Enabling SSL for the Spark SQL Thrift Server
Communication with the Spark SQL Thrift Server can be encrypted using SSL.
Communication between the JDBC driver and Spark SQL Thrift Server can be encrypted using SSL.
The following instructions give an example of how to set up SSL with a self-signed keystore and truststore.
hive-site.xml
For use with Spark, the default location of the hive-site.xml file is:
Package installations |
/etc/dse/spark/hive-site.xml |
Tarball installations |
installation_location/resources/spark/conf/hive-site.xml |
Procedure
-
Create the keystore and truststore using
the
keytool
command. -
Add the required settings to enable SSL to the
hive-site.xml configuration file.
<property> <name>hive.server2.thrift.bind.host</name> <value>hostname</value> </property> <property> <name>hive.server2.use.SSL</name> <value>true</value> </property> <property> <name>hive.server2.keystore.path</name> <value>path to keystore/keystore.jks</value> </property> <property> <name>hive.server2.keystore.password</name> <value>keystore password</value> </property>
-
Start or restart the Spark SQL Thrift server.
Note: Changes in the hive-site.xml configuration file only require a restart of Spark SQL Thriftserver service, not DSE.
dse spark-sql-thriftserver start
-
Test the connection with Beeline.
dse beeline
beeline> !connect jdbc:hive2://hostname:10000/default;ssl=true;sslTrustStore=path to truststore/truststore.jks;trustStorePassword=truststore password
Note: The JDBC URL for the Simba JDBC Driver is:jdbc:spark://hostname:10000/default;SSL=1;SSLTrustStore=path to truststore/truststore.jks;SSLTrustStorePwd=truststore password