9 Configuring Oracle GoldenGate Veridata Agent Using Kerberos to Connect to Hive

To configure Oracle GoldenGate Veridata Agent using Kerberos to connect to Hive database:

  1. Complete the steps detailed in Deploying and Configuring Oracle GoldenGate Veridata Agent.
  2. Obtain the Kerberos configuration file from the kerberos server, for example, krb5.conf.
  3. Copy the Kerberos configuration file in the OS default location. For example, in Linux, it is /etc/.
  4. For Hive specific configurations, review MIDDLEWARE_HOME/veridata/agent/sample_properties/agent.properties.hive.
  5. Obtain the the keytab file from Kerberos enabled Hive environment.
  6. Copy the keytab file into the Oracle GoldenGate Veridata Agent deploy directory.
  7. In the agent.properties file, add/uncomment, and edit the entries hive.kerberos.keytab.file.name and enter the keytab file name.
  8. Edit agent.properties and add the database.url. For Kerberos authentication principal argument is required . For example, in a Cloudera Hive following is the jdbc url: syntaxdatabase.url=jdbc:hive2://HiveServerHost:10000/default;principal=hive/HiveServerHost@YOUR-REALM.COM.
  9. Edit agent.properties.hive and add the server.jdbcDriver appropriately. For example, for Cloudera Hive:
    server.jdbcDriver=commons-collections-3.2.1.jar hadoop-common-2.4.1.jar
hive-service-0.14.0.jar hadoop-mapreduce-client-core-2.4.1.jar hive-shims-common-0.14.0.jar
commons-logging-1.1.3.jar hive-exec-0.14.0.jar log4j-1.2.17.jar hive-jdbc-0.14.0-standalone.jar
slf4j-api-1.7.5.jar hadoop-auth-2.4.1.jar hive-metastore-0.14.0.jar slf4j-log4j12-1.7.5.jar
commons-configuration-1.6.jar commons-dbcp2-2.5.0.jar commons-pool2-2.6.0.jar

    Obtain the appropriate versions of these jars from Hive environment.

  10. Initiate an initial ticket granting ticket for the principal using kinit. Go to the agent installation directory and run kinit and verify using:
    klist: kinit
-k -t  {keytab file}  {principal name}

    Note:

    For auto renewal of Kerberos ticket, add the hive.kerberos.principal.override property in the agent.properties file as follows: hive.kerberos.principal.override=<Principal name>. If you do not mention the Principal name, then Oracle GoldenGate Veridata uses the principal name form the database.url.
  11. Start the Oracle GoldenGate Veridata Agent.
  12. Verify connection in UI.

    Note:

    In case you have permission-related issues, you may have to enter the Hadoop username and password in Database details. First, try without using the username and password.