> !connect jdbc:hive2://hostname:10000/default;ssl=true;sslTrustStore=path to truststore/truststore.jks;trustStorePassword=truststore password
    Note: The JDBC URL for the Simba JDBC Driver is:
    jdbc:spark://hostname:10000/default;SSL=1;SSLTrustStore=path to truststore/truststore.jks;SSLTrustStorePwd=truststore password