Using JDBC or Beeline to Connect to HiveServer2

The HiveServer2 authentication method and client type determine how the HiveServer2 clients connect to HiveServer2.

TIP
For details on how to install and use ODBC to connect to Hive, see Using ODBC to Connect to HiveServer2. When connecting to Hive via ODBC, the client must have a valid Data Fabric or Kerberos ticket.

Using JDBC or Beeline to Connect to HiveServer2

The default port for HiveServer2 is 10000.

The following table lists HiveServer2 authentication mechanisms with the connection parameters required in the JDBC connection string. For a complete list of the JDBC connection string parameters, refer to the next section, Hive JDBC Connection String Parameters.

HiveServer2 Authentication Connection Requirements
No Authentication

Connection String: jdbc:hive2://<hs2_hostname>:10000<database>; You must enter a valid user name.

For encryption, JDBC requires a truststore and an optional truststore password.

  • Connection String with Encryption: jdbc:hive2://<hs2_hostname>:10000/<database>; You must enter a valid user name.ssl=true;sslTrustStore=<path-to-truststore>;sslTrustStorePassword=<password>

  • Connection String with Encryption (truststore passed in JVM arguments): jdbc:hive2://<hs2_hostname>:<port>/<database>;ssl=true

    NOTE
    Prior to connecting to an application that uses JDBC, such as Beeline, you can run the following command to pass the truststore parameters as Java arguments:
    export HADOOP_OPTS="-Djavax.net.ssl.trustStore=<path-to-trust-store-file>
    -Djavax.net.ssl.trustStorePassword=<password>" 
MapR-SASL (included as part of the secure by default configuration)

Connection String: jdbc:hive2://<hs2_hostname>:10000/<database>;auth=maprsasl;ssl=true;

MapR-SASL encryption is enabled by default. For more information, see Configuring JDBC Connection String with SSL Encryption Enabled or Disabled.
NOTE
MapR-SASL is not supported for Hive in HTTP mode.

Connection for Java Application: Use the -D flag to append the JVM argument: -Dhadoop.login=maprsasl.

PAM

Connection String: jdbc:hive2://<hs2_hostname>:10000/<database>;user=<user>;password=<password>

PAM + SSL (included as part of the secure by default configuration)

Connection String: jdbc:hive2://<hs2_hostname>:10000/<database>;ssl=true;user=<user>;password=<password>. For more information, see Configuring JDBC Connection String with SSL Encryption Enabled or Disabled.

Kerberos

Connection String: jdbc:hive2://<hostname>:10000/default;principal=mapr/<FQDN@REALM>

Connection for Java Application: Use the -D flag to append the JVM argument: -Dhadoop.login=hybrid

NOTE
The client nodes must also have a Kerberos ticket and be configured to connect to HiveServer2 to use Kerberos.
LDAP Connection String: jdbc:hive2://<hs2_hostname>:10000/<database>;user=<ldap_user>;password=<ldap _password>
ZooKeeper

Connection String: jdbc:hive2://<hostname>:<port>,<hostname>:<port>/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2

Example:
hive --service beeline -u 
     'jdbc:hive2://zookeeper1.com:5181,zookeeper2.com:5181,zookeeper3.com:5181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2' -n mapr -p

Hive JDBC Connection String Parameters

The following example shows a common Hive JDBC connection string:
jdbc:hive2://zookeeper_quorum|hs2_host:port/[db][;principal=<hs2_principal>/<hs2_host>|_HOST@<KDC_REALM>][;transportMode=binary|http][;httpPath=<http_path>][;serviceDiscoveryMode=zookeeper;zooKeeperNamespace=<zk_namespace>][;auth=maprsasl][;ssl=true|false][;sslKeyStore=<key_store_path>][;keyStorePassword=<key_store_password][;sslTrustStore=<trust_store_path>][;trustStorePassword=<trust_store_password>][;twoWay=true|false]
The following table lists all the Hive JDBC connection string parameters with default values where applicable:
JDBC Parameter Default Comment
zookeeper_quorum Zookeeper quorum. Used only if HA mode for HiveServer2 is enabled.
hs2_host The hostname of the node with an active HS2 server running.
port 10000/10001 HiveServer2 port. Defaults to 10000 in binary mode. Defaults to 10001 in HTTP transport mode.
[db] default The database name to which you want to connect.
[;principal=<hs2_principal>/<hs2_host>|_HOST@<KDC_REALM>] Kerberos principal. Used with Kerberos security only.
[;transportMode=binary|http] binary

HS2 uses a TThreadPoolServer (from Thrift) for TCP (binary) mode, or a Jetty server for the HTTP mode.

HTTP mode is required when a proxy is needed between the client and server, for example, for load balancing or security reasons.

[;httpPath=<http_path>] cliservice or / The corresponding HTTP endpoint. The default value is cliservice or /. See conf hive.server2.thrift.http.path
[;serviceDiscoveryMode=zookeeper;zooKeeperNamespace=<zk_namespace>] <zk_namespace> is the parent node in ZooKeeper used by HiveServer2 when supporting dynamic service discovery.
[;auth=maprsasl] Used with MapR SASL security.
[;ssl=true|false] false Used to enable SSL encryption.
[;sslKeyStore=<key_store_path>] Default value is read from $MAPR_HOME/conf/ssl-client.xml This parameter only takes effect when ssl=true. Path is the path to the keystore.
[;keyStorePassword=<key_store_password] Default value is read from $MAPR_HOME/conf/ssl-client.xml This param will take effect only when ssl=true. Keystore password.
[;sslTrustStore=<trust_store_path>] Default value is read from $MAPR_HOME/conf/ssl-client.xml This param will take effect only when ssl=true. Path is the path to the truststore.
[;trustStorePassword=<trust_store_password>] Default value is read from $MAPR_HOME/conf/ssl-client.xml This parameter only takes effect when ssl=true. Password is the truststore password.
[;twoWay=true|false] HIVE-10447 enabled the JDBC driver to support 2-way SSL in HTTP mode. Currently, HiveServer2 does not support 2-way SSL. This features is useful when there is an intermediate server, such as Knox, which requires the client to support 2-way SSL.