Enabling SSL for AlwaysOn SQL
Communication with the AlwaysOn SQL can be encrypted using SSL.
Communication between the driver and AlwaysOn SQL can be encrypted using SSL.
The following instructions give an example of how to set up SSL with a self-signed keystore and truststore.
hive-site.xml
For use with Spark, the default location of the hive-site.xml file is:Package installations | /etc/dse/spark/hive-site.xml |
Tarball installations | installation_location/resources/spark/conf/hive-site.xml |
cassandra.yaml
The location of the cassandra.yaml file depends on the type of installation:Package installations | /etc/dse/cassandra/cassandra.yaml |
Tarball installations | installation_location/resources/cassandra/conf/cassandra.yaml |
Procedure
- Ensure client-to-node encryption is enabled and configured correctly.
- Optional:
If the SSL keystore and truststore used for AlwaysOn SQL differ from the
keystore and truststore configured in
cassandra.yaml, add the required settings to
enable SSL to the hive-site.xml configuration
file.
Note: By default the SSL settings in cassandra.yaml will be used with AlwaysOn SQL.
<property> <name>hive.server2.thrift.bind.host</name> <value>hostname</value> </property> <property> <name>hive.server2.use.SSL</name> <value>true</value> </property> <property> <name>hive.server2.keystore.path</name> <value>path to keystore/keystore.jks</value> </property> <property> <name>hive.server2.keystore.password</name> <value>keystore password</value> </property>
-
Start or restart the AlwaysOn SQL service.
Note: Changes in the hive-site.xml configuration file only require a restart of AlwaysOn SQL service, not DSE.
dse client-tool alwayson-sql start
-
Test the connection with Beeline.
dse beeline
beeline> !connect jdbc:hive2://hostname:10000/default;ssl=true;sslTrustStore=path to truststore/truststore.jks;trustStorePassword=truststore password
Note: The JDBC URL for the Simba JDBC Driver is:jdbc:spark://hostname:10000/default;SSL=1;SSLTrustStore=path to truststore/truststore.jks;SSLTrustStorePwd=truststore password