Reply
New Contributor
Posts: 5
Registered: ‎06-03-2016

CDM Connect to MySQL 5.7.17 Error

[ Edited ]

Hi All,

 

Cloudera Manager Server connect to MySQL retunt below error, How handle?

 

- Error Message ---------------------------------------------------------------------------

JAVA_HOME=/usr/java/jdk1.8.0_121
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=256m; support was removed in 8.0
Sun Apr 16 21:16:08 EDT 2017 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5 .5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existi ng applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting use SSL=false, or set useSSL=true and provide truststore for server certificate verification.

-------------------------------------------------------------------------------------------

 

1)Base environment

---------------------------------------------------------------------------------------------

# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)

 

#rpm -qa | grep cloudera
cloudera-manager-server-5.10.1-1.cm5101.p0.6.el7.x86_64
cloudera-manager-agent-5.10.1-1.cm5101.p0.6.el7.x86_64
cloudera-manager-daemons- 5.10.1-1.cm5101.p0.6.el7.x86_64

 
# mysql -V
mysql Ver 14.14 Distrib 5.7.17, for Linux (x86_64) using EditLine wrapper

 

2)MySQL Config

-----------------------------------------------------------------------------------

# egrep -v "^#|^$" /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
validate-password=off
transaction-isolation = READ-COMMITTED
key_buffer_size = 32M
max_allowed_packet = 32M
thread_stack = 256K
thread_cache_size = 64
query_cache_limit = 8M
query_cache_size = 64M
query_cache_type = 1
max_connections = 550
log_bin=/var/lib/mysql/mysql_binary_log
server-id=1
binlog_format = mixed
read_buffer_size = 2M
read_rnd_buffer_size = 16M
sort_buffer_size = 8M
join_buffer_size = 8M
innodb_file_per_table = 1
innodb_flush_log_at_trx_commit = 2
innodb_log_buffer_size = 64M
innodb_buffer_pool_size = 4G
innodb_thread_concurrency = 8
innodb_flush_method = O_DIRECT
innodb_log_file_size = 512M
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
sql_mode=STRICT_ALL_TABLES
ssl-ca=/var/lib/mysql/ca.pem
ssl-cert=/var/lib/mysql/client-cert.pem
ssl-key=/var/lib/mysql/client-key.pem
[mysql]
ssl-ca=/var/lib/mysql/ca.pem
ssl-cert=/var/lib/mysql/client-cert.pem
ssl-key=/var/lib/mysql/client-key.pem

 

3) MySQL Grants

mysql> select user,host,ssl_type,ssl_cipher,authentication_string from mysql.user;
+-----------+--------------------+----------+------------+-------------------------------------------+
| user | host | ssl_type | ssl_cipher | authentication_string |
+-----------+--------------------+----------+------------+-------------------------------------------+
| root | localhost | | | *7918C8B595689CA6E4F49F271EF9369C29451AF1 |
| mysql.sys | localhost | | | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| scm | hd01.cmdschool.org | | | *45E6E3C68BDF1AC7EBB5C5A3BCBD5E9437B293BE |
+-----------+--------------------+----------+------------+-------------------------------------------+
4 rows in set (0.00 sec)

 

mysql> show grants for scm@'hd01.cmdschool.org';
+-----------------------------------------------------------+
| Grants for scm@hd01.cmdschool.org |
+-----------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'scm'@'hd01.cmdschool.org' |
+-----------------------------------------------------------+
1 row in set (0.00 sec)

 

4) Cloudera SCM Server config

------------------------------------------------------------

# egrep -v "^#|^$" /etc/cloudera-scm-server/db.properties

com.cloudera.cmf.db.type=mysql
com.cloudera.cmf.db.host=hd01.cmdschool.org
com.cloudera.cmf.db.name=scm
com.cloudera.cmf.db.user=scm
com.cloudera.cmf.db.password=scm
com.cloudera.cmf.db.setupType=INIT

 

5) Error log

---------------------------------------------------------------------

 # tail -f /var/log/cloudera-scm-server/cloudera-scm-server.out

JAVA_HOME=/usr/java/jdk1.8.0_121
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=256m; support was removed in 8.0
Sun Apr 16 21:16:08 EDT 2017 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5 .5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existi ng applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting use SSL=false, or set useSSL=true and provide truststore for server certificate verification.

-------------------------------------------------- --------------------------

Posts: 563
Topics: 3
Kudos: 79
Solutions: 50
Registered: ‎08-16-2016

Re: CDM Connect to MySQL 5.7.17 Error

This setting --ssl-verify-server-cert is set to false or --ssl-mode is not set right. Both are client settings and I can't find anyway to tell CM, through db.properties to change either.

You can either disable SSL (I think this is against what you are trying to do).
Try setting this in my.cnf under the [mysql] section. This may not be used by CM though.
Contact Cloudera support.

I have never seen SSL enabled between CM and MySQL and I don't know if it is supported. I feel like I saw something a long time ago stating that it wasn't, but can't find it or much else on it.

https://dev.mysql.com/doc/refman/5.7/en/secure-connection-options.html#option_general_ssl-mode
New Contributor
Posts: 5
Registered: ‎06-03-2016

Re: CDM Connect to MySQL 5.7.17 Error

hi mbigelow,

I have disabled ssl of mysql user, but problem still exists.
---------------------------------------------------
mysql -uroot -p
grant all privileges on *.* to scm@'hd01.cmdschool.org' identified by 'scm' require none;
flush privileges;
-------------------------------------------------------

Announcements