Enabling SSL for the Apache Spark™ SQL Thrift Server
Communication between the JDBC driver and Spark SQL Thrift Server can be encrypted using SSL.
The following instructions give an example of how to set up SSL with a self-signed keystore and truststore.
Where is the hive-site.xml file?
The location of the hive-site.xml file depends on the type of installation:
| Installation Type | Location |
|---|---|
Package installations + Installer-Services installations |
|
Tarball installations + Installer-No Services installations |
|
Procedure
-
Create the keystore and truststore using the
keytoolcommand. -
Add the required settings to enable SSL to the
hive-site.xmlconfiguration file.<property> <name>hive.server2.thrift.bind.host</name> <value>hostname</value> </property> <property> <name>hive.server2.use.SSL</name> <value>true</value> </property> <property> <name>hive.server2.keystore.path</name> <value>path to keystore/keystore.jks</value> </property> <property> <name>hive.server2.keystore.password</name> <value>keystore password</value> </property> -
Start or restart the Spark SQL Thrift server.
Changes in the
hive-site.xmlconfiguration file only require a restart of Spark SQL Thriftserver service, not DSE.dse spark-sql-thriftserver start -
Test the connection with Beeline.
dse beelinebeeline> !connect jdbc:hive2://hostname:10000/default;ssl=true;sslTrustStore=path to truststore/truststore.jks;trustStorePassword=truststore passwordThe JDBC URL for the Simba JDBC Driver is:
jdbc:spark://hostname:10000/default;SSL=1;SSLTrustStore=path to truststore/truststore.jks;SSLTrustStorePwd=truststore password
