knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mkonone...@apache.org
Subject svn commit: r1587180 - in /knox: site/ site/books/knox-0-4-0/ trunk/books/0.4.0/
Date Mon, 14 Apr 2014 10:58:42 GMT
Author: mkononenko
Date: Mon Apr 14 10:58:41 2014
New Revision: 1587180

URL: http://svn.apache.org/r1587180
Log:
KNOX-344. Updated Hive documentation to be consistent with Hive 0.13.

Modified:
    knox/site/books/knox-0-4-0/knox-0-4-0-new.html
    knox/site/books/knox-0-4-0/knox-0-4-0.html
    knox/site/index.html
    knox/site/issue-tracking.html
    knox/site/license.html
    knox/site/mail-lists.html
    knox/site/project-info.html
    knox/site/team-list.html
    knox/trunk/books/0.4.0/book_gateway-details.md
    knox/trunk/books/0.4.0/service_hive.md

Modified: knox/site/books/knox-0-4-0/knox-0-4-0-new.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-4-0/knox-0-4-0-new.html?rev=1587180&r1=1587179&r2=1587180&view=diff
==============================================================================
--- knox/site/books/knox-0-4-0/knox-0-4-0-new.html (original)
+++ knox/site/books/knox-0-4-0/knox-0-4-0-new.html Mon Apr 14 10:58:41 2014
@@ -307,7 +307,7 @@ Server: Jetty(6.1.26)
   </ul></li>
   <li>Hive JDBC
   <ul>
-    <li>Gateway: <code>jdbc:hive2://{gateway-host}:{gateway-port}/?hive.server2.transport.mode=https;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive</code></li>
+    <li>Gateway: <code>jdbc:hive2://{gateway-host}:{gateway-port}/;ssl=true;sslTrustStore={gateway-trust-store-path};trustStorePassword={gateway-trust-store-password}?hive.server2.transport.mode=http;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive</code></li>
     <li>Cluster: <code>http://{hive-host}:10001/cliservice</code></li>
   </ul></li>
 </ul><p>The values for <code>{gateway-host}</code>, <code>{gateway-port}</code>,
<code>{gateway-path}</code> are provided via the gateway configuration file (i.e.
<code>{GATEWAY_HOME}/conf/gateway-site.xml</code>).</p><p>The value
for <code>{cluster-name}</code> is derived from the file name of the cluster topology
descriptor (e.g. <code>{GATEWAY_HOME}/deployments/{cluster-name}.xml</code>).</p><p>The
value for <code>{webhdfs-host}</code>, <code>{webhcat-host}</code>,
<code>{oozie-host}</code>, <code>{hbase-host}</code> and <code>{hive-host}</code>
are provided via the cluster topology descriptor (e.g. <code>{GATEWAY_HOME}/deployments/{cluster-name}.xml</code>).</p><p>Note:
The ports 50070, 50111, 11000, 60080 and 10001 are the defaults for WebHDFS, WebHCat, Oozie,
Stargate/HBase and Hive respectively. Their values can also be provided via the cluster topology
descriptor if your Hadoop cluster uses different ports.</p></div><div id="Configuration"><h3><a
id="Configuration"></a>Confi
 guration</h3><h4><a id="Topology+Descriptors"></a>Topology Descriptors</h4><p>The
topology descriptor files provide the gateway with per-cluster configuration information.
This includes configuration for both the providers within the gateway and the services within
the Hadoop cluster. These files are located in <code>{GATEWAY_HOME}/deployments</code>.
The general outline of this document looks like this.</p>
@@ -2530,7 +2530,7 @@ session.shutdown(10, SECONDS)
   <tbody>
     <tr>
       <td>Gateway </td>
-      <td><code>jdbc:hive2://{gateway-host}:{gateway-port}/?hive.server2.transport.mode=https;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive</code>
</td>
+      <td><code>jdbc:hive2://{gateway-host}:{gateway-port}/;ssl=true;sslTrustStore={gateway-trust-store-path};trustStorePassword={gateway-trust-store-password}?hive.server2.transport.mode=http;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive</code>
</td>
     </tr>
     <tr>
       <td>Cluster </td>
@@ -2544,23 +2544,20 @@ session.shutdown(10, SECONDS)
   <li>Make sure Hive Server is running in HTTP mode.</li>
   <li>Client side (JDBC):
   <ol>
-    <li>Hive JDBC in HTTP mode depends on following libraries to run successfully(must
be in the classpath):
+    <li>Hive JDBC in HTTP mode depends on following minimal libraries set to run successfully(must
be in the classpath):
     <ul>
-      <li>hadoop-common-2.2.0.2.0.6.0-76.jar;</li>
-      <li>hive-jdbc-0.12.0.2.0.6.0-76.jar;</li>
-      <li>hive-service-0.12.0.2.0.6.0-76.jar;</li>
+      <li>hive-jdbc-0.13.0.jar;</li>
+      <li>hive-service-0.13.0.jar;</li>
       <li>libthrift-0.9.0.jar;</li>
-      <li>httpcore-4.1.4.jar;</li>
-      <li>httpclient-4.1.3.jar;</li>
-      <li>hive-common-0.12.0.2.0.6.0-76.jar;</li>
-      <li>commons-logging-1.1.1.jar;</li>
+      <li>httpcore-4.2.5.jar;</li>
+      <li>httpclient-4.2.5.jar;</li>
+      <li>commons-logging-1.1.3.jar;</li>
+      <li>commons-codec-1.4.jar;</li>
       <li>slf4j-api-1.7.5.jar;</li>
       <li>slf4j-log4j12-1.7.5.jar;</li>
       <li>log4j-1.2.17.jar;</li>
-      <li>commons-codec-1.7.jar;</li>
     </ul></li>
-    <li>Import gateway certificate into the default JRE truststore.  It is located
in the <code>/lib/security/cacerts</code>.  <code>keytool -import -alias
hadoop.gateway -file hadoop.gateway.cer -keystore &lt;java-home&gt;/lib/security/cacerts</code>
 Alternatively you can run your sample with additional parameters:  <code>-Djavax.net.ssl.trustStoreType=JKS
-Djavax.net.ssl.trustStore=&lt;path-to-trust-store&gt; -Djavax.net.ssl.trustStorePassword=&lt;trust-store-password&gt;</code></li>
-    <li>Connection URL has to be following:  <code>jdbc:hive2://{gateway-host}:{gateway-port}/?hive.server2.transport.mode=https;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive</code></li>
+    <li>Connection URL has to be following: <code>jdbc:hive2://{gateway-host}:{gateway-port}/;ssl=true;sslTrustStore={gateway-trust-store-path};trustStorePassword={gateway-trust-store-password}?hive.server2.transport.mode=http;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive</code></li>
     <li>Look at <a href="https://cwiki.apache.org/confluence/display/Hive/GettingStarted#GettingStarted-DDLOperations">https://cwiki.apache.org/confluence/display/Hive/GettingStarted#GettingStarted-DDLOperations</a>
for examples.  Hint: For testing it would be better to execute <code>set hive.security.authorization.enabled=false</code>
as the first statement.  Hint: Good examples of Hive DDL/DML can be found here <a href="http://gettingstarted.hadooponazure.com/hw/hive.html">http://gettingstarted.hadooponazure.com/hw/hive.html</a></li>
   </ol></li>
 </ol><h5><a id="Customization"></a>Customization</h5><p>This
example may need to be tailored to the execution environment. In particular host name, host
port, user name, user password and context path may need to be changed to match your environment.
In particular there is one example file in the distribution that may need to be customized.
Take a moment to review this file. All of the values that may need to be customized can be
found together at the top of the file.</p>
@@ -2588,8 +2585,10 @@ public class HiveJDBCSample {
       String password = user + &quot;-password&quot;;
       String gatewayHost = &quot;localhost&quot;;
       int gatewayPort = 8443;
+      String trustStore = &quot;/usr/lib/knox/data/security/keystores/gateway.jks&quot;;
+      String trustStorePassword = &quot;knoxsecret&quot;;
       String contextPath = &quot;gateway/sandbox/hive&quot;;
-      String connectionString = String.format( &quot;jdbc:hive2://%s:%d/?hive.server2.transport.mode=https;hive.server2.thrift.http.path=%s&quot;,
gatewayHost, gatewayPort, contextPath );
+      String connectionString = String.format( &quot;jdbc:hive2://%s:%d/;ssl=true;sslTrustStore=%s;trustStorePassword=%s?hive.server2.transport.mode=http;hive.server2.thrift.http.path=/%s&quot;,
gatewayHost, gatewayPort, trustStore, trustStorePassword, contextPath );
 
