Configuring a Generic Hive Database Account for Cloudera Data Platform Knox

Overview

The Hive Snap Pack supports Apache Knox authentication to connect to the Hive service on the Cloudera Data Platform (CDP)'s Data Hub clusters. Using the Workload user's credentials, you can use a Generic Hive Database Account to connect to the Hive database through the Knox reverse proxy. The Cloudera Workload user credentials are used to authenticate with the Knox reverse proxy and subsequently connect to the Hive database. The Knox reverse proxy hides the complex details for managing the authentication and authorization based on the Kerberos protocol.

Prerequisites

  • Valid Cloudera Workload user’s credentials.
  • Cloudera instance.
Note: This article considers an existing Data Hub Cluster in the Cloudera Data Platform.

Locate Details in the Cloudera Data Platform

To validate your Generic Hive Database account in the SnapLogic platform with the Cloudera Knox reverse proxy, you must have the following details:

  • JDBC URL

  • JDBC Driver Class
  • Workload User name and password.
  1. Log in to the CDP portal (https://sso.cloudera.com) or register yourself if you do not have an account. The MyCloudera home page opens.

  2. Click your Profile icon and select the Cloudera Data Platform. For example, Cloudera Data Platform US West. You are redirected to the Cloudera Data Platform page.

    Note: We are using Cloudera Data Platform US West to demonstrate the procedure of accessing details from the CDP.



  3. Under Data Management, click the Management Console card.

  4. Click Data Hub Clusters and select the Data Hub Cluster that is active and running. The list of hub clusters is displayed.



  5. Under Cloudera Manager Info, click the Endpoints tab. All services that are running on the CDP display.
  6. Copy or note the JDBC URL of the Hive Server to use it in the Generic Hive Database Account.

  7. Navigate to User Management in the left navigation pane, click the <user>, select Profile, and note the Workload credentials.

Configuring a Generic Hive Database Account with Settings from the CDP

  1. Drag the Hive - Execute Snap.

  2. Add the Generic JDBC Database Account account to the Snap.

  3. Enter the Username and Password of your Cloudera Workload instance. (Refer to Step 7 above.)

  4. Enter the JDBC URL of the Hive Server.

    Note: By default, the raw URL (refer to the Step 6 in the section above for the raw URL format) is obtained from the CDP; you must enter the port number right after the domain and update the SSL value from true to 1, wherein 0 is false and 1 is true.

    1. Enter the Site number as 443.

    2. If the SSL is enabled on the Hive server, leave SSL as true. If the SSL is not enabled on the server, enter SSL as 0 or 1.

      For example, jdbc:hive2://<cdp-datahub-cluster-host>:443/;ssl=1;transportMode=http;httpPath=data-hub-cluster-1/cdp-proxy-api/hive

  5. Upload the Hive driver in the JDBC Driver field. You can download the latest JDBC Hive driver from here.

  6. Specify the JDBC Driver Class as com.cloudera.hive.jdbc.HS2Driver.

  7. Click Validate. Your account should be validated successfully.