Version: 1.17.1

Configuring the Hive Migrator service

The Hive Migrator service is responsible for communication between agents and migration of metadata.

Find details here for configuring the Hive Migrator service.

Security#

Basic authentication#

important

When basic authentication is enabled on Hive Migrator, update the LiveData UI with the credentials to maintain functionality.

Edit application.yaml#

Follow these steps to enable basic authentication on the Hive Migrator REST API:

Open /etc/wandisco/hivemigrator/application.yaml
In the security section, ensure enabled: is set to "true". For example,
Ensure the enabled parameter is true
```
micronaut:
  security:    enabled: true
```
Save and close the file.

Edit hive-migrator.yaml#

Apply these steps if basic authentication is enabled on the LiveData Migrator REST API

Open /etc/wandisco/hivemigrator/hive-migrator.yaml.
In the LiveDataMigrator block, add username and password. Both credentials should match those used for LiveData Migrator core.
Example
```
  integration:  liveDataMigrator:   port: 18080   useSsl: false   username: "admin"   password: "password"
```
Add properties, username, and password to the integration section.
Don't indent: these are top-level properties. Use your LiveData Migrator username so that you only need to authenticate once when connecting through the CLI.
The password string needs to be encrypted using a bcrypt generator that provides a "2a" prefix at the beginning of the encrypted password.
Example
```
integration:liveDataMigrator: port: 18080 useSsl: false username: "admin" password: "password"storagePath: /opt/wandisco/hivemigrator/hivemigrator.dbusername: "admin"password: "$2a$10$3gc/9QTnGQQj51e0YRAK.OAplbj4A9S4sx7rRpMSOSpb5UrLW2p/."
```
Restart the Hive Migrator service to enable the new configuration:
```
service hivemigrator restart
```
tip
The username and password values can be changed without having to restart the Hive Migrator service. They will become active once you have saved the file.

Connecting to Hive Migrator with basic authentication#

note

Follow these steps if you have used different credentials for LiveData Migrator and Hive Migrator, or if basic authentication is not enabled on LiveData Migrator.

If you have used the same credentials for both services, this step is not required.

When basic authentication is enabled, provide the username and password when prompted to connect to Hive Migrator through the CLI:

Example

  connect hivemigrator localhost: trying to connect...Username: adminPassword: ***********Connected to hivemigrator v1.2.1-428 on http://localhost:6780.

The username and password will also be required when accessing the Hive Migrator REST API directly.

TLS certificates#

When deploying a remote agent (for example: Azure SQL or AWS Glue), a TLS connection will be established by default between Hive Migrator and the remote agent.

Certificates (and keys) are automatically generated for this connection for both Hive Migrator and the remote agent. These are placed in the following directories:

Hive Migrator - Client and Root CA certificates

/etc/wandisco/hivemigrator/client-key.pem/etc/wandisco/hivemigrator/client-cert.pem/etc/wandisco/hivemigrator/ca-cert.pem/etc/wandisco/hivemigrator/ca-key.pem/etc/wandisco/hivemigrator/ca-cert.srl

Remote agent - Server and Root CA certificates

/etc/wandisco/hivemigrator-remote-server/server-key.pem/etc/wandisco/hivemigrator-remote-server/server-cert.pem/etc/wandisco/hivemigrator-remote-server/ca-cert.pem

You can generate new certificates at any time or upload your own.

Generate new certificates#

important

You must generate new certificates for Hive Migrator and all remote agents that are connected.

Generating certificates for just one of these components will break existing connections.

Generate new certificates and keys by using the following Hive Migrator REST API endpoints:

Hive Migrator

POST /config/certificates/generate

Remote agent

POST /agents/{name}/certificates/generate

The remote agent service will automatically restart when new certificates are generated this way. The Hive Migrator service does not require a restart to start using new certificates.

Upload your own certificates#

important

Make sure the correct certificates and keys are uploaded for Hive Migrator and all remote agents that are connected.

Existing connections will break if the trust relationship is not established between Hive Migrator and remote agents.

Upload certificates and keys by using the following Hive Migrator REST API endpoints:

Hive Migrator

POST /config/certificates/upload

Remote agent

POST /agents/{name}/certificates/upload

The remote agent service will automatically restart when new certificates are uploaded this way. The Hive Migrator service does not require a restart to start using new certificates.

Directory structure#

The following directories are used for Hive Migrator:

Location	Content
`/var/log/wandisco/hivemigrator`	Logs
`/etc/wandisco/hivemigrator`	Configuration files
`/opt/wandisco/hivemigrator`	Java archive files
`/var/run/hivemigrator`	Runtime files

Remote servers#

The following directories are used for Hive Migrator remote servers (remote agents):

Location	Content
`/var/log/wandisco/hivemigrator-remote-server`	Logs
`/etc/wandisco/hivemigrator-remote-server`	Configuration files
`/opt/wandisco/hivemigrator-remote-server`	Java archive files
`/var/run/hivemigrator-remote-server`	Runtime files