       // load Hive JDBC Driver
       Class.forName( &quot;org.apache.hive.jdbc.HiveDriver&quot; );
@@ -2645,18 +2644,16 @@ public class HiveJDBCSample {
 }
 </code></pre><h6><a id="Groovy"></a>Groovy</h6><p>Make
sure that GATEWAY_HOME/ext directory contains following libraries for successful execution:</p>
 <ul>
-  <li>hadoop-common-2.2.0.2.0.6.0-76.jar;</li>
-  <li>hive-jdbc-0.12.0.2.0.6.0-76.jar;</li>
-  <li>hive-service-0.12.0.2.0.6.0-76.jar;</li>
+  <li>hive-jdbc-0.13.0.jar;</li>
+  <li>hive-service-0.13.0.jar;</li>
   <li>libthrift-0.9.0.jar;</li>
-  <li>httpcore-4.1.4.jar;</li>
-  <li>httpclient-4.1.3.jar;</li>
-  <li>hive-common-0.12.0.2.0.6.0-76.jar;</li>
-  <li>commons-logging-1.1.1.jar;</li>
+  <li>httpcore-4.2.5.jar;</li>
+  <li>httpclient-4.2.5.jar;</li>
+  <li>commons-logging-1.1.3.jar;</li>
+  <li>commons-codec-1.4.jar;</li>
   <li>slf4j-api-1.7.5.jar;</li>
   <li>slf4j-log4j12-1.7.5.jar;</li>
   <li>log4j-1.2.17.jar;</li>
-  <li>commons-codec-1.7.jar;</li>
 </ul><p>There are several ways to execute this sample depending upon your preference.</p><p>You
can use the Groovy interpreter provided with the distribution.</p>
 <pre><code>java -jar bin/shell.jar samples/hive/groovy/jdbc/sandbox/HiveJDBCSample.groovy
 </code></pre><p>You can manually type in the KnoxShell DSL script into
the interactive Groovy interpreter provided with the distribution.</p>
@@ -2668,8 +2665,10 @@ user = &quot;guest&quot;;
 password = user + &quot;-password&quot;;
 gatewayHost = &quot;localhost&quot;;
 gatewayPort = 8443;
+trustStore = &quot;/usr/lib/knox/data/security/keystores/gateway.jks&quot;;
+trustStorePassword = &quot;knoxsecret&quot;;
 contextPath = &quot;gateway/sandbox/hive&quot;;
-connectionString = String.format( &quot;jdbc:hive2://%s:%d/?hive.server2.transport.mode=https;hive.server2.thrift.http.path=%s&quot;,
gatewayHost, gatewayPort, contextPath );
+connectionString = String.format( &quot;jdbc:hive2://%s:%d/;ssl=true;sslTrustStore=%s;trustStorePassword=%s?hive.server2.transport.mode=http;hive.server2.thrift.http.path=/%s&quot;,
gatewayHost, gatewayPort, trustStore, trustStorePassword, contextPath );
 
