Unable to open client transport with JDBC Uri: jdbc:hive2://...: null: org.apache.thrift.transport.TTransportException

SYMPTOM

After enabling SSL / TLS on HiveServer2, AtScale can no longer communicate with Hive.
The Hadoop cluster uses Kerberos, and the Hive version is 1.1 or 1.2.

EXAMPLES

  • Could not open client transport with JDBC Uri: jdbc:hive2://cdh5101.standalone.localdomain:10000/default;principal=hive/_HOST@TEST.LOCALDOMAIN;ssl=true;sslTrustStore=/etc/security/clientKeys/all.jks;trustStorePassword=changeit: null: org.apache.thrift.transport.TTransportException
  • java.sql.SQLException: Could not open client transport with JDBC Uri: jdbc:hive2://node1.test.localdomain:10000/;ssl=true;sslTrustStore=/etc/security/clientKeys/all.jks;trustStorePassword=changeit;principal=hive/_HOST@TEST.LOCALDOMAIN: Invalid status 21

ROOT CAUSE

https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2#SettingUpHiveServer2-SSLEncryption

When hive.server2.transport.mode is binary and hive.server2.authentication is KERBEROS,
SSL encryption only worked on Hive 2.0. Set hive.server2.thrift.sasl.qop to auth-conf\
to enable encryption. See HIVE-14019 for details.

WORKAROUND

Use hive.server2.thrift.sasl.qop=auth-conf or use hive.server2.transport.mode=http

RESOLUTION

No solution is available from AtScale as this is a Hive 1.x limitation.  Please consult with your Hadoop distributor.

Was this article helpful?

0 out of 0 found this helpful