Communication with the Spark SQL Thrift Server can be encrypted using
SSL.
Communication between the JDBC driver and Spark SQL Thrift Server can be encrypted
using SSL.
The following instructions give an example of how to set up SSL with a self-signed
keystore and truststore.
hive-site.xml
For use with
Spark, the default location of the
hive-site.xml file is:
|
Package installations
Installer-Services installations
|
/etc/dse/spark/hive-site.xml
|
|
Tarball installations
Installer-No Services installations
|
installation_location/resources/spark/conf/hive-site.xml
|
Procedure
-
Create the keystore and truststore using
the
keytool command.
-
Add the required settings to enable SSL to the
configuration file.
<property>
<name>hive.server2.thrift.bind.host</name>
<value>hostname</value>
</property>
<property>
<name>hive.server2.use.SSL</name>
<value>true</value>
</property>
<property>
<name>hive.server2.keystore.path</name>
<value>path to keystore/keystore.jks</value>
</property>
<property>
<name>hive.server2.keystore.password</name>
<value>keystore password</value>
</property>
-
Start or restart the Spark SQL Thrift server.
Note: Changes in the hive-site.xml configuration file only
require a restart of Spark SQL Thriftserver service, not DSE.
dse spark-sql-thriftserver start
-
Test the connection with Beeline.
dse beeline
beeline> !connect jdbc:hive2://hostname:10000/default;ssl=true;sslTrustStore=path to truststore/truststore.jks;trustStorePassword=truststore password
Note: The JDBC URL for the Simba JDBC Driver is:
jdbc:spark://hostname:10000/default;SSL=1;SSLTrustStore=path to truststore/truststore.jks;SSLTrustStorePwd=truststore password