Database setup details for Hue for TLS 1.2/TCPS-enabled databases

Hue automatically uses TLS 1.2 when you create a CDP cluster with the Auto-TLS option. You can also enable TLS in Hue configurations after you add the Hue service to your cluster using Cloudera Manager.

If TLS 1.2 is enabled on the database servers, and the databases are restricted or enforced to use TLS 1.2, then Hue automatically uses the TLS1.2-compatible ciphers to communicate with the database securely. You do not have to configure any setting in Hue's Advanced Configuration Snippet or any other configurations. This is applicable when using MySQL, MariaDB, or PostgreSQL databases as a backend database for Hue.

To restrict the MySQL and MariaDB databases to use TLS 1.2, set the value of the require_secure_transport to true in the my.cnf file.

To enable TLS 1.2 on the Hue instance, go to Cloudera Manager > Clusters > Hue service > Configurations and select the Enable TLS/SSL for Hue option.

If TCPS is enabled on the Oracle database, then you can specify the connection string containing the TCPS protocol in the Database SID field.

  • You must have enabled TLS 1.2 or TCPS on the Hue database.
  • You must have created database users.
  • You must have installed the MySQL client (for MySQL or MariaDB databases).
  • You must have installed the psycopg2 Python package (for PostgreSQL database).
  1. Select the appropriate database type from the Type drop-down menu.
  2. Enter the Fully Qualified Domain Name (FQDN) of the host on which you have installed the database in the Database Hostname field.
    If the database is not running on its default port, then specify the port number in the following format: [***HUE-DB-HOST***]:[***DB-PORT***].
    Where,

    [***HUE-DB-HOST***] is the FQDN of the database host

    [***DB-PORT***] is the database port

  3. Specify the database name in the Database Name field.
    For Oracle databases, specify the SID in the Database SID field.
    If you are using Oracle Service Name instead of SID, then specify the database name in the following format:
    [***HUE-DB-HOST***]:1521/[***SERVICE-NAME***]
    Where,

    [***HUE-DB-HOST***] is the FQDN of the database host

    [***SERVICE-NAME***] is the Oracle service name

    You can also specify the following connection string in the Database Name field:
    (DESCRIPTION=(LOAD_BALANCE=off)(FAILOVER=on)(CONNECT_TIMEOUT=5)(TRANSPORT_CONNECT_TIMEOUT=3)(RETRY_COUNT=3)(ADDRESS=(PROTOCOL=TCPS)(HOST=[***HUE-DB-HOST***])(PORT=[***HUE-DB-PORT***]))(CONNECT_DATA=(SERVICE_NAME=[***SERVICE-NAME***])(SECURITY =
     (MY_WALLET_DIRECTORY = /[***PATH-TO-WALLET-FILE***])))
    Where,

    [***HUE-DB-HOST***] is the FQDN of the database host

    [***HUE-DB-PORT***] is the port for the Hue database

    [***SERVICE-NAME***] is the Oracle service name

    [***PATH-TO-WALLET-FILE***] is the location at which you have copied the wallet file (cwallet.sso) on the Hue host

  4. Enter the database username and password you set up for Hue database in the Username and Password fields.
  5. Click Test Connection.
    If the connection test fails, review your configuration, fix any errors, and rerun the connection test.
  6. Click Continue to continue with cluster installation.