bhausmann887116

Connecting to Impala with Kerberos Authentication

Discussion created by bhausmann887116 on Oct 26, 2018

Because the current Hadoop, HDFS, and Database connectors don't offer Kerberos authentication we had to find a way around this in order to read/write data into our Enterprise Data Hub. We were able to connect to Impala and successfully run SQL queries using Kerberos Authentication, this is how we were able to accomplish it:

 

  1. Created Boomi Database Connector with:
    1. Driver Type: Custom
    2. Class Name: com.cloudera.impala.jdbc41.Driver
    3. Connection URL: jdbc:impala://{url}:{port}/default;AuthMech=1;KrbRealm={krbrealm};KrbHostFQDN={krbhost};KrbServiceName=impala;SSL=1;AllowSelfSignedServerCert=1;AllowHostNameCNMismatch=1
  2. Downloaded Impala JDBC Connector
  3. Unzipped and uploaded ImpalaJDBC41.jar file to Boomi Setup -> Account Libraries
  4. On Windows Machine running Boomi Local Atom: Place ImpalaJDBC41.jar into
    1. C:\Program Files\Boomi AtomSphere\LocalAtom\userlib\database
  5. On Windows Machine running  Boomi Local Atom: install kerberos
  6. Log into Kerberos and generated ticket for user
  7. Add Krb5.conf file to
    1. C:\Program Files\Boomi AtomSphere\LocalAtom\jre\lib\security
  8. Replaced existing local_policy.jar and US_export_policy.jar files with current version in same security directory
  9. Placed jssecacerts file into same security directory
  10. Restarted Local Atom in Boomi
  11. Ran Process and Successful run Impala returned query with kerberos auth

 

 

 

Few notes:

  • Used a local atom
  • jssecacerts is not required if your impala endpoints either don’t have SSL or have SSL certs signed by official CAs
  • We were able to connect to a single node, had issues connecting with the load balancer and are working to get that fixed.

cloudera hdfs connector impala cloudera local atom kerberos jdbc database connection

Outcomes