Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Connecting to a Database using SSH tunnel in NiFi

Labels:
avatar
author-rank SandyClouds
Expert Contributor

Created ‎08-10-2022 07:19 AM

Hello Lovely community,

 

I am new to NiFi, I am able to connect to mysql dummy database from Nifi and everything works fine.

But I want to understand how can we connect to databases that use SSH tunneling..

Because I have not seen any properties related to SSH in the database processors.

My processors being used is "capturechangeMysql"

 

This source DB server is secured and I need SSH tunnel to make the connection.

I have 100 such sources. Should I add my nifi server ssh keys in all the source servers ? and even then where can i give the SSH tunnel information? and the private key..

Because while using any SQL client we can use the tunnel along with main DB username and password as shown in attached screen, but for Nifi I am not able to see a way..

Please help me with your suggestions.. /\SSH tunnelSSH tunnel

1,210 Views
0 Kudos
1 REPLY 1

avatar
author-rank MattWho author-rank
Super Mentor

Created ‎08-10-2022 11:36 AM

@SandyClouds 

The ExecuteSQL processors do not support SSH tunnel.  The expectation by these processors is that the SQL server is listening on a port reachable on the network.  SSH tunnels are used to access the server via remotely and then execute a command locally on that SQL utilizing the SQL client on that destination server.   The ExecuteSQL processor uses a DBCPConnectionPool to facilitate the connection to the database.  The DBCPConnectionPool establishes a pool of connections used by one too many processors sharing this connection to execute their code.  A Validation Query is very import to make sure a connection from this pool is still good before being passed to requesting processor for use.

While I have not done this myself, I suppose you could set up and SSH tunnel on each NiFi cluster server (example: https://linuxize.com/post/mysql-ssh-tunnel/).  Then you could still use the DBCPConnectionPool except use the established tunnel address and port in the database connection URL.  

Downside to this is that NiFi has not control over that tunnel, so if the tunnel is closed, your dataflow will stop working until the tunnel is re-established.  The Validation Query will verify the connection is still good. If it is not, the DBCPConnectionPool will drop it and try to establish a new connection.  

If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post.

Thank you,

Matt

1,182 Views
0 Kudos
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements
meetups banner