[RANGER-1288] Add SSL enabled MySQL support in Ranger Admin - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.7.0
Fix Version/s: 0.7.0
Component/s: Ranger
Labels:
None

Description

Problem Statement : Ranger can not communicate to ssl enabled MySQL server

Associated error message : Ranger DB script fails to communicate with the DB with sql AccessContronlException.

Proposed Solution : JDBC connection string could be : "jdbc:mysql://127.0.0.1:3306/ranger?verifyServerCertificate=false&useSSL=true&requireSSL=true".
The 'useSSL=true' property is added to the JDBC URL to attempt to communicate via SSL.
The 'verifyServerCerticate=false' property is set to bypass certificate validation.
The 'requireSSL=true' property is set to refuse to connect if the MySQL server does not support SSL. If user want to connect using truststore then he can configure truststore files(certificate information for the mysql server and client both).
Ranger application and jisql utility should know from where to pick the certificates which can be set in System properties like this :
-Djavax.net.ssl.keyStore=path_to_keystore_file
-Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=path_to_truststore_file
-Djavax.net.ssl.trustStorePassword=password

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

RANGER-1288-1.patch
03/Jan/17 12:43
48 kB
Pradeep Agrawal

Issue Links

incorporates

RANGER-1990 Add One-way SSL MySQL support in Ranger Admin

Resolved

links to

Apache review request link-1

Activity

People

Assignee:: Pradeep Agrawal

Reporter:: Pradeep Agrawal

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 03/Jan/17 10:35

Updated:: 22/Feb/18 09:43

Resolved:: 17/Jan/17 18:29