ssl=true needs to be true if the Knox gateway is secured via TLS. You could disable TLS in the Knox gateway-site.xml config (ssl.enabled=false) but then you would be passing username/password in clear text which is not recommended.
Certificate handling is typically part of the deal when dealing with secured access. There are examples of passing the truststore file as a parameter to the connection string. Kevin Risden On Wed, Apr 3, 2019 at 8:41 AM Odon Copon <odonco...@gmail.com> wrote: > Hi Kevin, > Is ssl=true mandatory even if hiveserver2 is setup to be http as part of > the topology? Is there any way to not to use it? > Do I need then to have the certs in all machines? > > Thanks > > > On Wed, 3 Apr 2019, 13:26 > Kevin Risden > , <kris...@apache.org> wrote: > >> Ssl should be true? >> >> Check gateway.log for any exceptions as well. >> >> Kevin Risden >> >> On Wed, Apr 3, 2019, 06:45 Odon Copon <odonco...@gmail.com> wrote: >> >>> Hi, I'm having issues when trying to connect to Hive through Knox using >>> beeline. >>> My current infrastructure is a Hadoop cluster, and a separate instance >>> running Knox. >>> >>> With the following beeline connection I'm able to use Hive from beeline, >>> without Knox: >>> >>> !connect >>> jdbc:hive2://<hive-host>:10001/default;auth=noSasl;transportMode=http;httpPath=cliservice >>> <user> org.apache.hive.jdbc.HiveDriver >>> >>> This means that Hiveserver2 is using http transport mode, using >>> cliservice endpoint and port 10001 is working. >>> >>> I replicate that on Knox, following these instructions: >>> https://knox.apache.org/books/knox-1-1-0/user-guide.html#Hive >>> >>> And created a topology named "test" that just contains: >>> >>> <gateway> >>> <provider> >>> <role>authentication</role> >>> <name>ShiroProvider</name> >>> <enabled>true</enabled> >>> <param name="users.admin" value="admin-secret"/> >>> <param name="urls./**" value="authcBasic"/> >>> </provider> >>> >>> </gateway> >>> >>> <service> >>> <role>HIVE</role> >>> <url>http://<hive-host>:10001/cliservice</url> >>> <param> >>> <name>replayBufferSize</name> >>> <value>8</value> >>> </param> >>> </service> >>> >>> >>> But I'm not able to connect running the following: >>> >>> !connect >>> jdbc:hive2://<knox-host>:<knox-port>/default;auth=noSasl;ssl=false;transportMode=http;httpPath=gateway/test/hive >>> admin admin-secret org.apache.hive.jdbc.HiveDriver >>> >>> I get the following error: >>> >>> 19/04/03 03:39:48 [main]: WARN jdbc.HiveConnection: Failed to connect to >>> <knox-host>:<knox-port> >>> Error: Could not open client transport with JDBC Uri: >>> jdbc:hive2://<knox-host>:<knox-port>default;auth=noSasl;ssl=false;transportMode=http;httpPath=gateway/test/hive: >>> Could not establish connection to >>> jdbc:hive2://<knox-host>:<knox-port>/default;auth=noSasl;ssl=false;transportMode=http;httpPath=gateway/test/hive: >>> org.apache.http.client.ClientProtocolException (state=08S01,code=0) >>> >>> Any idea? Am I missing something? >>> >>> Thanks. >>> >>>
