Oracle Cloud Infrastructure Documentation

Connecting to Secure Clusters with Kerberos and SSL Enabled Using Spark3 Thrift Server

  1. Create a Kerberos directory on a local system that's an SSL enabled ODH cluster for Hive.
  2. Copy spark.service.keytab from mn0 node (Spark3 Thrift Server node) of the ODH cluster to the Kerberos directory, and then rename it to oac.keytab.
  3. Copy /etc/krb5.conf from mn0 node of the ODH cluster to the Kerberos directory and rename it to krb5conf.
  4. Update admin_server and kdc information in krb5conf with the public IP of cluster's mn0 node instead of hostname.
  5. Create a file named service_details.json inside Kerberos directory. For example: 
    {
 "Host" : "<Public IP of Spark3 Thrift Server node(mn0)>",
 "Port" : "10000",
 "ServicePrincipalName" : "spark/<FQDN of Spark3 Thrift Server node(mn0)>@<REALM_NAME>"
}
  6. Create a zip for the Kerberos directory. For example: 
    $ ls -1 kerberos
krb5conf
oac.keytab
service_details.json
$ zip -r spark3tskerb.zip kerberos/*
  7. To create a connection for Kerberos enabled ODH Open the navigation menu and click Analytics & AI. Under Analytics, click Analytics Cloud.
  8. To connect to an Oracle Analytics Cloud instance, select the compartment in which you created the instance.

    If needed, create an instance. See Creating an OAC Instance.

  9. Click the instance name.
  10. Click Analytics Home Page.
  11. Click Create, and then select Connection.
  12. Select Spark.
  13. Enter a name for the connection, and then enter the remaining details with the following specifics:
    • Authentication Type - Select Kerberos
    • Client Credentials - Select spark3tskerb.zip from the local system
    • Authentication - Select Always use these credentials
  14. Click Save.
  15. To verify the connection, go to the OAC home page and click Connect to Your Data.
  16. Click the connection you created.
    If successful, the Apache Hive database tables are listed.