I am trying to connect to MSSQL database.
The custom jar used is sqljdbc4.jar.
Using sql server authentication with username and pwd.
versions : Sqoop version: 1.4.6-cdh5.14.2
The MSSQL database I am trying to connect is SSL enabled and I am getting the below error while using the sqoop command
The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Server chose TLSv1, but that protocol version is not enabled or not supported by the client.".
Is there a solution for this ?
Created 02-05-2020 06:11 AM
Sqoop does not currently support TLS/SSL to Oracle, MySQL, or other databases.
Created 02-05-2020 09:44 PM
Thank you ..
As a work around , I commented out the disabled algorithms property in "java.security" file and tried the sqoop command and that worked.
Just wanted to understand how does this work with sqoop when there is a change made in java.security file ?
The above is a temporary solution and I am looking for a solution where I can change the java security file property in run time in the sqoop import command.
This is because we cannot change the "java security" file on each node and affect other systems.
Please share your inputs.
Thanks in advance
Created 02-07-2020 05:13 AM
What is the mysql DB version being used here? Does this only support TLSV1 ?
You should consider upgrading the DB to the latest supported TLS versions.
TLSV1 is included in the disabled algorithms in the latest java versions by default . The option of disabling the algorithms from java.security hence works in the particular host once you update the java.security file. This is the only workaround here but not recommended since TLSv1 is deprecated.
Created on 02-08-2020 09:41 PM - edited 02-08-2020 09:45 PM
Thank you for your inputs.
It is MSSQL database I am trying to fetch data from.( not mysql).
Upgrading production database would be a difficult option at the moment.
Is there a way in which I can change/override the disabled algorithm property in java security file run time in sqoop command. ??
so that i dont have to change the security file property on each node.
Created 04-10-2020 12:03 PM
Did you find solution to your query "Is there a way in which I can change/override the disabled algorithm property in java security file run time in sqoop command. ??"
Coz I'm in similar situation where I want to pass security provider in sqoop command.
Created 04-10-2020 02:57 PM
I got resolved my issue by using the below connect string ( this might help others):
sqoop import -D mapreduce.map.java.opts="-Djava.security.properties==file:///<unix_box_location>/java.security" --connect <connect_string> --username <username> --password <password> --table "TABLE" --delete-target-dir --target-dir "table.txt" -m1
Please note the following:
1. we have to specify 3 forward slash after file i.e. file:///
2. Need to distribute the java.security file across the cluster.
Created 04-11-2020 12:12 PM
Point no 1 : Did u create a new java security file with new properties you want to change and place it in all nodes in a local directory or hdfs directory ??
Created 04-12-2020 04:24 AM
Yes, I created a new java.security file with required properties and placed in all nodes in local directory.