堆栈内存溢出
  简体   繁体   English

从EMR集群通过SSL将mysql java连接器连接到AWS Aurora:一种方法

[英]Connecting mysql java connector to AWS Aurora Via SSL from a EMR Cluster: One approach

 原文  2016-09-22 00:56:17       java/ amazon-web-services/ ssl/ amazon-emr/ amazon-rds-aurora

问题描述

How to connect a job form a EMR cluster to a Aurora via SSL? 如何通过SSL将EMR群集中的作业连接到Aurora? There is a lot of information scattered on forums that brings partial solution to this issue so I'm trying to summarize up here. 论坛上散布着很多信息,这些信息为该问题带来了部分解决方案,因此,我在这里尝试进行总结。

1 个解决方案

解决方案1
 0  2016-09-22 00:56:17

There's a lot of information about connecting to AWS Aurora Via SSL from mysql java connector scattered on forums and also stackoverflow, so apologies if I don't include all the references. 有很多关于通过SSL从MySQL Java连接器通过SSL连接到AWS Aurora的信息,这些信息还散布在论坛上以及stackoverflow上,因此如果我不包括所有引用,则表示歉意。

Long story short: There are two main issues connecting a program running in a EMR Cluster to Aurora with ssl: 长话短说:使用ssl将EMR群集中运行的程序连接到Aurora存在两个主要问题:

1) Just importing the rds-combined-ca-bundle.pem provided by Amazon to a keystore won't work as it'll show an "PKIX path building failed" error. 1)仅将Amazon提供的rds-combined-ca-bundle.pem导入密钥库将无法正常工作,因为它将显示“ PKIX路径构建失败”错误。

2) The java property javax.net.ssl.keyStore won't be available from the cluster's slaves so the app will not find the keyStore an it will produce a "Communications link failure" 2)群集的从属服务器将无法使用java属性javax.net.ssl.keyStore,因此应用程序将找不到keyStore,这将产生“通信链接失败”

The cause for 1) seems to be related to the fact that the file rds-combined-ca-bundle.pem has several certificates so in a forum that I don't have the reference now, the proposed solution was to split these certificates. 原因1)似乎与rds-combined-ca-bundle.pem文件具有多个证书的事实有关,因此在我现在没有参考的论坛中,建议的解决方案是拆分这些证书。 The certificate for Aurora is the 8th: Aurora的证书是第八名:

