Enabling SSL for the Spark SQL Thrift Server

Communication with the Spark SQL Thrift Server can be encrypted using SSL.

Communication between the JDBC driver and Spark SQL Thrift Server can be encrypted using SSL.

The following instructions give an example of how to set up SSL with a self-signed keystore and truststore.

hive-site.xml

For use with Spark, the default location of the hive-site.xml file is:

Package installations Installer-Services installations	/etc/dse/spark/hive-site.xml
Tarball installations Installer-No Services installations	`installation_location`/resources/spark/conf/hive-site.xml

Procedure

Create the keystore and truststore using the keytool command.

Add the required settings to enable SSL to the configuration file.

    <property>
        <name>hive.server2.thrift.bind.host</name>
        <value>hostname</value>
    </property>
    <property>
        <name>hive.server2.use.SSL</name>
        <value>true</value>
    </property>
    <property>
        <name>hive.server2.keystore.path</name>
        <value>path to keystore/keystore.jks</value>
    </property>
    <property>
        <name>hive.server2.keystore.password</name>
        <value>keystore password</value>
    </property>

Start or restart the Spark SQL Thrift server.

Note: Changes in the hive-site.xml configuration file only require a restart of Spark SQL Thriftserver service, not DSE.
```
dse spark-sql-thriftserver start
```

Test the connection with Beeline.

dse beeline

beeline> !connect jdbc:hive2://hostname:10000/default;ssl=true;sslTrustStore=path to truststore/truststore.jks;trustStorePassword=truststore password

Note: The JDBC URL for the Simba JDBC Driver is:

jdbc:spark://hostname:10000/default;SSL=1;SSLTrustStore=path to truststore/truststore.jks;SSLTrustStorePwd=truststore password