Support Questions

subhash_parise3 · ‎06-18-2019

Dear Community Members,

I am not able to connect external postgres db with ssl enabled from ambari-server . I have changed jdbc url in ambari.properties file to make the ssl connection( Followed https://community.hortonworks.com/questions/209938/how-to-setup-ambari-with-an-external-postgresql-d... ), but no luck.

Any help much appreciated!

Thank you in advance:)

jsensharma · ‎06-18-2019

@subhash parise

Can you please provide us the complete stack trace of the error that you are receiving after making the changes to the JDBC url in the ambari.properties ?

Also can you please share the URL that you are using ? Better if you can share the output of the following:

# grep 'jdbc' /etc/ambari-server/conf/ambari.properties

subhash_parise3 · ‎06-19-2019

HI @Jay Kumar SenSharma

I am able to connect by using below connection properties:

custom.postgres.jdbc.name=postgresql-jdbc.jar

previous.custom.postgres.jdbc.name=postgresql-jdbc.jar

server.jdbc.connection-pool=internal

server.jdbc.database=postgres

server.jdbc.database_name=ambari

server.jdbc.driver=org.postgresql.Driver

server.jdbc.hostname=localhost

server.jdbc.port=5432

server.jdbc.postgres.schema=ambari

server.jdbc.rca.driver=org.postgresql.Driver

server.jdbc.rca.url=jdbc:postgresql://*.*.*.*:5432/ambari?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory

server.jdbc.rca.user.name=ambari

server.jdbc.rca.user.passwd=${alias=ambari.db.password}

server.jdbc.url=jdbc:postgresql://*.*.*.*:5432/ambari?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory

server.jdbc.user.passwd=${alias=ambari.db.password}

if i removed the sslfactory=org.postgresql.ssl.NonValidatingFactory parameter form jdbc url, connection is not working?

jsensharma · ‎06-19-2019

@subhash parise
Here is the reason why you needed to add that "sslfactory=org.postgresql.ssl.NonValidatingFactory" property:

Using SSL without Certificate Validation

====================================

In some situations it may not be possible to configure your Java environment to make the server certificate available, for example in an applet. For a large scale deployment it would be best to get a certificate signed by recognized certificate authority, but that is not always an option. The JDBC driver provides an option to establish a SSL connection without doing any validation, but please understand the risk involved before enabling this option.

A non-validating connection is established via a custom SSLSocketFactory class that is provided with the driver. Setting the connection URL parameter sslfactory=org.postgresql.ssl.NonValidatingFactory will turn off all SSL validation.

If you do not want to use that option "sslfactory=org.postgresql.ssl.NonValidatingFactory" to turn off all SSL validation. Then you might have to do the following:

1. Create a Truststore in Ambari

2. Import your Postgres Certificate inside the Ambari truststore.

Support Questions

ambari is unable to make the connection external postgres db with ssl enabled ?