MapR 5.0 Documentation : Enabling SSL Encryption for Impala

  1. Configure hive-site.xml with the following properties:

    <property>
      <name>hive.metastore.uris</name>
        <value>thrift://<hive_metastore_host>:9083</value>
          <description>IP address or fully-qualified domain name, and port number, of the Hive metastore host
    </description>
          </property>
    <property>
    <property>
      <name>hive.server2.use.SSL</name>
        <value>true</value>
          <description>enable/disable SSL communication</description>
          </property>
    <property>
      <name>hive.server2.keystore.path</name>
        <value>/opt/mapr/conf/ssl_keystore</value>
          <description>path to keystore file</description>
    </property>
    <property>
      <name>hive.server2.keystore.password</name>
        <value>mapr123</value>
          <description>keystore password</description>
    </property>

     

     

  2. Add both of the following flags to the Impala start-up options in /opt/mapr/impala/impala-<version>/conf/env.sh:

 

FlagDescription
-ssl_server_certificateFull path to the server certificate on the local file system.
-ssl_private_key Full path to the server private key on the local file system.

For more information about configuring Impala start-up options, refer to Additional Impala Configuration Options.

When you add the SSL flags to Impala start-up options, Impala listens for HiveServer2 on the SSL-secured ports. A client program usually has equivalent options to verify a connection to the correct server.

After you enable SSL, you can issue the following options when you start the impala-shell:

OptionDescription
-sslEnables SSL for the impala-shell.
-ca_certLocal path name that points to the third-party CA certificate, or to a copy of the server certificate for self-signed server certificates. If --ca_cert is not set, impala-shell enables SSL, but does not validate the server certificate. This is useful for connecting to an Impala node that you know is only running over SSL when a copy of the certificate is not available.

For more information about the impala-shell, refer to Impala-Shell and Command Line Options.

Comments:

  <name>hive.server2.use.SSL</name>
    <value>true</value>
      <description>enable/disable SSL communication</description>
      </property>

Please correct  property name from "hive.server2.use.SSL" to "hive.server2.enable.ssl"

Or we can add link to Hive doc for Step #1 - Hive Encryption

Posted by docs at Oct 29, 2015 05:30

Correction made

Posted by jwolley at Oct 29, 2015 11:48

Need to change it back after discussion with Olga.

"hive.server2.enable.ssl" should be "hive.server2.use.SSL" 

Posted by pheid at Nov 12, 2015 11:25