-
Notifications
You must be signed in to change notification settings - Fork 513
-
Notifications
You must be signed in to change notification settings - Fork 513
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dataproc SSL Issue #177
Comments
I have posted this on google issue tracker(https://issuetracker.google.com/issues/72886952), and they suggested me to talk about the issue here. Can I get some help on this? |
CC @bsidhom as the expert on Conscrypt/SSL. @yoong93 Dataproc by default uses Conscrypt (https://github.com/google/conscrypt) for SSL performance, and I see that library in the stacktrace. Just for my sanity, can you try the Java-native SSL implementation by creating a cluster with
Also, try spinning up a raw GCE VM on the same subnet (so the firewall rules are the same), and check whether you can connect to your SQL server. |
|
If you disable Conscrypt in Dataproc, it falls back to the Java-builtin SSL implementation. So it's still secure -- you are not turning off SSL. Conscrypt is just a more optimized (C-based) library, so we use it for performance, particularly when talking to GCS. This issue on Conscrypt seems potentially related: google/conscrypt#104. If you're really interested in digging further, consider installing Conscrypt on a raw GCE VM and setting up a repro for the Conscrypt folks. I'm going to close this issue for now since it isn't directly a Dataproc bug, nor is it related to the initialization actions in this repository. |
ok thanks for help :) |
I have opened the issue before here, but I still having problem with this and I think this is more related with dataproc than simply SQL Server(#166)
I am trying to connect to SQL Server 2017 from dataproc, but I have trouble with passing SSL handshake. There are three instances that I am using for testing. VM instance with MYSQL and SQL Server 2017 installed(Windows), another with MYSQL and PostgreSQL installed(Debian) and a dataproc where I am trying to connect to those servers. All three instances are in same network, and for mssql connection, I am trying with jdbc6.2.2 and SQL Server Driver 13.
Connection works fine with sqlalchemy & pyodbc for all three servers(MYSQL, PostgreSQL, MSSQL), but when using spark and jdbc driver, socket closes when trying ssl handshake when connecting to MSSQL. Also I teststed all cases from my local spark, and they all worked including connecting SQL Server with spark. Here is the error code from dataproc when I tried connecting to MSSQL
Here are lists of things that I have checked --
Dataproc Configuration - I checked all the firewall rules, and they are all allowing ingress and egress connections. And if firewalls blocked connection between dataproc - sql server, I think it should have also blocked connection when using sqlalchemy & pyodbc.
SQL Server Configuration - From local spark or AWS(for testing), I could easily connect to the SQL server without any certificate. Connection from dataproc always failed. I read about a similar case here (https://blogs.msdn.microsoft.com/dataaccesstechnologies/2016/11/30/intermittent-jdbc-connectivity-issue-the-driver-could-not-establish-a-secure-connection-to-sql-server-by-using-secure-sockets-layer-ssl-encryption-error-sql-server-returned-an-incomplete-respons/) but in my case, issue happens without any exception and my version is up to date.
So this is my status quo right now. Can you help me with this issue?
Also, for the last trial, when I forced ssl for mysql(on instance where SQL Server 2017 is installed), the dataproc could connect to server without any certificate whereas my local spark could not. So I am assuming dataproc automatically finds a certificate for mysql ssl, but apparently, it can't find the right one for mssql ssl. Can you locate the certificate for mssql so that I can try it out? I tried cacerts in /etc/ssl/java/, but didn't work.
Thanks!
The text was updated successfully, but these errors were encountered: