[
https://issues.apache.org/jira/browse/HIVE-13044?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aihua Xu updated HIVE-13044:
----------------------------
Release Note:
HIVE-13044 (Enable TLS encryption to HMS backend database) adds a new
hive-site.xml propertity hive.metastore.dbaccess.ssl.properties which
simplifies the SSL configuration on the HMS side. SSL client configuration can
be setup by configuring two hive-site.xml properties
javax.jdo.option.ConnectionURL and hive.metastore.dbaccess.ssl.properties.
javax.jdo.option.ConnectionURL specifies the connection string for HMS to
connect to the database. To enable SSL, the client SSL flag(s) or certain
protocol need to add to the connection string.
hive.metastore.dbaccess.ssl.properties When SSL is enabled in the connection
string, some SSL properties such as key store location or key store password,
need to pass in as the system properties. This configuration allows the user to
pass in the list of the necessary SSL properties depending on how the database
is configured to secure the connection. e.g., if mutual authentication is
needed between the client (HMS) and the server (database),
javax.net.ssl.keyStore needs to be specified to authenticate the client against
the server as well as javax.net.ssl.trustStore to authenticate the server
against the client.
> Enable TLS encryption to HMS backend database
> ---------------------------------------------
>
> Key: HIVE-13044
> URL: https://issues.apache.org/jira/browse/HIVE-13044
> Project: Hive
> Issue Type: Improvement
> Components: Metastore
> Affects Versions: 2.1.0
> Reporter: Aihua Xu
> Assignee: Aihua Xu
> Labels: TODOC2.1
> Fix For: 2.1.0
>
> Attachments: HIVE-13044.1.patch, HIVE-13044.2.patch
>
>
> When the database like mysql enables TLS/SSL encryption, we should provide
> some configuration properties like the ones to HS2 to enable that. Right now,
> I think we can enable that through javaopts and connection url.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
