Configuring Encryption for ODBC Connection

Explains how to configure SSL encryption between ODBC connection to Hiveserver2 on non-secure cluster.

About this task

Hive uses cyrus-sasl-plain package for ODBC connection.

Procedure

Generate ssl_keystore/ssl_truststore by running the following command:
```
sudo bash /opt/mapr/server/manageSSLKeys.sh create -ug mapr:mapr
```
IMPORTANT
Make a note of the CN=HOST_NAME parameter in the output.
Configure SSL for Hive as described in Configure Encryption without Authentication.
Generate the .pem file. To generate:
1. Verify that ssl_keystore and ssl_truststore are present on the system.
```
cd /opt/mapr/conf                     
ll *ssl*store*
```
  If ssl_keystore and ssl_truststore are not present, then generate them.
2. Generate .pem file using <ssl-keystore-password> password.
```
keytool -importkeystore -srckeystore ssl_keystore -destkeystore ssl_keystore.p12 -srcstoretype jks -deststoretype pkcs12 
```
3. Verify that the ssl_keystore.p12 and ssl_keystore.pem files are created.
  For example:
```
openssl pkcs12 -in ssl_keystore.p12 -out ssl_keystore.pem 
openssl x509 -text -in ssl_keystore.pem
```

Configure SSL for ODBC driver by making the following changes in the /etc/odbc.ini, /etc/odbcinst.ini, and /etc/mapr.hiveodbc.init files. That is, in the:

/etc/odbc.ini file:

Replace <HOST_NAME> with the host name.
Set the value for TrustedCerts to path to ssl_keystore.pem file.

Add the following to the file:

[ODBC Data Sources]
Sample MapR Hive DSN=Hive Hive ODBC Driver 64-bit
[Hive]
Driver=/opt/mapr/hiveodbc/lib/64/libmaprhiveodbc64.so
HOST=<HOST_NAME>
PORT=10000
SSL=1
CAIssuedCertNamesMismatch=1
TrustedCerts=/opt/mapr/conf/ssl_keystore.pem
AuthMech=4

/etc/odbcinst.ini file, add the following:

[ODBC Drivers]
Mapr Hive ODBC Driver=Installed
[Mapr Hive ODBC Driver 64-bit]
Description=Mapr Hive ODBC Driver (64-bit)
Driver=/opt/mapr/hiveodbc/lib/64/libmaprhiveodbc64.so

etc/mapr.hiveodbc.ini file, add the following:

[Driver]
ErrorMessagesPath=/opt/mapr/hiveodbc/ErrorMessages/
LogLevel=0
LogPath=
SwapFilePath=/tmp

Example

Sample /etc/odbc.ini file

[ODBC Data Sources] 
Sample MapR Hive DSN=Hive Hive ODBC Driver 64-bit 
[Hive] 
Driver=/opt/mapr/hiveodbc/lib/64/libmaprhiveodbc64.so 
HOST=<HOST_NAME> 
PORT=10000 
SSL=1 
CAIssuedCertNamesMismatch=1 
TrustedCerts=/opt/mapr/conf/ssl_keystore.pem 
AuthMech=4

Sample /etc/odbcinst.ini file

[ODBC Drivers] 
Mapr Hive ODBC Driver=Installed 
[Mapr Hive ODBC Driver 64-bit] 
Description=Mapr Hive ODBC Driver (64-bit) 
Driver=/opt/mapr/hiveodbc/lib/64/libmaprhiveodbc64.so

Sample /etc/mapr.hiveodbc.ini file

[Driver] 
ErrorMessagesPath=/opt/mapr/hiveodbc/ErrorMessages/ 
LogLevel=0 
LogPath= 
SwapFilePath=/tmp

HPE Ezmeral Data Fabric – Customer-Managed 7.9.0 Documentation
Abstract	This site contains documentation for the customer-managed platform of the HPE Ezmeral Data Fabric version 7.9.0 including installation, configuration, administration, and reference content, as well as content for the associated bundled ecosystem components and drivers.
Published	November 2024
Edition	7.9.0