Support Questions

saurabh_ka · ‎12-30-2021

Hi while running '/opt/cloudera/cm/schema/scm_prepare_database.sh mysql scm scm', I'm getting below error. I'm unable to find the cause. Please help me resolve this error.

JAVA_HOME=/usr/java/latest
Verifying that we can write to /etc/cloudera-scm-server
Creating SCM configuration file in /etc/cloudera-scm-server
Executing: /usr/java/latest/bin/java -cp /usr/share/java/mysql-connector-java.jar:/usr/share/java/oracle-connector-java.jar:/usr/share/java/postgresql-connector-java.jar:/opt/cloudera/cm/schema/../lib/* com.cloudera.enterprise.dbutil.DbCommandExecutor /etc/cloudera-scm-server/db.properties com.cloudera.cmf.db.
Thu Dec 30 05:34:34 CST 2021 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
2021-12-30 05:34:35,140 [main] ERROR com.cloudera.enterprise.dbutil.DbCommandExecutor - Error when connecting to database.
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure

The last packet successfully received from the server was 205 milliseconds ago. The last packet sent successfully to the server was 197 milliseconds ago.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:425)
at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:990)
at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:201)
at com.mysql.jdbc.MysqlIO.negotiateSSLConnection(MysqlIO.java:4912)
at com.mysql.jdbc.MysqlIO.proceedHandshakeWithPluggableAuthentication(MysqlIO.java:1663)
at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1224)
at com.mysql.jdbc.ConnectionImpl.coreConnect(ConnectionImpl.java:2190)
at com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2221)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2016)
at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:776)
at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:47)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:425)
at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:386)
at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:330)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:247)
at com.cloudera.enterprise.dbutil.DbCommandExecutor.testDbConnection(DbCommandExecutor.java:263)
at com.cloudera.enterprise.dbutil.DbCommandExecutor.main(DbCommandExecutor.java:139)
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Handshaker.java:529)
at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1492)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1361)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:186)
... 19 more
2021-12-30 05:34:35,144 [main] ERROR com.cloudera.enterprise.dbutil.DbCommandExecutor - Exiting with exit code 4
--> Error 4, giving up (use --force if you wish to ignore the error)

mszurap · ‎12-30-2021

Hi Saurabh,

The "Establishing SSL connection..." message already suggests that the MySQL client (in this case Cloudera Manager code "DbCommandExecutor") is using TLS/SSL coonection to the MySQL database.

The last "caused by" tells the reason for the failure:

Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

This happens when

- The MySQL client does not allow a specific cipher suite (it has some restrictions)

- and the MySQL server does not support any of the cipher suites which the client allows.

Please check what settings are on the MySQL server side:

mysql --ssl-ca=<path_to/truststore.pem> -uroot -p -e "SHOW GLOBAL VARIABLES LIKE '%ssl%';STATUS;"

and check the CM server side JDK configuration settings in:

/usr/java/latest/jre/lib/security/java.security

Look for ProtocolsWhiteList, CipherWhiteList and CipherBlackList settings.

saurabh_ka · ‎01-03-2022

Hi thanks for the response.

I checked and figured out that I needed to add skip_ssl in my.cnf file to skip the ssl connection.

After making this change, it ran without any error.

Thanks,

mszurap · ‎01-03-2022

Great, thanks for sharing your solution!

christopher · ‎01-04-2022

@saurabh_ka

It looks like you've got a solution, could you please mark the appropriate reply as the solution? It will make it easier for others to find the answer in the future.

Thank you!

Regards,

Chris McConnell,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

Support Questions

scm_prepare_database.sh, ERROR 4