 // Load Hive JDBC Driver
 Class.forName( &quot;org.apache.hive.jdbc.HiveDriver&quot; );
@@ -2840,7 +2839,7 @@ If this HTTPS server uses a certificate 
  not match the domain name in the URL).
 If you&#39;d like to turn off curl&#39;s verification of the certificate, use
  the -k (or --insecure) option.
-</code></pre><h3><a id="Filing+Bugs"></a>Filing Bugs</h3><p>Bugs
can be filed using <a href="https://issues.apache.org/jira/browse/KNOX">Jira</a>.
Please include the results of this command below in the Environment section. Also include
the version of Hadoop being used in the same section.</p>
+</code></pre><h3><a id="SPNego+Authentication+Issues"></a>SPNego
Authentication Issues</h3><p>Calls from Knox to Secure Hadoop Cluster fails, with
SPNego authentication problems, if there was a TGT for knox in disk cache when Knox was started.</p><p>You
are likely to run into this situation on developer machines where develeoper could have knited
for some testing.</p><p>Work Around: clear TGT of Knox from disk cache ( calling
kdestroy would do it), before starting knox</p><h3><a id="Filing+Bugs"></a>Filing
Bugs</h3><p>Bugs can be filed using <a href="https://issues.apache.org/jira/browse/KNOX">Jira</a>.
Please include the results of this command below in the Environment section. Also include
the version of Hadoop being used in the same section.</p>
 <pre><code>cd {GATEWAY_HOME}
 java -jar bin/gateway.jar -version
 </code></pre></div><div id="Export+Controls"><h2><a id="Export+Controls"></a>Export
Controls</h2><p>Apache Knox Gateway includes cryptographic software. The country
in which you currently reside may have restrictions on the import, possession, use, and/or
re-export to another country, of encryption software. BEFORE using any encryption software,
please check your country&rsquo;s laws, regulations and policies concerning the import,
possession, or use, and re-export of encryption software, to see if this is permitted. See
<a href="http://www.wassenaar.org">http://www.wassenaar.org</a> for more information.</p><p>The
U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified
this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information
security software using or performing cryptographic functions with asymmetric algorithms.
The form and manner of this Apache Software Foundation distribution makes it eligible for
export
  under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the
BIS Export Administration Regulations, Section 740.13) for both object code and source code.</p><p>The
following provides more details on the included cryptographic software:</p>
@@ -2855,5 +2854,4 @@ java -jar bin/gateway.jar -version
   <li>The date and time you access our site;</li>
   <li>The pages you visit; and</li>
   <li>The addresses of pages from where you followed a link to our site.</li>
-</ul><p>Part of this information is gathered using a tracking cookie set by the
<a href="http://www.google.com/analytics/">Google Analytics</a> service. Google&rsquo;s
policy for the use of this information is described in their <a href="http://www.google.com/privacy.html">privacy
policy</a>. See your browser&rsquo;s documentation for instructions on how to disable
the cookie if you prefer not to share this data with Google.</p><p>We use the
gathered information to help us make our site more useful to visitors and to better understand
how and when our site is used. We do not track or collect personally identifiable information
or associate gathered data with any personally identifying information from other sources.</p><p>By
using this website, you consent to the collection of this data in the manner and for the purpose
described above.</p>
-</div></div></div>
+</ul><p>Part of this information is gathered using a tracking cookie set by the
<a href="http://www.google.com/analytics/">Google Analytics</a> service. Google&rsquo;s
policy for the use of this information is described in their <a href="http://www.google.com/privacy.html">privacy
policy</a>. See your browser&rsquo;s documentation for instructions on how to disable
the cookie if you prefer not to share this data with Google.</p><p>We use the
gathered information to help us make our site more useful to visitors and to better understand
how and when our site is used. We do not track or collect personally identifiable information
or associate gathered data with any personally identifying information from other sources.</p><p>By
using this website, you consent to the collection of this data in the manner and for the purpose
described above.</p></div></div></div>

