When I enable SSL on Hive 0.13.x in Amazon EMR and attempt to connect to hiveserver2 using a client such as Beeline, I get an error message similar to the following: 

Error: Invalid URL: jdbc:hive2://localhost:10000/default;ssl=true;sslTrustStore=/home/hadoop/keystore/truststore.jks;trustStorePassword==******
(state=08S01,code=0)
java.sql.SQLException: Invalid URL: jdbc:hive2://localhost:10000/default;ssl=true;sslTrustStore=/home/hadoop/keystore/truststore.jks;trustStorePassword==******
at org.apache.hadoop.hive.jdbc.HiveConnection.<init>(HiveConnection.java:86)
at org.apache.hadoop.hive.jdbc.HiveDriver.connect(HiveDriver.java:106)
at java.sql.DriverManager.getConnection(DriverManager.java:571)
at java.sql.DriverManager.getConnection(DriverManager.java:187)

Note: This problem affects all Amazon EMR 3.x Amazon Machine Image (AMI) versions. It does not affect later Amazon EMR AMIs.

When you enable SSL on Hive 0.13.x and restart hiveserver2, hiveserver2 listens on the local IP address of the master node instead of on localhost.

1.    Open the Amazon EMR console and choose Clusters on the navigation pane.

2.    Choose the name of your cluster, and then choose the Hardware tab.

3.    Choose the ID of the master node, and then copy the Private IP address.

4.    Open Beeline.

5. In the connection URL, replace localhost with the private IP address of the master node. For example:

!connect jdbc:hive2://{masterNodePrivateIP}:10000/default;ssl=true;sslTrustStore={/path/to/file.jks};trustStorePassword={some_jks_pass} {user} {pass}

6.    Verify that you can connect to hiveserver2 using the client with SSL enabled.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2018-09-06