Learn how you can configure the Hive (Hive Metastore) service to securely connect to
its database using TLS 1.2 when installing a new cluster.
When installing a new cluster, Hive Metastore's database connection is set up during
the Setup Database step of the Add Cluster - Configuration wizard.
Complete the following when you reach this step in the wizard to configure TLS
1.2.
-
In the Setup Database page for Hive, click the Type
drop-down list and select the appropriate database type.
-
Click the Use JDBC URL Override drop-down list and
select Yes.
-
In the JDBC URL field, specify the appropriate JDBC URL connection
string.
The JDBC URL must contain all necessary properties required for Hive Metastore
to establish a secure connection with its database. Use the following templates
to construct the JDBC URL:
- MySQL
-
jdbc:mysql://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE-PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE-PASSWORD***]&enabledTLSProtocols=TLSv1.2
- PostgreSQL
-
jdbc:postgresql://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE-PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE-PASSWORD***]&enabledTLSProtocols=TLSv1.2
- MariaDB
-
jdbc:mysql://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE-PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE-PASSWORD***]&enabledTLSProtocols=TLSv1.2
- Oracle
-
jdbc:oracle:thin:@tcps://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?javax.net.ssl.trustStore=[***TRUSTSTORE-PATH***]&javax.net.ssl.trustStorePassword=[***TRUSTSTORE-PASSWORD***]&oracle.net.ssl_server_dn_match=false
-
Click Test Connection to validate the settings.
If the connection fails, review your configuration, fix any errors, and test
the connection again.
-
Click Continue to proceed with the installation.