Configure Encryption Zone Security

Under certain conditions, you need to perform a security-related task to allow access to tables stored in encryption zones. You find out how to prevent access problems to these tables.

Hive on Tez cannot run some queries on tables stored in encryption zones under certain conditions. When the Hadoop Key Management Server (KMS) connection is SSL-encrypted and a self signed certificate is used, perform the following procedure.
  1. Perform either of the following actions:
    • Install self signed SSL certificate into the cacerts file on all hosts and skip the steps below.
    • Perform the steps below.
  2. Copy the ssl-client.xml to a directory that is available on all hosts.
  3. In Cloudera Manager, click Clusters > Hive on Tez > Configuration. Clusters > Hive on Tez > Configuration.
  4. Search for the Hive Service Advanced Configuration Snippet (Safety Valve) for hive-site.xml setting.
  5. In the Hive Service Advanced Configuration Snippet (Safety Valve) for hive-site.xml setting, click +.
  6. In Name enter the property tez.aux.uris and in value enter path-to-ssl-client.xml.