Cloudera Docs

Database setup details for Hive Metastore for TLS 1.2/TCPS-enabled databases

Learn how you can configure the Hive (Hive Metastore) service to securely connect to its database using TLS 1.2 when installing a new cluster.

When installing a new cluster, Hive Metastore's database connection is set up during the Setup Database step of the Add Cluster - Configuration wizard. Complete the following when you reach this step in the wizard to configure TLS 1.2.

  • Ensure that TLS 1.2 is enabled on the Hive Metastore database.
  • Ensure that the Database SSL trusted certificates are exported and added to the Java truststore file.
  1. In the Setup Database page for Hive, click the Type drop-down list and select the appropriate database type.
  2. Click the Use JDBC URL Override drop-down list and select Yes.
  3. In the JDBC URL field, specify the appropriate JDBC URL connection string.
    The JDBC URL must contain all necessary properties required for Hive Metastore to establish a secure connection with its database. Use the following templates to construct the JDBC URL:
    MySQL
    jdbc:mysql://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE-PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE-PASSWORD***]&enabledTLSProtocols=TLSv1.2
    PostgreSQL
    jdbc:postgresql://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE-PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE-PASSWORD***]&enabledTLSProtocols=TLSv1.2
    MariaDB
    jdbc:mysql://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE-PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE-PASSWORD***]&enabledTLSProtocols=TLSv1.2
    Oracle
    jdbc:oracle:thin:@tcps://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?javax.net.ssl.trustStore=[***TRUSTSTORE-PATH***]&javax.net.ssl.trustStorePassword=[***TRUSTSTORE-PASSWORD***]&oracle.net.ssl_server_dn_match=false
    Where,
    • [***DB-HOST***], [***DB-PORT***], and [***DB-NAME***] represent the Host, Port, and Database name used for the Hive Metastore service.
    • [***TRUSTSTORE-PATH***] represents the path to the Java truststore file.
    • [***TRUSTSTORE-PASSWORD***] represents the password used to access the Java truststore file.
  4. Click Test Connection to validate the settings.
    If the connection fails, review your configuration, fix any errors, and test the connection again.
  5. Click Continue to proceed with the installation.
The Hive Metastore service establishes a secure connection with its database.