You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/11/19 16:31:00 UTC
[jira] [Work logged] (HIVE-18728) Secure webHCat with SSL
[ https://issues.apache.org/jira/browse/HIVE-18728?focusedWorklogId=514188&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-514188 ]
ASF GitHub Bot logged work on HIVE-18728:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 19/Nov/20 16:30
Start Date: 19/Nov/20 16:30
Worklog Time Spent: 10m
Work Description: HunterL opened a new pull request #1689:
URL: https://github.com/apache/hive/pull/1689
### What changes were proposed in this pull request?
Adds templeton configuration options for enabling TLS
### Why are the changes needed?
Allows more secure connections to WebHCat
The code for this change has been sitting around since 2018. Targeting has moved from 3.0 to 3.1 to now 3.2, I figure moving it over to Github will help get this in.
### Does this PR introduce _any_ user-facing change?
Yes, added configuration options and docs should be updated. The update to the docs has already been made in the original ticket, need someone with editing permissions to do so.
### How was this patch tested?
No tests were added, but you can verify this with a simple curl command.
curl -k 'https://<user>:<password>@<host>:50111/templeton/v1/status'
Any guidance on adding a test for this would be appreciated.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 514188)
Remaining Estimate: 0h
Time Spent: 10m
> Secure webHCat with SSL
> -----------------------
>
> Key: HIVE-18728
> URL: https://issues.apache.org/jira/browse/HIVE-18728
> Project: Hive
> Issue Type: New Feature
> Components: Security
> Reporter: Oleksiy Sayankin
> Assignee: Hunter Logan
> Priority: Major
> Fix For: 3.2.0
>
> Attachments: HIVE-18728.1.patch, HIVE-18728.2.patch, HIVE-18728.3.patch
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Doc for the issue:
> *Configure WebHCat server to use SSL encryption*
> You can configure WebHCat REST-API to use SSL (Secure Sockets Layer) encryption. The following WebHCat properties are added to enable SSL.
> {{templeton.use.ssl}}
> Default value: {{false}}
> Description: Set this to true for using SSL encryption for WebHCat server
> {{templeton.keystore.path}}
> Default value: {{<empty string>}}
> Description: SSL certificate keystore location for WebHCat server
> {{templeton.keystore.password}}
> Default value: {{<empty string>}}
> Description: SSL certificate keystore password for WebHCat server
> {{templeton.ssl.protocol.blacklist}}
> Default value: {{SSLv2,SSLv3}}
> Description: SSL Versions to disable for WebHCat server
> {{templeton.host}}
> Default value: {{0.0.0.0}}
> Description: The host address the WebHCat server will listen on.
> *Modifying the {{webhcat-site.xml}} file*
> Configure the following properties in the {{webhcat-site.xml}} file to enable SSL encryption on each node where WebHCat is installed:
> {code}
> <!-- WebHCat SSL -->
> <property>
> <name>templeton.use.ssl</name>
> <value>true</value>
> </property>
> <property>
> <name>templeton.keystore.path</name>
> <value>/path/to/ssl_keystore</value>
> </property>
> <property>
> <name>templeton.keystore.password</name>
> <value>password</value>
> </property>
> {code}
> *Example:* To check status of WebHCat server configured for SSL encryption use following command
> {code}
> curl -k 'https://<user>:<password>@<host>:50111/templeton/v1/status'
> {code}
> replace {{<user>}} and {{<password>}} with valid user/password. Replace {{<host>}} with your host name.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)