Enabling SSL Encryption Between Hue and Hive

The following procedure explains how to enable SSL encryption between Hue and Hive. This procedure works on a secure cluster.

  1. Start Hue:
    maprcli node services -name hue -action start -nodes <node name>

    When you start or restart Hue on a secure cluster, keys are generated at $HUE_HOME. If generated keystore files already exist in that location, the script does nothing. The script is located here: $HUE_HOME/bin/secure.sh, and it runs with a set of default parameters, which should not be changed.

  2. Add the following SSL configuration information to the hue.ini file (under the beeswax section):
    # SSL communication enabled for this server.
    # Path to certificate authority certificates.
    ## cacerts=/etc/hue/cacerts.pem
    # Path to the private key file.
    # Path to the public certificate file.
    # Choose whether Hue should validate certificates received from the server.
  3. Make sure that no custom authentication mechanism is turned on and configure the hive-site.xml with the following properties:
          <description>enable/disable SSL communication</description>
          <description>path to keystore file</description>
          <description>keystore password</description>
  4. Restart Hue, Hive Metastore, and HiveServer2.
    • To restart Hue:
      maprcli node services -name hue -action start -nodes <hostname>
    • To restart Hive Metastore:
      maprcli node services -name hivemeta -action start -nodes <space delimited list of nodes>
    • To restart HiveServer2:
      maprcli node services -name hs2 -action start -nodes <space delimited list of nodes>