Support Questions

sweeny_here · ‎05-18-2021

Hello - Cloudera Manager is returning the following warning when connecting to MySql hosted in AWS RDS. How can this warning be resolved / suppressed?

Log Warning:

May 17 12:15:48 ip-10-179-61-80 cm-server[23717]: Mon May 17 12:15:48 BST 2021 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL SSby setting useSSL=false, or set useSSL=true and provide

truststore for server certificate verification

OS Type:

[root@ip-10-179-61-233 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.9 (Maipo)

Cloudera Binaries:

[root@ip-10-179-61-233 ~]# rpm -qa | grep cloudera
cloudera-manager-daemons-6.3.1-1466458.el7.x86_64

cloudera-manager-agent-6.3.1-1466458.el7.x86_64
cloudera-manager-server-6.3.1-1466458.el7.x86_64

SCM Config:

[root@ip-10-179-61-233 ~]# egrep -v "^#|^$" /etc/cloudera-scm-server/db.properties
com.cloudera.cmf.db.type=mysql
com.cloudera.cmf.db.host=foo.123.eu-west-2.rds.amazonaws.com:3306
com.cloudera.cmf.db.name=scm_123
com.cloudera.cmf.db.user=scmu_123
com.cloudera.cmf.db.password=123

sweeny_here · ‎05-21-2021

Hi - thanks for your suggestion, it worked.

Since MySql is not running locally (AWS RDS), there was no need to edit the my.conf file.

I understand the db.properties file is currently automatically created by Director during the cluster build process and placed onto Manager.

It there a way to automate the db.properties file so these extra two lines are appended to it?

com.cloudera.cmf.orm.hibernate.connection.driver_class=com.mysql.jdbc.Driver
com.cloudera.cmf.orm.hibernate.connection.url=jdbc:mysql://<mysql-host>/<database>?useUnicode=true&characterEncoding=UTF-8&useSSL=false

🙂 Theo

View solution in original post

sweeny_here · ‎05-18-2021

I've tried updating the db.properties file on Manager to enforce SSL, as seen below, but the warning message is persisting.

[root@ip-10-179-61-233 ~]# egrep -v "^#|^$" /etc/cloudera-scm-server/db.properties
com.cloudera.cmf.db.type=mysql
com.cloudera.cmf.db.host=foo.123.eu-west-2.rds.amazonaws.com:3306
com.cloudera.cmf.db.name=scm_123
com.cloudera.cmf.db.user=scmu_123
com.cloudera.cmf.db.password=123
com.cloudera.cmf.db.useSSL=true
com.cloudera.cmf.db.verifyServerCertificate=true
com.cloudera.cmf.db.trustCertificateKeyStoreUrl=file:/usr/java/jdk1.8.0_121-cloudera/jre/lib/security/jssecacerts
com.cloudera.cmf.db.trustCertificateKeyStoreType=JKS
com.cloudera.cmf.db.trustCertificateKeyStorePassword=changeit

tjangid · ‎05-19-2021

Hello @sweeny_here ,

You may skip the SSL check from the MySQL DB. To do so, below are the steps:

1. Stop the CM server

2. Set the property in MySQL config (my.cnf) file as below

[mysql]
...
...
skip_ssl
...
...

3. Restart mysqld and CM Server.

Also, please make sure to disable SSL in the CM db.properties file as below

# you can set the &useSSL=false in the db.properties
com.cloudera.cmf.db.type=mysql
com.cloudera.cmf.orm.hibernate.connection.driver_class=com.mysql.jdbc.Driver
com.cloudera.cmf.orm.hibernate.connection.url=jdbc:mysql://<mysql-host>/<database>?useUnicode=true&characterEncoding=UTF-8&useSSL=false
com.cloudera.cmf.db.name=<database>
com.cloudera.cmf.db.user=<CM-Mysql-user>
com.cloudera.cmf.db.setupType=EXTERNAL
com.cloudera.cmf.db.password=<password>

Let me know if this helps!

Cheers!

Was your question answered? Make sure to mark the answer as the accepted solution.

If you find a reply useful, say thanks by clicking on the thumbs up button.

sweeny_here · ‎05-21-2021

Hi - thanks for your suggestion, it worked.

Since MySql is not running locally (AWS RDS), there was no need to edit the my.conf file.

I understand the db.properties file is currently automatically created by Director during the cluster build process and placed onto Manager.

It there a way to automate the db.properties file so these extra two lines are appended to it?

com.cloudera.cmf.orm.hibernate.connection.driver_class=com.mysql.jdbc.Driver
com.cloudera.cmf.orm.hibernate.connection.url=jdbc:mysql://<mysql-host>/<database>?useUnicode=true&characterEncoding=UTF-8&useSSL=false

🙂 Theo

sweeny_here · ‎05-27-2021

I was able to use Ansible to append these additional two lines to the existing db.properties file on Manger, from Director. This was done as the last step in the cluster build.

ebeb · ‎07-28-2021

After openjdk 1.8.0.292 install we had to fix the mysql scm database ssl connection issue using the property useSSL=false like
com.cloudera.cmf.orm.hibernate.connection.url=jdbc:mysql://<mysql-host>/scm?useUnicode=true&characterEncoding=UTF-8&useSSL=false

Now same ssl connection issue is happening for nav, navms, amon, rman databases and these components wont start.
Can we set the useSSL for these databases also in /etc/cloudera-scm-server/db.properties file like below:

com.cloudera.cmf.orm.hibernate.connection.url=jdbc:mysql://localhost/nav?useUnicode=true&characterEncoding=UTF-8&useSSL=false
com.cloudera.cmf.orm.hibernate.connection.url=jdbc:mysql://localhost/navms?useUnicode=true&characterEncoding=UTF-8&useSSL=false
com.cloudera.cmf.orm.hibernate.connection.url=jdbc:mysql://localhost/rman?useUnicode=true&characterEncoding=UTF-8&useSSL=false

Cloudera Community

Support Questions

Cloudera 6.3 MySql 5.7 SSL Warning