Start Hive using a password

You start the Hive shell using a Beeline command to query Hive as an end user authorized by Apache Ranger. As administrator, you set up the end user in the operating system and in Ranger.

  1. In CDP Public Cloud, navigate to Environments > your environment > Data Lakes > your data lake.
  2. In the Data Lake Cluster tab, click Ranger > cm_hive and in Allow Conditions, edit all - database, table, column.
  3. Add your user or group name to Hive policies to grant full access to Hive.
    For example, add the admins group name to the list of groups that can access Hive.
  4. In Environments > your environment > Data Lakes > your data lake, in the Data Lake Cluster tab, click CM-UI.
  5. In Cloudera Manager, click Hosts > All Hosts.
  6. Make a note of the IP address or host name of a node in your cluster, for example myhost-vpc.cloudera.com.
  7. Use ssh to log into the cluster.
    For example:
    ssh myhost-vpc.cloudera.com
    You can get help about starting the Hive shell. On the command line, type
    hive -h
    Output is:
    Connect using simple authentication to HiveServer2 on localhost:10000
    beeline -u jdbc:hive2://localhost:10000 username password
                        
    Connect using simple authentication to HiveServer2 on hs.local:10000 using -n for username and -p for password
    beeline -n username -p password -u jdbc:hive2://hs2.local:10012
                        
    Connect using Kerberos authentication with hive/localhost@mydomain.com as HiveServer2 principal
    beeline -u "jdbc:hive2://hs2.local:10013/default;principal=hive/localhost@mydomain.com"
                        
    Connect using SSL connection to HiveServer2 on localhost at 10000
    beeline "jdbc:hive2://localhost:10000/default;ssl=true;sslTrustStore=/usr/local/truststore;trustStorePassword=mytruststorepassword"
                        
    Connect using LDAP authentication
    beeline -u jdbc:hive2://hs2.local:10013/default <ldap-username> <ldap-password>
  8. Using the fully qualified domain name or IP address a node in your cluster from Cloudera Manager > Hosts > Role(s) and looking through the list of roles to find Hive on Tez HiveServer2, for example.
    This node has the HiveServer role, so you can use the name or IP address in Beeline.
  9. Start the Hive shell.
    • Use your user name if your cluster security is set up.
    • Use the user name hive and no password.
    Substitute the name or IP address of your HiveServer host for 10.65.13.98.
    Simple authentiation:
    beeline -u jdbc:hive2://10.65.13.98:10000 -n <your user name> -p
    Kerberos:
    beeline -u "jdbc:hive2://10.65.13.98:10000/default;principal=hive/_HOST@CLOUDERA.SITE"
  10. Enter Hive queries.
    SHOW DATABASES;
    CREATE TABLE students (name VARCHAR(64), age INT, gpa DECIMAL(3,2));
    INSERT INTO TABLE students VALUES ('fred flintstone', 35, 1.28), ('barney rubble', 32, 2.32);