Hi Kevin, Thanks, that made the trick. Just wanted to make it work to be sure all the pieces are working together.
Now that it seems to work I'll put the security in place. Thanks. On Wed, 3 Apr 2019, 14:41 Kevin Risden, <[email protected]> wrote: > ssl=true needs to be true if the Knox gateway is secured via TLS. You > could disable TLS in the Knox gateway-site.xml config (ssl.enabled=false) > but then you would be passing username/password in clear text which is not > recommended. > > Certificate handling is typically part of the deal when dealing with > secured access. There are examples of passing the truststore file as a > parameter to the connection string. > > Kevin Risden > > > On Wed, Apr 3, 2019 at 8:41 AM Odon Copon <[email protected]> wrote: > >> Hi Kevin, >> Is ssl=true mandatory even if hiveserver2 is setup to be http as part of >> the topology? Is there any way to not to use it? >> Do I need then to have the certs in all machines? >> >> Thanks >> >> >> On Wed, 3 Apr 2019, 13:26 >> Kevin Risden >> , <[email protected]> wrote: >> >>> Ssl should be true? >>> >>> Check gateway.log for any exceptions as well. >>> >>> Kevin Risden >>> >>> On Wed, Apr 3, 2019, 06:45 Odon Copon <[email protected]> wrote: >>> >>>> Hi, I'm having issues when trying to connect to Hive through Knox using >>>> beeline. >>>> My current infrastructure is a Hadoop cluster, and a separate instance >>>> running Knox. >>>> >>>> With the following beeline connection I'm able to use Hive from >>>> beeline, without Knox: >>>> >>>> !connect >>>> jdbc:hive2://<hive-host>:10001/default;auth=noSasl;transportMode=http;httpPath=cliservice >>>> <user> org.apache.hive.jdbc.HiveDriver >>>> >>>> This means that Hiveserver2 is using http transport mode, using >>>> cliservice endpoint and port 10001 is working. >>>> >>>> I replicate that on Knox, following these instructions: >>>> https://knox.apache.org/books/knox-1-1-0/user-guide.html#Hive >>>> >>>> And created a topology named "test" that just contains: >>>> >>>> <gateway> >>>> <provider> >>>> <role>authentication</role> >>>> <name>ShiroProvider</name> >>>> <enabled>true</enabled> >>>> <param name="users.admin" value="admin-secret"/> >>>> <param name="urls./**" value="authcBasic"/> >>>> </provider> >>>> >>>> </gateway> >>>> >>>> <service> >>>> <role>HIVE</role> >>>> <url>http://<hive-host>:10001/cliservice</url> >>>> <param> >>>> <name>replayBufferSize</name> >>>> <value>8</value> >>>> </param> >>>> </service> >>>> >>>> >>>> But I'm not able to connect running the following: >>>> >>>> !connect >>>> jdbc:hive2://<knox-host>:<knox-port>/default;auth=noSasl;ssl=false;transportMode=http;httpPath=gateway/test/hive >>>> admin admin-secret org.apache.hive.jdbc.HiveDriver >>>> >>>> I get the following error: >>>> >>>> 19/04/03 03:39:48 [main]: WARN jdbc.HiveConnection: Failed to connect >>>> to <knox-host>:<knox-port> >>>> Error: Could not open client transport with JDBC Uri: >>>> jdbc:hive2://<knox-host>:<knox-port>default;auth=noSasl;ssl=false;transportMode=http;httpPath=gateway/test/hive: >>>> Could not establish connection to >>>> jdbc:hive2://<knox-host>:<knox-port>/default;auth=noSasl;ssl=false;transportMode=http;httpPath=gateway/test/hive: >>>> org.apache.http.client.ClientProtocolException (state=08S01,code=0) >>>> >>>> Any idea? Am I missing something? >>>> >>>> Thanks. >>>> >>>>