Modified: knox/site/books/knox-0-4-0/knox-0-4-0.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-4-0/knox-0-4-0.html?rev=1587180&r1=1587179&r2=1587180&view=diff
==============================================================================
--- knox/site/books/knox-0-4-0/knox-0-4-0.html (original)
+++ knox/site/books/knox-0-4-0/knox-0-4-0.html Mon Apr 14 10:58:41 2014
@@ -307,7 +307,7 @@ Server: Jetty(6.1.26)
   </ul></li>
   <li>Hive JDBC
   <ul>
-    <li>Gateway: <code>jdbc:hive2://{gateway-host}:{gateway-port}/?hive.server2.transport.mode=https;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive</code></li>
+    <li>Gateway: <code>jdbc:hive2://{gateway-host}:{gateway-port}/;ssl=true;sslTrustStore={gateway-trust-store-path};trustStorePassword={gateway-trust-store-password}?hive.server2.transport.mode=http;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive</code></li>
     <li>Cluster: <code>http://{hive-host}:10001/cliservice</code></li>
   </ul></li>
 </ul><p>The values for <code>{gateway-host}</code>, <code>{gateway-port}</code>,
<code>{gateway-path}</code> are provided via the gateway configuration file (i.e.
<code>{GATEWAY_HOME}/conf/gateway-site.xml</code>).</p><p>The value
for <code>{cluster-name}</code> is derived from the file name of the cluster topology
descriptor (e.g. <code>{GATEWAY_HOME}/deployments/{cluster-name}.xml</code>).</p><p>The
value for <code>{webhdfs-host}</code>, <code>{webhcat-host}</code>,
<code>{oozie-host}</code>, <code>{hbase-host}</code> and <code>{hive-host}</code>
are provided via the cluster topology descriptor (e.g. <code>{GATEWAY_HOME}/deployments/{cluster-name}.xml</code>).</p><p>Note:
The ports 50070, 50111, 11000, 60080 and 10001 are the defaults for WebHDFS, WebHCat, Oozie,
Stargate/HBase and Hive respectively. Their values can also be provided via the cluster topology
descriptor if your Hadoop cluster uses different ports.</p><h3><a id="Configuration"></a>Configuration</h3><h4><a
id="Topolo
 gy+Descriptors"></a>Topology Descriptors</h4><p>The topology descriptor
files provide the gateway with per-cluster configuration information. This includes configuration
for both the providers within the gateway and the services within the Hadoop cluster. These
files are located in <code>{GATEWAY_HOME}/deployments</code>. The general outline
of this document looks like this.</p>
@@ -2530,7 +2530,7 @@ session.shutdown(10, SECONDS)
   <tbody>
     <tr>
       <td>Gateway </td>
-      <td><code>jdbc:hive2://{gateway-host}:{gateway-port}/?hive.server2.transport.mode=https;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive</code>
</td>
+      <td><code>jdbc:hive2://{gateway-host}:{gateway-port}/;ssl=true;sslTrustStore={gateway-trust-store-path};trustStorePassword={gateway-trust-store-password}?hive.server2.transport.mode=http;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive</code>
</td>
     </tr>
     <tr>
       <td>Cluster </td>
@@ -2544,23 +2544,20 @@ session.shutdown(10, SECONDS)
   <li>Make sure Hive Server is running in HTTP mode.</li>
   <li>Client side (JDBC):
   <ol>
-    <li>Hive JDBC in HTTP mode depends on following libraries to run successfully(must
be in the classpath):
+    <li>Hive JDBC in HTTP mode depends on following minimal libraries set to run successfully(must
be in the classpath):
     <ul>
-      <li>hadoop-common-2.2.0.2.0.6.0-76.jar;</li>
-      <li>hive-jdbc-0.12.0.2.0.6.0-76.jar;</li>
-      <li>hive-service-0.12.0.2.0.6.0-76.jar;</li>
+      <li>hive-jdbc-0.13.0.jar;</li>
+      <li>hive-service-0.13.0.jar;</li>
       <li>libthrift-0.9.0.jar;</li>
-      <li>httpcore-4.1.4.jar;</li>
-      <li>httpclient-4.1.3.jar;</li>
-      <li>hive-common-0.12.0.2.0.6.0-76.jar;</li>
-      <li>commons-logging-1.1.1.jar;</li>
+      <li>httpcore-4.2.5.jar;</li>
+      <li>httpclient-4.2.5.jar;</li>
+      <li>commons-logging-1.1.3.jar;</li>
+      <li>commons-codec-1.4.jar;</li>
       <li>slf4j-api-1.7.5.jar;</li>
       <li>slf4j-log4j12-1.7.5.jar;</li>
       <li>log4j-1.2.17.jar;</li>
-      <li>commons-codec-1.7.jar;</li>
     </ul></li>
-    <li>Import gateway certificate into the default JRE truststore.  It is located
in the <code>/lib/security/cacerts</code>.  <code>keytool -import -alias
hadoop.gateway -file hadoop.gateway.cer -keystore &lt;java-home&gt;/lib/security/cacerts</code>
 Alternatively you can run your sample with additional parameters:  <code>-Djavax.net.ssl.trustStoreType=JKS
-Djavax.net.ssl.trustStore=&lt;path-to-trust-store&gt; -Djavax.net.ssl.trustStorePassword=&lt;trust-store-password&gt;</code></li>
-    <li>Connection URL has to be following:  <code>jdbc:hive2://{gateway-host}:{gateway-port}/?hive.server2.transport.mode=https;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive</code></li>
+    <li>Connection URL has to be following: <code>jdbc:hive2://{gateway-host}:{gateway-port}/;ssl=true;sslTrustStore={gateway-trust-store-path};trustStorePassword={gateway-trust-store-password}?hive.server2.transport.mode=http;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive</code></li>
     <li>Look at <a href="https://cwiki.apache.org/confluence/display/Hive/GettingStarted#GettingStarted-DDLOperations">https://cwiki.apache.org/confluence/display/Hive/GettingStarted#GettingStarted-DDLOperations</a>
for examples.  Hint: For testing it would be better to execute <code>set hive.security.authorization.enabled=false</code>
as the first statement.  Hint: Good examples of Hive DDL/DML can be found here <a href="http://gettingstarted.hadooponazure.com/hw/hive.html">http://gettingstarted.hadooponazure.com/hw/hive.html</a></li>
   </ol></li>
 </ol><h5><a id="Customization"></a>Customization</h5><p>This
example may need to be tailored to the execution environment. In particular host name, host
port, user name, user password and context path may need to be changed to match your environment.
In particular there is one example file in the distribution that may need to be customized.
Take a moment to review this file. All of the values that may need to be customized can be
found together at the top of the file.</p>
@@ -2588,8 +2585,10 @@ public class HiveJDBCSample {
       String password = user + &quot;-password&quot;;
       String gatewayHost = &quot;localhost&quot;;
       int gatewayPort = 8443;
+      String trustStore = &quot;/usr/lib/knox/data/security/keystores/gateway.jks&quot;;
+      String trustStorePassword = &quot;knoxsecret&quot;;
       String contextPath = &quot;gateway/sandbox/hive&quot;;
-      String connectionString = String.format( &quot;jdbc:hive2://%s:%d/?hive.server2.transport.mode=https;hive.server2.thrift.http.path=%s&quot;,
gatewayHost, gatewayPort, contextPath );
+      String connectionString = String.format( &quot;jdbc:hive2://%s:%d/;ssl=true;sslTrustStore=%s;trustStorePassword=%s?hive.server2.transport.mode=http;hive.server2.thrift.http.path=/%s&quot;,
gatewayHost, gatewayPort, trustStore, trustStorePassword, contextPath );
 
