Support Questions

cjervis · ‎02-05-2020

Hi,

I am trying to connect to MSSQL database.

The custom jar used is sqljdbc4.jar.

Using sql server authentication with username and pwd.

versions : Sqoop version: 1.4.6-cdh5.14.2

The MSSQL database I am trying to connect is SSL enabled and I am getting the below error while using the sqoop command

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Server chose TLSv1, but that protocol version is not enabled or not supported by the client.".

Is there a solution for this ?

paras · ‎02-05-2020

@sow

Sqoop does not currently support TLS/SSL to Oracle, MySQL, or other databases.

Refer:https://docs.cloudera.com/documentation/enterprise/5-14-x/topics/cm_sg_hadoop_ssl_cm.html

sow · ‎02-05-2020

@paras

Thank you ..

As a work around , I commented out the disabled algorithms property in "java.security" file and tried the sqoop command and that worked.

Just wanted to understand how does this work with sqoop when there is a change made in java.security file ?

The above is a temporary solution and I am looking for a solution where I can change the java security file property in run time in the sqoop import command.

This is because we cannot change the "java security" file on each node and affect other systems.

Please share your inputs.

Thanks in advance

paras · ‎02-07-2020

@sow

What is the mysql DB version being used here? Does this only support TLSV1 ?

You should consider upgrading the DB to the latest supported TLS versions.

TLSV1 is included in the disabled algorithms in the latest java versions by default . The option of disabling the algorithms from java.security hence works in the particular host once you update the java.security file. This is the only workaround here but not recommended since TLSv1 is deprecated.

Ref: https://dev.mysql.com/doc/refman/5.7/en/encrypted-connection-protocols-ciphers.html

sow · ‎02-08-2020

@paras

Thank you for your inputs.

It is MSSQL database I am trying to fetch data from.( not mysql).

Upgrading production database would be a difficult option at the moment.

Is there a way in which I can change/override the disabled algorithm property in java security file run time in sqoop command. ??

so that i dont have to change the security file property on each node.

Thanks

akv31 · ‎04-10-2020

@sow

Hi,

Did you find solution to your query "Is there a way in which I can change/override the disabled algorithm property in java security file run time in sqoop command. ??"

Coz I'm in similar situation where I want to pass security provider in sqoop command.

Thanks

akv31 · ‎04-10-2020

Hi,

I got resolved my issue by using the below connect string ( this might help others):

sqoop import -D mapreduce.map.java.opts="-Djava.security.properties==file:///<unix_box_location>/java.security" --connect <connect_string> --username <username> --password <password> --table "TABLE" --delete-target-dir --target-dir "table.txt" -m1

Please note the following:

1. we have to specify 3 forward slash after file i.e. file:///

2. Need to distribute the java.security file across the cluster.

Thanks

sow · ‎04-11-2020

Hi @akv31

Point no 1 : Did u create a new java security file with new properties you want to change and place it in all nodes in a local directory or hdfs directory ??

akv31 · ‎04-12-2020

Yes, I created a new java.security file with required properties and placed in all nodes in local directory.

Cloudera Community

Support Questions

Enabling SSL/TLSv1 during sqoop import