How to add truststore to classpath in Hive

Hi,

According to documentation, es.net.ssl.truststore.location is trust store location (typically a URL, without a prefix it is interpreted as a classpath entry)

My question is how to add a truststore in a hive cli job classpath.
I tried the following solutions, none is working:

  • ADD JAR truststore.jks - hive cli command (According to hive cli docs, ADD JAR resources are also added to the Java classpath.) (I've loaded with ADD JAR a jar and is loaded ok).
  • hive.aux.jars.path - setting in hive-site.xml (I've set this to a hdfs location, where I put all the jars needed for the job and the truststore.jks. All jars were loaded correctly, but truststore.jks was not found in classpath, according to es-hadoop plugin).

Also, all the examples I've found were with file://, but none of them were showing how to load this file from classpath.

If the truststore location is formatted with file:// at the start, then ES-Hadoop expects that file to exist on every Hadoop machine in the cluster at that location. If the truststore location is just a file path, then ES-Hadoop expects to find the file via Java's resource location methods (aka, the file is on the classpath for each java program that Hive orchestrates to run the query). Usually, this means that just the file name is needed if it's on the classpath, unless the truststore exists in a jar under multiple directories.

I'm not sure if Hive does some strange parsing to ensure only jar files are added from the jars path or from the ADD JAR command. According to the Hive docs, the ADD JAR command should be all you need to get a file on the classpath. I would double check to make sure that you are using just the keystore's name in your settings, and that it matches up correctly with what is added to Hive. If that continues to not work it's possible that Hive has an issue with accepting the keystore file. You could always fall back to distributing the file across the nodes yourself and using the file:// prefix to find it.