       // load Hive JDBC Driver
       Class.forName( &quot;org.apache.hive.jdbc.HiveDriver&quot; );
@@ -2645,18 +2644,16 @@ public class HiveJDBCSample {
 }
 </code></pre><h6><a id="Groovy"></a>Groovy</h6><p>Make
sure that GATEWAY_HOME/ext directory contains following libraries for successful execution:</p>
 <ul>
-  <li>hadoop-common-2.2.0.2.0.6.0-76.jar;</li>
-  <li>hive-jdbc-0.12.0.2.0.6.0-76.jar;</li>
-  <li>hive-service-0.12.0.2.0.6.0-76.jar;</li>
+  <li>hive-jdbc-0.13.0.jar;</li>
+  <li>hive-service-0.13.0.jar;</li>
   <li>libthrift-0.9.0.jar;</li>
-  <li>httpcore-4.1.4.jar;</li>
-  <li>httpclient-4.1.3.jar;</li>
-  <li>hive-common-0.12.0.2.0.6.0-76.jar;</li>
-  <li>commons-logging-1.1.1.jar;</li>
+  <li>httpcore-4.2.5.jar;</li>
+  <li>httpclient-4.2.5.jar;</li>
+  <li>commons-logging-1.1.3.jar;</li>
+  <li>commons-codec-1.4.jar;</li>
   <li>slf4j-api-1.7.5.jar;</li>
   <li>slf4j-log4j12-1.7.5.jar;</li>
   <li>log4j-1.2.17.jar;</li>
-  <li>commons-codec-1.7.jar;</li>
 </ul><p>There are several ways to execute this sample depending upon your preference.</p><p>You
can use the Groovy interpreter provided with the distribution.</p>
 <pre><code>java -jar bin/shell.jar samples/hive/groovy/jdbc/sandbox/HiveJDBCSample.groovy
 </code></pre><p>You can manually type in the KnoxShell DSL script into
the interactive Groovy interpreter provided with the distribution.</p>
@@ -2668,8 +2665,10 @@ user = &quot;guest&quot;;
 password = user + &quot;-password&quot;;
 gatewayHost = &quot;localhost&quot;;
 gatewayPort = 8443;
+trustStore = &quot;/usr/lib/knox/data/security/keystores/gateway.jks&quot;;
+trustStorePassword = &quot;knoxsecret&quot;;
 contextPath = &quot;gateway/sandbox/hive&quot;;
-connectionString = String.format( &quot;jdbc:hive2://%s:%d/?hive.server2.transport.mode=https;hive.server2.thrift.http.path=%s&quot;,
gatewayHost, gatewayPort, contextPath );
+connectionString = String.format( &quot;jdbc:hive2://%s:%d/;ssl=true;sslTrustStore=%s;trustStorePassword=%s?hive.server2.transport.mode=http;hive.server2.thrift.http.path=/%s&quot;,
gatewayHost, gatewayPort, trustStore, trustStorePassword, contextPath );
 
