Enabling SSL Encryption Between Hue and Hive
About this task
The following procedure explains how to enable SSL encryption between Hue and Hive. This procedure works on a secure cluster.
Procedure
-
Start Hue:
maprcli node services -name hue -action start -nodes <node name>
When you start or restart Hue on a secure cluster, keys are generated at
$HUE_HOME
. If generatedkeystore
files already exist in that location, the script does nothing. The script is located here:$HUE_HOME/bin/secure.sh
, and it runs with a set of default parameters, which should not be changed. -
Add the following SSL configuration information to
the
hue.ini
file (under thebeeswax
section):[[ssl]] # SSL communication enabled for this server. enabled=true # Path to certificate authority certificates. ## cacerts=/etc/hue/cacerts.pem # Path to the private key file. key=/opt/mapr/hue/hue-3.6.0/hue_private_keystore.pem # Path to the public certificate file. cert=/opt/mapr/hue/hue-3.6.0/cert.pem # Choose whether Hue should validate certificates received from the server. validate=false
-
Make sure that no custom authentication mechanism is turned on and
configure the
hive-site.xml
with the following properties:<property> <name>hive.server2.use.SSL</name> <value>true</value> <description>enable/disable SSL communication</description> </property> <property> <name>hive.server2.keystore.path</name> <value>/opt/mapr/conf/ssl_keystore</value> <description>path to keystore file</description> </property> <property> <name>hive.server2.keystore.password</name> <value>mapr123</value> <description>keystore password</description> </property>
-
Restart Hue, Hive Metastore, and HiveServer2.
- To restart Hue:
maprcli node services -name hue -action start -nodes <hostname>
- To restart Hive Metastore:
maprcli node services -name hivemeta -action start -nodes <space delimited list of nodes>
-
To restart HiveServer2:
maprcli node services -name hs2 -action start -nodes <space delimited list of nodes>
- To restart Hue: