...
ZooKeeper-based service discovery introduced in Hive 0.14.0 (HIVE-7935) enables high availability and rolling upgrade for HiveServer2. A JDBC URL that specifies <zookeeper quorum> needs to be used to make use of these features. That is, at least in `hive-site.xml` or other configuration files for HiveServer2, `hive.server2.support.dynamic.service.discovery` should be set to `true`, and `hive.zookeeper.quorum` should be defined to point to several started Zookeeper Servers. Reference Configuration Properties .
The minimal configuration example is as follows.
Code Block |
---|
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<property>
<name>hive.server2.support.dynamic.service.discovery</name>
<value>true</value>
</property>
<property>
<name>hive.zookeeper.quorum</name>
<value>127.0.0.1:2181</value>
</property>
</configuration> |
With further changes in Hive 2.0.0 and 1.3.0 (unreleased, HIVE-11581), none of the additional configuration parameters such as authentication mode, transport mode, or SSL parameters need to be specified, as they are retrieved from the ZooKeeper entries along with the hostname.
...
In the environment where exposing trustStorePassword
and keyStorePassword
in the connection URL is a security concern, a new option storePasswordPath
is introduced with HIVE-27308 that can be used in URL instead of trustStorePassword
and keyStorePassword
. storePasswordPath
value hold the path to the local keystore file storing the trustStorePassword
and keyStorePassword
aliases. When the existing trustStorePassword
or keyStorePassword
is present in URL along with storePasswordPath
, respective password is directly obtained from password option. Otherwise, fetches the particular alias from local keystore file(i.e., Existing existing password options are preferred over storePasswordPath
).
...
A local keystore file can be created leveraging hadoop credential command with trustStorePassword
and keyStorePassword
aliases like below. And this file can be passed with storePasswordPath
option in the connection URL.
hadoop credential create trustStorePassword -value FDUxmzTxW15xWoaCk6GxLlaoHjnjV9H7iHqCIDxTwoq mytruststorepassword -provider localjceks://file/tmp/store/client_creds.jceks
hadoop credential create keyStorePassword -value FDUxmzTxW15xWoaCk6GxLlaoHjnjV9H7iHqCIDxTwoq mykeystorepassword -provider localjceks://file/tmp/store/client_creds.jceks
Passing HTTP Header Key/Value Pairs via JDBC Driver
...