Configure Encryption Zone Security

Hive on Tez cannot run some queries on tables stored in encryption zones under certain conditions. When the Hadoop Key Management Server (KMS) connection is SSL-encrypted and a self signed certificate is used, you need to perform a security-related task to allow access.

  1. Perform either of the following actions:
    • Install self signed SSL certificate into the cacerts file oon all hosts and skip the steps below.
    • Perform the steps below.
  2. Copy the ssl-client.xml to a directory that is available on all hosts.
  3. In Cloudera Manager, click Clusters > Hive on Tez > Configuration. Clusters > Hive on Tez > Configuration.
  4. Search for the Hive Service Advanced Configuration Snippet (Safety Valve) for hive-site.xml setting.
  5. In the Hive Service Advanced Configuration Snippet (Safety Valve) for hive-site.xml setting, click +.
  6. InName enter the property tez.aux.uris and in value enter path-to-ssl-client.xml.