DocsHortonworks Data Platform

 

 2.2. Set Up SSL on the Hive Security Agent

The Security Agent for Hive is installed on the HiveServer2 host. Perform these steps on the HiveServer2 host. If Security Agents are installed on HiveCli hosts, repeat these steps on each of the hosts.

[Note]Note

These steps require a private key for the HDP Security Agent (for client SSL verification) and a valid CA X509 Certificate in JKS format.

  1. Change the HDP Security Administration Server URL from HTTP to HTTPS in the Security Agent configuration file:

    1. Open the configuration file for editing, /etc/hive/conf.server/xasecure-hive-security.xml.

    2. Change the value in the xasecure.hdfs.policymgr.url property from http to https and update the port as required.

      For example, if the current value is http://$hostname:6080/service/assets/policyList/$repository_name change it to https://$hostname:6080/service/assets/policyList/$repository_name.

  2. Define the SSL policymgr.clientssl properties in the Security Agent SSL configuration file, /etc/hive/conf.server/xasecure-policymgr-ssl.xml as follows:

    xasecure.policymgr.clientssl.keystore = $JKS_file
xasecure.policymgr.clientssl.keystore.password = $keystore_password
xasecure.policymgr.clientssl.truststore = $CA_certificate_file

  3. After saving the configuration, restart the Hive.

    1. Stop Hive. Execute this command on the Hive Metastore and Hive Server2 host machine.

      ps aux | awk '{print $1,$2}' | grep hive | awk '{print $2}' | xargs kill >/dev/null 2>&1

    2. Start Hive Metastore. On the Hive Metastore host machine, execute the following command:

      su - hive -c "env HADOOP_HOME=/usr JAVA_HOME=/usr/jdk64/jdk1.6.0_31 /tmp/startMetastore.sh /var/log/hive/hive.out /var/log/hive/hive.log /var/run/hive/hive.pid /etc/hive/conf.server"

      where, $HIVE_LOG_DIR is the directory where Hive server logs are stored. For example, /var/logs/hive.

    3. Start HiveServer2. On the Hive Server2 host machine, execute the following command:

      su - hive -c "env JAVA_HOME=/usr/jdk64/jdk1.6.0_31 /tmp/startHiveserver2.sh /var/log/hive/hive-server2.out /var/log/hive/hive-server2.log /var/run/hive/hive-server.pid /etc/hive/conf.server"

      where $HIVE_LOG_DIR is the directory where Hive server logs are stored. For example, /var/logs/hive.

Legal notices
loading table of contents...