 // Load Hive JDBC Driver
 Class.forName( &quot;org.apache.hive.jdbc.HiveDriver&quot; );
@@ -2840,7 +2839,7 @@ If this HTTPS server uses a certificate 
  not match the domain name in the URL).
 If you&#39;d like to turn off curl&#39;s verification of the certificate, use
  the -k (or --insecure) option.
-</code></pre><h3><a id="Filing+Bugs"></a>Filing Bugs</h3><p>Bugs
can be filed using <a href="https://issues.apache.org/jira/browse/KNOX">Jira</a>.
Please include the results of this command below in the Environment section. Also include
the version of Hadoop being used in the same section.</p>
+</code></pre><h3><a id="SPNego+Authentication+Issues"></a>SPNego
Authentication Issues</h3><p>Calls from Knox to Secure Hadoop Cluster fails, with
SPNego authentication problems, if there was a TGT for knox in disk cache when Knox was started.</p><p>You
are likely to run into this situation on developer machines where develeoper could have knited
for some testing.</p><p>Work Around: clear TGT of Knox from disk cache ( calling
kdestroy would do it), before starting knox</p><h3><a id="Filing+Bugs"></a>Filing
Bugs</h3><p>Bugs can be filed using <a href="https://issues.apache.org/jira/browse/KNOX">Jira</a>.
Please include the results of this command below in the Environment section. Also include
the version of Hadoop being used in the same section.</p>
 <pre><code>cd {GATEWAY_HOME}
 java -jar bin/gateway.jar -version
 </code></pre><h2><a id="Export+Controls"></a>Export Controls</h2><p>Apache
Knox Gateway includes cryptographic software. The country in which you currently reside may
have restrictions on the import, possession, use, and/or re-export to another country, of
encryption software. BEFORE using any encryption software, please check your country&rsquo;s
laws, regulations and policies concerning the import, possession, or use, and re-export of
encryption software, to see if this is permitted. See <a href="http://www.wassenaar.org">http://www.wassenaar.org</a>
for more information.</p><p>The U.S. Government Department of Commerce, Bureau
of Industry and Security (BIS), has classified this software as Export Commodity Control Number
(ECCN) 5D002.C.1, which includes information security software using or performing cryptographic
functions with asymmetric algorithms. The form and manner of this Apache Software Foundation
distribution makes it eligible for export under the License Exception ENC
  Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations,
Section 740.13) for both object code and source code.</p><p>The following provides
more details on the included cryptographic software:</p>

