SYMPTOM
After enabling SSL / TLS on HiveServer2, AtScale can no longer communicate with Hive.
The Hadoop cluster uses Kerberos, and the Hive version is 1.1 or 1.2.
EXAMPLES
- Could not open client transport with JDBC Uri: jdbc:hive2://cdh5101.standalone.localdomain:10000/default;principal=hive/_HOST@TEST.LOCALDOMAIN;ssl=true;sslTrustStore=/etc/security/clientKeys/all.jks;trustStorePassword=changeit: null: org.apache.thrift.transport.TTransportException
- java.sql.SQLException: Could not open client transport with JDBC Uri: jdbc:hive2://node1.test.localdomain:10000/;ssl=true;sslTrustStore=/etc/security/clientKeys/all.jks;trustStorePassword=changeit;principal=hive/_HOST@TEST.LOCALDOMAIN: Invalid status 21
ROOT CAUSE
When hive.server2.transport.mode is binary and hive.server2.authentication is KERBEROS,
SSL encryption only worked on Hive 2.0. Set hive.server2.thrift.sasl.qop to auth-conf\
to enable encryption. See HIVE-14019 for details.
WORKAROUND
Use hive.server2.thrift.sasl.qop=auth-conf or use hive.server2.transport.mode=http
RESOLUTION
No solution is available from AtScale as this is a Hive 1.x limitation. Please consult with your Hadoop distributor.