Setting up the TLS for Impala is also very simple.
Follow this post OpenSSL CA Authority setup with SAN certificate for Cloudera to create SAN certificate for Impala service in pem format.
update the Pem Key/Certificate/key password/CA PEM file like below.
then restart the impala services.
Since my cluster is kerberos enabled, we need valid tiket to access the impala shell, otherwise you will get following error.
[hive@nm1 ~]$ impala-shell -i node1.tanu.com:21000 -k --ssl --ca_cert=/opt/cloude-newcert/MyRootCA.pem
Starting Impala Shell using Kerberos authentication
Using service name 'impala'
-k requires a valid kerberos ticket but no valid kerberos ticket found.
Follow this post OpenSSL CA Authority setup with SAN certificate for Cloudera to create SAN certificate for Impala service in pem format.
update the Pem Key/Certificate/key password/CA PEM file like below.
then restart the impala services.
Since my cluster is kerberos enabled, we need valid tiket to access the impala shell, otherwise you will get following error.
[hive@nm1 ~]$ impala-shell -i node1.tanu.com:21000 -k --ssl --ca_cert=/opt/cloude-newcert/MyRootCA.pem
Starting Impala Shell using Kerberos authentication
Using service name 'impala'
-k requires a valid kerberos ticket but no valid kerberos ticket found.
Now create ticket using kinit command. And use below impala shell, now we are able to access database over TLS.
[hive@nm1 ~]$ kinit
Password for hive@TANU.COM:
[hive@nm1 ~]$ impala-shell -i node1.tanu.com:21000 -k --ssl --ca_cert=/opt/cloude-newcert/MyRootCA.pem
Starting Impala Shell using Kerberos authentication
Using service name 'impala'
SSL is enabled
Connected to node1.tanu.com:21000
Server version: impalad version 2.9.0-cdh5.12.1 RELEASE (build 5131a031f4aa38c1e50c430373c55ca53e0517b9)
***********************************************************************************
Welcome to the Impala shell.
(Impala Shell v2.9.0-cdh5.12.1 (5131a03) built on Thu Aug 24 09:27:32 PDT 2017)
When pretty-printing is disabled, you can use the '--output_delimiter' flag to set
the delimiter for fields in the same row. The default is ','.
***********************************************************************************
[node1.tanu.com:21000] > show databases;
Query: show databases
+------------------+----------------------------------------------+
| name | comment |
+------------------+----------------------------------------------+
| _impala_builtins | System database for Impala builtin functions |
| default | Default Hive database |
| tanu | |
+------------------+----------------------------------------------+
Fetched 3 row(s) in 0.04s
No comments:
Post a Comment