Modified: knox/site/index.html
URL: http://svn.apache.org/viewvc/knox/site/index.html?rev=1587180&r1=1587179&r2=1587180&view=diff
==============================================================================
--- knox/site/index.html (original)
+++ knox/site/index.html Mon Apr 14 10:58:41 2014
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Apr 12, 2014 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Apr 14, 2014 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20140412" />
+    <meta name="Date-Revision-yyyymmdd" content="20140414" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2014-04-12</span>
+                &nbsp;| <span id="publishDate">Last Published: 2014-04-14</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: knox/site/issue-tracking.html
URL: http://svn.apache.org/viewvc/knox/site/issue-tracking.html?rev=1587180&r1=1587179&r2=1587180&view=diff
==============================================================================
--- knox/site/issue-tracking.html (original)
+++ knox/site/issue-tracking.html Mon Apr 14 10:58:41 2014
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Apr 12, 2014 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Apr 14, 2014 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20140412" />
+    <meta name="Date-Revision-yyyymmdd" content="20140414" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2014-04-12</span>
+                &nbsp;| <span id="publishDate">Last Published: 2014-04-14</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: knox/site/license.html
URL: http://svn.apache.org/viewvc/knox/site/license.html?rev=1587180&r1=1587179&r2=1587180&view=diff
==============================================================================
--- knox/site/license.html (original)
+++ knox/site/license.html Mon Apr 14 10:58:41 2014
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Apr 12, 2014 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Apr 14, 2014 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20140412" />
+    <meta name="Date-Revision-yyyymmdd" content="20140414" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2014-04-12</span>
+                &nbsp;| <span id="publishDate">Last Published: 2014-04-14</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: knox/site/mail-lists.html
URL: http://svn.apache.org/viewvc/knox/site/mail-lists.html?rev=1587180&r1=1587179&r2=1587180&view=diff
==============================================================================
--- knox/site/mail-lists.html (original)
+++ knox/site/mail-lists.html Mon Apr 14 10:58:41 2014
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Apr 12, 2014 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Apr 14, 2014 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20140412" />
+    <meta name="Date-Revision-yyyymmdd" content="20140414" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2014-04-12</span>
+                &nbsp;| <span id="publishDate">Last Published: 2014-04-14</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: knox/site/project-info.html
URL: http://svn.apache.org/viewvc/knox/site/project-info.html?rev=1587180&r1=1587179&r2=1587180&view=diff
==============================================================================
--- knox/site/project-info.html (original)
+++ knox/site/project-info.html Mon Apr 14 10:58:41 2014
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Apr 12, 2014 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Apr 14, 2014 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20140412" />
+    <meta name="Date-Revision-yyyymmdd" content="20140414" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2014-04-12</span>
+                &nbsp;| <span id="publishDate">Last Published: 2014-04-14</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: knox/site/team-list.html
URL: http://svn.apache.org/viewvc/knox/site/team-list.html?rev=1587180&r1=1587179&r2=1587180&view=diff
==============================================================================
--- knox/site/team-list.html (original)
+++ knox/site/team-list.html Mon Apr 14 10:58:41 2014
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Apr 12, 2014 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Apr 14, 2014 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20140412" />
+    <meta name="Date-Revision-yyyymmdd" content="20140414" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2014-04-12</span>
+                &nbsp;| <span id="publishDate">Last Published: 2014-04-14</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: knox/trunk/books/0.4.0/book_gateway-details.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.4.0/book_gateway-details.md?rev=1587180&r1=1587179&r2=1587180&view=diff
==============================================================================
--- knox/trunk/books/0.4.0/book_gateway-details.md (original)
+++ knox/trunk/books/0.4.0/book_gateway-details.md Mon Apr 14 10:58:41 2014
@@ -41,7 +41,7 @@ The actual port number may be different 
     * Gateway: `https://{gateway-host}:{gateway-port}/{gateway-path}/{cluster-name}/hbase`
     * Cluster: `http://{hbase-host}:60080`
 * Hive JDBC
-    * Gateway: `jdbc:hive2://{gateway-host}:{gateway-port}/?hive.server2.transport.mode=https;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive`
+    * Gateway: `jdbc:hive2://{gateway-host}:{gateway-port}/;ssl=true;sslTrustStore={gateway-trust-store-path};trustStorePassword={gateway-trust-store-password}?hive.server2.transport.mode=http;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive`
     * Cluster: `http://{hive-host}:10001/cliservice`
 
 The values for `{gateway-host}`, `{gateway-port}`, `{gateway-path}` are provided via the
gateway configuration file (i.e. `{GATEWAY_HOME}/conf/gateway-site.xml`).

Modified: knox/trunk/books/0.4.0/service_hive.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.4.0/service_hive.md?rev=1587180&r1=1587179&r2=1587180&view=diff
==============================================================================
--- knox/trunk/books/0.4.0/service_hive.md (original)
+++ knox/trunk/books/0.4.0/service_hive.md Mon Apr 14 10:58:41 2014
@@ -66,7 +66,7 @@ By default the gateway is configured to 
 #### Hive JDBC URL Mapping ####
 
 | ------- | -------------------------------------------------------------------------------
|
-| Gateway | `jdbc:hive2://{gateway-host}:{gateway-port}/?hive.server2.transport.mode=https;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive`
|
+| Gateway | `jdbc:hive2://{gateway-host}:{gateway-port}/;ssl=true;sslTrustStore={gateway-trust-store-path};trustStorePassword={gateway-trust-store-password}?hive.server2.transport.mode=http;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive`
|
 | Cluster | `http://{hive-host}:{hive-port}/{hive-path}`                               |
 
