Support Questions

eric_deleforter · ‎08-01-2018

When installing a cluster with a very secure environement you could want to setup an external Postgresql cluster database with HA and a connection pooler like pgbouncer for reducing the impact of opening new sessions on Postgresql.

All the connections should be with SSL/TLS :

Client -> Pgbouncer and Pgbouncer -> Postgresql

The problem was that configuring Ambari with the ambari-server setup don't give you the oportunity to setup SSL connection and ambari is not able to connect to the database.

You will find this error in the logs :

26 Jul 2018 18:56:39,202 ERROR [main] DBAccessorImpl:119 - Error while creating database accessor
org.postgresql.util.PSQLException: ERROR: SSL required
        at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:400)
        at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:173)
        at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:64)
        at org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:138)
        at org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:29)
        at org.postgresql.jdbc3g.AbstractJdbc3gConnection.<init>(AbstractJdbc3gConnection.java:21)
        at org.postgresql.jdbc4.AbstractJdbc4Connection.<init>(AbstractJdbc4Connection.java:31)
        at org.postgresql.jdbc4.Jdbc4Connection.<init>(Jdbc4Connection.java:24)
        at org.postgresql.Driver.makeConnection(Driver.java:410)
        at org.postgresql.Driver.connect(Driver.java:280)
        at java.sql.DriverManager.getConnection(DriverManager.java:664)
        at java.sql.DriverManager.getConnection(DriverManager.java:247)
        at org.apache.ambari.server.orm.DBAccessorImpl.<init>(DBAccessorImpl.java:93)
        at org.apache.ambari.server.orm.DBAccessorImpl$$FastClassByGuice$$86dbc63e.newInstance(<generated>)
        at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40)
        at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:60)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
        at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at com.google.inject.Scopes$1$1.get(Scopes.java:65)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
        at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:54)
        at com.google.inject.internal.SingleFieldInjector.inject(SingleFieldInjector.java:53)
        at com.google.inject.internal.MembersInjectorImpl.injectMembers(MembersInjectorImpl.java:110)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:94)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
        at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at com.google.inject.Scopes$1$1.get(Scopes.java:65)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
        at com.google.inject.internal.SingleFieldInjector.inject(SingleFieldInjector.java:53)
        at com.google.inject.internal.MembersInjectorImpl.injectMembers(MembersInjectorImpl.java:110)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:94)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
        at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at com.google.inject.Scopes$1$1.get(Scopes.java:65)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
        at com.google.inject.internal.SingleFieldInjector.inject(SingleFieldInjector.java:53)
        at com.google.inject.internal.InjectionRequestProcessor$StaticInjection$1.call(InjectionRequestProcessor.java:116)
        at com.google.inject.internal.InjectionRequestProcessor$StaticInjection$1.call(InjectionRequestProcessor.java:110)
        at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024)
        at com.google.inject.internal.InjectionRequestProcessor$StaticInjection.injectMembers(InjectionRequestProcessor.java:110)
        at com.google.inject.internal.InjectionRequestProcessor.injectMembers(InjectionRequestProcessor.java:78)
        at com.google.inject.internal.InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:170)
        at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:109)
        at com.google.inject.Guice.createInjector(Guice.java:95)
        at com.google.inject.Guice.createInjector(Guice.java:72)
        at com.google.inject.Guice.createInjector(Guice.java:62)
        at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:1045)

So, the question is how to setup your ambari server for connecting to the database without desactivating SSL mode ?

Eric.

eric_deleforter · ‎08-01-2018

Hi

Here is the answer :

After setup your postgresql external database access with ambari-server setup, you have to edit the file /etc/ambari-server/conf/ambari.properties and modify the server.jdbc.url parameter to add the activation of the ssl like this :

server.jdbc.url=jdbc:postgresql://<HOSTNAME>:<PORT>/ambari?ssl=true

Once done, you are able to start the ambari installation with a SSL connection to your external Postgresql database.

For more information on all the options you could add on the connect string, you have the jdbc.postgresql documentation here :

https://jdbc.postgresql.org/documentation/head/connect.html#ssl

Eric

View solution in original post

eric_deleforter · ‎08-01-2018

Hi

Here is the answer :

After setup your postgresql external database access with ambari-server setup, you have to edit the file /etc/ambari-server/conf/ambari.properties and modify the server.jdbc.url parameter to add the activation of the ssl like this :

server.jdbc.url=jdbc:postgresql://<HOSTNAME>:<PORT>/ambari?ssl=true

Once done, you are able to start the ambari installation with a SSL connection to your external Postgresql database.

For more information on all the options you could add on the connect string, you have the jdbc.postgresql documentation here :

https://jdbc.postgresql.org/documentation/head/connect.html#ssl

Eric

francois__tizie · ‎08-03-2018

Tip and top... 😉

aelmrani · ‎08-03-2018

very useful post

thank's Eric

bouda_armel_ · ‎08-02-2018

Great tips 🙂

francois__tizie · ‎08-03-2018

Thanks Eric for your post.

This is useful and very efficient.

Cloudera Community

Support Questions

How to setup Ambari with an external Postgresql db with SSL/TLS required