Support Questions
Find answers, ask questions, and share your expertise

Cloudera 6.3 MySql 5.7 SSL Warning

New Contributor

Hello - Cloudera Manager is returning the following warning when connecting to MySql hosted in AWS RDS. How can this warning be resolved / suppressed?

 

Log Warning:

 

May 17 12:15:48 ip-10-179-61-80 cm-server[23717]: Mon May 17 12:15:48 BST 2021 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL SSby setting useSSL=false, or set useSSL=true and provide

truststore for server certificate verification

 

OS Type:

 

[root@ip-10-179-61-233 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.9 (Maipo)

 

Cloudera Binaries:

 

[root@ip-10-179-61-233 ~]# rpm -qa | grep cloudera
cloudera-manager-daemons-6.3.1-1466458.el7.x86_64

cloudera-manager-agent-6.3.1-1466458.el7.x86_64
cloudera-manager-server-6.3.1-1466458.el7.x86_64

 

SCM Config:

 

[root@ip-10-179-61-233 ~]# egrep -v "^#|^$" /etc/cloudera-scm-server/db.properties
com.cloudera.cmf.db.type=mysql
com.cloudera.cmf.db.host=foo.123.eu-west-2.rds.amazonaws.com:3306
com.cloudera.cmf.db.name=scm_123
com.cloudera.cmf.db.user=scmu_123
com.cloudera.cmf.db.password=123

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Cloudera 6.3 MySql 5.7 SSL Warning

New Contributor

Hi - thanks for your suggestion, it worked.

 

Since MySql is not running locally (AWS RDS), there was no need to edit the my.conf file.

 

I understand the db.properties file is currently automatically created by Director during the cluster build process and placed onto Manager.

 

It there a way to automate the db.properties file so these extra two lines are appended to it?

com.cloudera.cmf.orm.hibernate.connection.driver_class=com.mysql.jdbc.Driver
com.cloudera.cmf.orm.hibernate.connection.url=jdbc:mysql://<mysql-host>/<database>?useUnicode=true&characterEncoding=UTF-8&useSSL=false

🙂 Theo

View solution in original post

5 REPLIES 5

Re: Cloudera 6.3 MySql 5.7 SSL Warning

New Contributor

I've tried updating the db.properties file on Manager to enforce SSL, as seen below, but the warning message is persisting.

 

[root@ip-10-179-61-233 ~]# egrep -v "^#|^$" /etc/cloudera-scm-server/db.properties
com.cloudera.cmf.db.type=mysql
com.cloudera.cmf.db.host=foo.123.eu-west-2.rds.amazonaws.com:3306
com.cloudera.cmf.db.name=scm_123
com.cloudera.cmf.db.user=scmu_123
com.cloudera.cmf.db.password=123
com.cloudera.cmf.db.useSSL=true
com.cloudera.cmf.db.verifyServerCertificate=true
com.cloudera.cmf.db.trustCertificateKeyStoreUrl=file:/usr/java/jdk1.8.0_121-cloudera/jre/lib/security/jssecacerts
com.cloudera.cmf.db.trustCertificateKeyStoreType=JKS
com.cloudera.cmf.db.trustCertificateKeyStorePassword=changeit

 

Re: Cloudera 6.3 MySql 5.7 SSL Warning

Rising Star

Hello @sweeny_here ,

 

You may skip the SSL check from the MySQL DB. To do so, below are the steps:

1. Stop the CM server

2. Set the property in MySQL config (my.cnf) file as below

[mysql]
...
... skip_ssl ... ...

 3. Restart mysqld and CM Server. 

 

Also, please make sure to disable SSL in the CM db.properties file as below

# you can set the &useSSL=false in the db.properties
com.cloudera.cmf.db.type=mysql
com.cloudera.cmf.orm.hibernate.connection.driver_class=com.mysql.jdbc.Driver
com.cloudera.cmf.orm.hibernate.connection.url=jdbc:mysql://<mysql-host>/<database>?useUnicode=true&characterEncoding=UTF-8&useSSL=false
com.cloudera.cmf.db.name=<database>
com.cloudera.cmf.db.user=<CM-Mysql-user>
com.cloudera.cmf.db.setupType=EXTERNAL
com.cloudera.cmf.db.password=<password>


Let me know if this helps!

 

Cheers!

Was your question answered? Make sure to mark the answer as the accepted solution.

If you find a reply useful, say thanks by clicking on the thumbs up button.

Re: Cloudera 6.3 MySql 5.7 SSL Warning

New Contributor

Hi - thanks for your suggestion, it worked.

 

Since MySql is not running locally (AWS RDS), there was no need to edit the my.conf file.

 

I understand the db.properties file is currently automatically created by Director during the cluster build process and placed onto Manager.

 

It there a way to automate the db.properties file so these extra two lines are appended to it?

com.cloudera.cmf.orm.hibernate.connection.driver_class=com.mysql.jdbc.Driver
com.cloudera.cmf.orm.hibernate.connection.url=jdbc:mysql://<mysql-host>/<database>?useUnicode=true&characterEncoding=UTF-8&useSSL=false

🙂 Theo

View solution in original post

Re: Cloudera 6.3 MySql 5.7 SSL Warning

New Contributor

I was able to use Ansible to append these additional two lines to the existing db.properties file on Manger, from Director. This was done as the last step in the cluster build.

Re: Cloudera 6.3 MySql 5.7 SSL Warning

Expert Contributor
After openjdk 1.8.0.292 install we had to fix the mysql scm database ssl connection issue using the property useSSL=false like
com.cloudera.cmf.orm.hibernate.connection.url=jdbc:mysql://<mysql-host>/scm?useUnicode=true&characterEncoding=UTF-8&useSSL=false

Now same ssl connection issue is happening for nav, navms, amon, rman databases and these components wont start.
Can we set the useSSL for these databases also in /etc/cloudera-scm-server/db.properties file like below:

com.cloudera.cmf.orm.hibernate.connection.url=jdbc:mysql://localhost/nav?useUnicode=true&characterEncoding=UTF-8&useSSL=false
com.cloudera.cmf.orm.hibernate.connection.url=jdbc:mysql://localhost/navms?useUnicode=true&characterEncoding=UTF-8&useSSL=false
com.cloudera.cmf.orm.hibernate.connection.url=jdbc:mysql://localhost/rman?useUnicode=true&characterEncoding=UTF-8&useSSL=false