Support Questions

Find answers, ask questions, and share your expertise

Cloudera 6.3 Enabling MySql 5.7 SSL

avatar
Explorer

Hello - I wish to enable SSL on database connections between Cloudera Manager and MySql hosted in AWS RDS.

 

When I enable SSL in the db.properties file on Manager, I see the following errors:

 

 

 

2021-05-21 15:38:37,703 WARN C3P0PooledConnectionPoolManager[identityToken->2yvpj9ah13s0oi2z72mvh|3afae281]-HelperThread-#0:com.mchange.v2.resourcepool.BasicResourcePool: com.mchange.v2.resourcepool.BasicResourcePool$ScatteredAcquireTask@e19e904 -- Acquisition Attempt Failed!!! Clearing pending acquires. While trying to acquire a needed new resource, we failed to succeed more than the maximum number of allowed acquisition attempts (5). Last acquisition attempt exception: 

 

 

 

OS Type:

 

[root@ip-10-179-61-233 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.9 (Maipo)

 

Cloudera Binaries:

 

[root@ip-10-179-61-233 ~]# rpm -qa | grep cloudera
cloudera-manager-daemons-6.3.1-1466458.el7.x86_64

cloudera-manager-agent-6.3.1-1466458.el7.x86_64
cloudera-manager-server-6.3.1-1466458.el7.x86_64

 

SCM Config:

 

[root@ip-10-179-61-233 ~]# egrep -v "^#|^$" /etc/cloudera-scm-server/db.properties
com.cloudera.cmf.db.type=mysql

com.cloudera.cmf.orm.hibernate.connection.driver_class=com.mysql.jdbc.Driver
com.cloudera.cmf.orm.hibernate.connection.url=jdbc:mysql://foo.123.eu-west-2.rds.amazonaws.com:3306/scm_123?useUnicode=true&characterEncoding=UTF-8&useSSL=true&verifyServerCertificate=false&trustCertificateKeyStoreUrl=/usr/java/jdk1.8.0_121-cloudera/jre/lib/security/cacerts&trustCertificateKeyStoreType=JKS&trustCertificateKeyStorePassword=changeit
com.cloudera.cmf.db.host=foo.123.eu-west-2.rds.amazonaws.com:3306
com.cloudera.cmf.db.name=scm_123
com.cloudera.cmf.db.user=scmu_123
com.cloudera.cmf.db.password=123

 

Java Version:

 

/usr/java/jdk1.8.0_121-cloudera/jre/bin/java -version
java version "1.8.0_121"

 

MySql Connector Version:

v5.1.46

 

Any ideas / pointers would be much appreciated.

 

Theo

 

1 REPLY 1

avatar
Cloudera Employee

@sweeny_here , Could you please provide below details :

 

1. Complete cloudera-scm-server logs

2. Steps/documentation followed to enable DB SSL

3. After enabling SSL on DB, did you import the DB SSL certificate to the CM truststore ?

 

Regards,

Aditya