I have HiveServer2 with SSL (minimum TLS1.2 enabled only) and LDAP enabled, no kerberos enabled. hive.server2.transport.mode = binary.
Beeline connections work fine like:
beeline -u jdbc:hive2://domain:10000/default\;ssl=true\;sslTrustStore=/home/user/query.jks\;trustStorePassword=blah -n user -p pass -e "SELECT * FROM table LIMIT 3"
As expected, via beeline not passing the right truststore details or wrong ldap credentials means connection does not work.
I want to use a python library to connect to HiveServer2 (specifically this Hive setup with TLS1.2).
I have looked at several libraries like impyla, pyhive, pyhs2, sqlalchemy but none are working for me. I see several issues raised by others:
- https://community.cloudera.com/t5/Batch-SQL-Apache-Hive/Impyla-TLS-SSL-issues-with-newer-versions-of-SSL/td-p/65136
- https://github.com/cloudera/impyla/issues/293
- https://github.com/dropbox/PyHive/issues/203
- https://github.com/cloudera/impyla/issues/240
- https://github.com/dropbox/PyHive/issues/143
There are many examples online of connecting without a TLS1.2 protected HiveServer2 instance.
`>>> from impala.dbapi import connect
conn = connect(host='domain', port=10000, use_ssl=True, auth_mechanism='LDAP', user='user', password='pass', ca_cert='/home/user/query.pem') Traceback (most recent call last): File "", line 1, in File "/usr/local/lib/python2.7/site-packages/impala/dbapi.py", line 147, in connect auth_mechanism=auth_mechanism) File "/usr/local/lib/python2.7/site-packages/impala/hiveserver2.py", line 658, in connect transport.open() File "/usr/local/lib/python2.7/site-packages/thrift_sasl/init.py", line 68, in open self._trans.open() File "/usr/local/lib64/python2.7/site-packages/thrift/transport/TSSLSocket.py", line 118, in open message=message) thrift.transport.TTransport.TTransportException: Could not connect to domain:10000: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:726)`
