Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How to setup Ambari with an external Postgresql db with SSL/TLS required

avatar
Contributor

When installing a cluster with a very secure environement you could want to setup an external Postgresql cluster database with HA and a connection pooler like pgbouncer for reducing the impact of opening new sessions on Postgresql.

All the connections should be with SSL/TLS :

Client -> Pgbouncer and Pgbouncer -> Postgresql

The problem was that configuring Ambari with the ambari-server setup don't give you the oportunity to setup SSL connection and ambari is not able to connect to the database.

You will find this error in the logs :

26 Jul 2018 18:56:39,202 ERROR [main] DBAccessorImpl:119 - Error while creating database accessor
org.postgresql.util.PSQLException: ERROR: SSL required
        at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:400)
        at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:173)
        at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:64)
        at org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:138)
        at org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:29)
        at org.postgresql.jdbc3g.AbstractJdbc3gConnection.<init>(AbstractJdbc3gConnection.java:21)
        at org.postgresql.jdbc4.AbstractJdbc4Connection.<init>(AbstractJdbc4Connection.java:31)
        at org.postgresql.jdbc4.Jdbc4Connection.<init>(Jdbc4Connection.java:24)
        at org.postgresql.Driver.makeConnection(Driver.java:410)
        at org.postgresql.Driver.connect(Driver.java:280)
        at java.sql.DriverManager.getConnection(DriverManager.java:664)
        at java.sql.DriverManager.getConnection(DriverManager.java:247)
        at org.apache.ambari.server.orm.DBAccessorImpl.<init>(DBAccessorImpl.java:93)
        at org.apache.ambari.server.orm.DBAccessorImpl$$FastClassByGuice$$86dbc63e.newInstance(<generated>)
        at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40)
        at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:60)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
        at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at com.google.inject.Scopes$1$1.get(Scopes.java:65)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
        at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:54)
        at com.google.inject.internal.SingleFieldInjector.inject(SingleFieldInjector.java:53)
        at com.google.inject.internal.MembersInjectorImpl.injectMembers(MembersInjectorImpl.java:110)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:94)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
        at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at com.google.inject.Scopes$1$1.get(Scopes.java:65)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
        at com.google.inject.internal.SingleFieldInjector.inject(SingleFieldInjector.java:53)
        at com.google.inject.internal.MembersInjectorImpl.injectMembers(MembersInjectorImpl.java:110)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:94)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
        at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at com.google.inject.Scopes$1$1.get(Scopes.java:65)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
        at com.google.inject.internal.SingleFieldInjector.inject(SingleFieldInjector.java:53)
        at com.google.inject.internal.InjectionRequestProcessor$StaticInjection$1.call(InjectionRequestProcessor.java:116)
        at com.google.inject.internal.InjectionRequestProcessor$StaticInjection$1.call(InjectionRequestProcessor.java:110)
        at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024)
        at com.google.inject.internal.InjectionRequestProcessor$StaticInjection.injectMembers(InjectionRequestProcessor.java:110)
        at com.google.inject.internal.InjectionRequestProcessor.injectMembers(InjectionRequestProcessor.java:78)
        at com.google.inject.internal.InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:170)
        at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:109)
        at com.google.inject.Guice.createInjector(Guice.java:95)
        at com.google.inject.Guice.createInjector(Guice.java:72)
        at com.google.inject.Guice.createInjector(Guice.java:62)
        at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:1045)


So, the question is how to setup your ambari server for connecting to the database without desactivating SSL mode ?

Eric.

1 ACCEPTED SOLUTION

avatar
Contributor

Hi

Here is the answer :

After setup your postgresql external database access with ambari-server setup, you have to edit the file /etc/ambari-server/conf/ambari.properties and modify the server.jdbc.url parameter to add the activation of the ssl like this :

server.jdbc.url=jdbc:postgresql://<HOSTNAME>:<PORT>/ambari?ssl=true

Once done, you are able to start the ambari installation with a SSL connection to your external Postgresql database.

For more information on all the options you could add on the connect string, you have the jdbc.postgresql documentation here :

https://jdbc.postgresql.org/documentation/head/connect.html#ssl

Eric

View solution in original post

5 REPLIES 5

avatar
Contributor

Hi

Here is the answer :

After setup your postgresql external database access with ambari-server setup, you have to edit the file /etc/ambari-server/conf/ambari.properties and modify the server.jdbc.url parameter to add the activation of the ssl like this :

server.jdbc.url=jdbc:postgresql://<HOSTNAME>:<PORT>/ambari?ssl=true

Once done, you are able to start the ambari installation with a SSL connection to your external Postgresql database.

For more information on all the options you could add on the connect string, you have the jdbc.postgresql documentation here :

https://jdbc.postgresql.org/documentation/head/connect.html#ssl

Eric

avatar
New Contributor

Tip and top... 😉

avatar
New Contributor

very useful post

thank's Eric

avatar
New Contributor

Great tips 🙂

avatar
New Contributor

Thanks Eric for your post.

This is useful and very efficient.