 #### Hive Examples ####
@@ -79,27 +79,20 @@ This guide provides detailed examples fo
 2. Make sure Hive Server is running on the correct port.
 3. Make sure Hive Server is running in HTTP mode.
 4. Client side (JDBC):
-    1. Hive JDBC in HTTP mode depends on following libraries to run successfully(must be
in the classpath):
-        * hadoop-common-2.2.0.2.0.6.0-76.jar;
-        * hive-jdbc-0.12.0.2.0.6.0-76.jar;
-        * hive-service-0.12.0.2.0.6.0-76.jar;
-        * libthrift-0.9.0.jar;
-        * httpcore-4.1.4.jar;
-        * httpclient-4.1.3.jar;
-        * hive-common-0.12.0.2.0.6.0-76.jar;
-        * commons-logging-1.1.1.jar;
-        * slf4j-api-1.7.5.jar;
-        * slf4j-log4j12-1.7.5.jar;
-        * log4j-1.2.17.jar;
-        * commons-codec-1.7.jar;
-    2. Import gateway certificate into the default JRE truststore.
-       It is located in the `/lib/security/cacerts`.
-          `keytool -import -alias hadoop.gateway -file hadoop.gateway.cer -keystore <java-home>/lib/security/cacerts`
-       Alternatively you can run your sample with additional parameters:
-          `-Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStore=<path-to-trust-store>
-Djavax.net.ssl.trustStorePassword=<trust-store-password>`
-    3. Connection URL has to be following:
-       `jdbc:hive2://{gateway-host}:{gateway-port}/?hive.server2.transport.mode=https;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive`
-    4. Look at https://cwiki.apache.org/confluence/display/Hive/GettingStarted#GettingStarted-DDLOperations
for examples.
+     1. Hive JDBC in HTTP mode depends on following minimal libraries set to run successfully(must
be in the classpath):
+         * hive-jdbc-0.13.0.jar;
+         * hive-service-0.13.0.jar;
+         * libthrift-0.9.0.jar;
+         * httpcore-4.2.5.jar;
+         * httpclient-4.2.5.jar;
+         * commons-logging-1.1.3.jar;
+         * commons-codec-1.4.jar;
+         * slf4j-api-1.7.5.jar;
+         * slf4j-log4j12-1.7.5.jar;
+         * log4j-1.2.17.jar;
+     2. Connection URL has to be following:
+        `jdbc:hive2://{gateway-host}:{gateway-port}/;ssl=true;sslTrustStore={gateway-trust-store-path};trustStorePassword={gateway-trust-store-password}?hive.server2.transport.mode=http;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive`
+     3. Look at https://cwiki.apache.org/confluence/display/Hive/GettingStarted#GettingStarted-DDLOperations
for examples.
        Hint: For testing it would be better to execute `set hive.security.authorization.enabled=false`
as the first statement.
        Hint: Good examples of Hive DDL/DML can be found here http://gettingstarted.hadooponazure.com/hw/hive.html
 
@@ -140,8 +133,10 @@ Sample example for creating new table, l
           String password = user + "-password";
           String gatewayHost = "localhost";
           int gatewayPort = 8443;
+          String trustStore = "/usr/lib/knox/data/security/keystores/gateway.jks";
+          String trustStorePassword = "knoxsecret";
           String contextPath = "gateway/sandbox/hive";
-          String connectionString = String.format( "jdbc:hive2://%s:%d/?hive.server2.transport.mode=https;hive.server2.thrift.http.path=%s",
gatewayHost, gatewayPort, contextPath );
+          String connectionString = String.format( "jdbc:hive2://%s:%d/;ssl=true;sslTrustStore=%s;trustStorePassword=%s?hive.server2.transport.mode=http;hive.server2.thrift.http.path=/%s",
gatewayHost, gatewayPort, trustStore, trustStorePassword, contextPath );
 
           // load Hive JDBC Driver
           Class.forName( "org.apache.hive.jdbc.HiveDriver" );
@@ -200,18 +195,16 @@ Sample example for creating new table, l
 
 Make sure that GATEWAY_HOME/ext directory contains following libraries for successful execution:
 
-- hadoop-common-2.2.0.2.0.6.0-76.jar;
-- hive-jdbc-0.12.0.2.0.6.0-76.jar;
-- hive-service-0.12.0.2.0.6.0-76.jar;
+- hive-jdbc-0.13.0.jar;
+- hive-service-0.13.0.jar;
 - libthrift-0.9.0.jar;
-- httpcore-4.1.4.jar;
-- httpclient-4.1.3.jar;
-- hive-common-0.12.0.2.0.6.0-76.jar;
-- commons-logging-1.1.1.jar;
+- httpcore-4.2.5.jar;
+- httpclient-4.2.5.jar;
+- commons-logging-1.1.3.jar;
+- commons-codec-1.4.jar;
 - slf4j-api-1.7.5.jar;
 - slf4j-log4j12-1.7.5.jar;
 - log4j-1.2.17.jar;
-- commons-codec-1.7.jar;
 
 There are several ways to execute this sample depending upon your preference.
 
@@ -231,8 +224,10 @@ Each line from the file below will need 
     password = user + "-password";
     gatewayHost = "localhost";
     gatewayPort = 8443;
+    trustStore = "/usr/lib/knox/data/security/keystores/gateway.jks";
+    trustStorePassword = "knoxsecret";
     contextPath = "gateway/sandbox/hive";
-    connectionString = String.format( "jdbc:hive2://%s:%d/?hive.server2.transport.mode=https;hive.server2.thrift.http.path=%s",
gatewayHost, gatewayPort, contextPath );
+    connectionString = String.format( "jdbc:hive2://%s:%d/;ssl=true;sslTrustStore=%s;trustStorePassword=%s?hive.server2.transport.mode=http;hive.server2.thrift.http.path=/%s",
gatewayHost, gatewayPort, trustStore, trustStorePassword, contextPath );
 
     // Load Hive JDBC Driver
     Class.forName( "org.apache.hive.jdbc.HiveDriver" );



Mime
View raw message