-----BEGIN CERTIFICATE----- MIID/DCCAuSgAwIBAgIBQzANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxIjAgBgNVBAoM GUFtYXpvbiBXZWIgU2VydmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMx GzAZBgNVBAMMEkFtYXpvbiBSRFMgUm9vdCBDQTAeFw0xNTAyMDUyMTU0MDRaFw0y MDAzMDUyMTU0MDRaMIGPMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3Rv bjEQMA4GA1UEBwwHU2VhdHRsZTEiMCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNl cywgSW5jLjETMBEGA1UECwwKQW1hem9uIFJEUzEgMB4GA1UEAwwXQW1hem9uIFJE UyB1cy1lYXN0LTEgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI UIuwh8NusKHk1SqPXcP7OqxY3S/M2ZyQWD3w7Bfihpyyy/fc1w0/suIpX3kbMhAV 2ESwged2/2zSx4pVnjp/493r4luhSqQYzru78TuPt9bhJIJ51WXunZW2SWkisSaf USYUzVN9ezR/bjXTumSUQaLIouJt3OHLX49s+3NAbUyOI8EdvgBQWD68H1epsC0n CI5s+pIktyOZ59c4DCDLQcXErQ+tNbDC++oct1ANd/q8p9URonYwGCGOBy7sbCYq 9eVHh1Iy2M+SNXddVOGw5EuruvHoCIQyOz5Lz4zSuZA9dRbrfztNOpezCNYu6NKM n+hzcvdiyxv77uNm8EaxAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBQSQG3TmMe6Sa3KufaPBa72v4QFDzAfBg ----- BEGIN CERTIFICATE ----- MIID / DCCAuSgAwIBAgIBQzANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCVVMx EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxIjAgBgNVBAoM GUFtYXpvbiBXZWIgU2VydmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMx GzAZBgNVBAMMEkFtYXpvbiBSRFMgUm9vdCBDQTAeFw0xNTAyMDUyMTU0MDRaFw0y MDAzMDUyMTU0MDRaMIGPMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3Rv bjEQMA4GA1UEBwwHU2VhdHRsZTEiMCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNl cywgSW5jLjETMBEGA1UECwwKQW1hem9uIFJEUzEgMB4GA1UEAwwXQW1hem9uIFJE UyB1cy1lYXN0LTEgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI UIuwh8NusKHk1SqPXcP7OqxY3S / M2ZyQWD3w7Bfihpyyy / fc1w0 / suIpX3kbMhAV 2ESwged2 / 2zSx4pVnjp / 493r4luhSqQYzru78TuPt9bhJIJ51WXunZW2SWkisSaf USYUzVN9ezR / bjXTumSUQaLIouJt3OHLX49s + 3NAbUyOI8EdvgBQWD68H1epsC0n CI5s + pIktyOZ59c4DCDLQcXErQ + tNbDC ++ oct1ANd / q8p9URonYwGCGOBy7sbCYq 9eVHh1Iy2M + SNXddVOGw5EuruvHoCIQyOz5Lz4zSuZA9dRbrfztNOpezCNYu6NKM n + hzcvdiyxv77uNm8EaxAgMBAAGjZjBkMA4GA1UdDwEB / wQEAwIBBjASBgNVHRBAfGECAQA7B NV HSMEGDAWgBROAu6sPvYVyEztLPUFwY+chAhJgzANBgkqhkiG9w0BAQUFAAOCAQEA L/mOZfB3187xTmjOHMqN2G2oSKHBKiQLM9uv8+97qT+XR+TVsBT6b3yoPpMAGhHA Pc7nxAF5gPpuzatx0OTLPcmYucFmfqT/1qA5WlgCnMNtczyNMH97lKFTNV7Njtek jWEzAEQSyEWrkNpNlC4j6kMYyPzVXQeXUeZTgJ9FNnVZqmvfjip2N22tawMjrCn5 7KN/zN65EwY2oO9XsaTwwWmBu3NrDdMbzJnbxoWcFWj4RBwanR1XjQOVNhDwmCOl /1Et13b8CPyj69PC8BOVU6cfTSx8WUVy0qvYOKHNY9Bqa5BDnIL3IVmUkeTlM1mt enRpyBj+Bk9rh/ICdiRKmA== -----END CERTIFICATE----- NV HSMEGDAWgBROAu6sPvYVyEztLPUFwY + chAhJgzANBgkqhkiG9w0BAQUFAAOCAQEA L / mOZfB3187xTmjOHMqN2G2oSKHBKiQLM9uv8 + 97qT + XR + TVsBT6b3yoPpMAGhHA Pc7nxAF5gPpuzatx0OTLPcmYucFmfqT / 1qA5WlgCnMNtczyNMH97lKFTNV7Njtek jWEzAEQSyEWrkNpNlC4j6kMYyPzVXQeXUeZTgJ9FNnVZqmvfjip2N22tawMjrCn5 7KN / zN65EwY2oO9XsaTwwWmBu3NrDdMbzJnbxoWcFWj4RBwanR1XjQOVNhDwmCOl / 1Et13b8CPyj69PC8BOVU6cfTSx8WUVy0qvYOKHNY9Bqa5BDnIL3IVmUkeTlM1mt enRpyBj + Bk9rh / ICdiRKmA == ----- END CERTIFICATE -----

So if you extract this segment in a file called, let's say bundle8.pem, you generate your key as follows: 因此,如果将此段提取到名为bundle8.pem的文件中,则会生成密钥,如下所示: 

keytool -import -alias mysqlServerCACert -file bundle8.pem -keystore truststore

The solution for 2) is to set javax.net.ssl.keyStore as a command parameter, for the case of spark-submit, the option should be '--driver-java-options': 2)的解决方案是将javax.net.ssl.keyStore设置为命令参数,对于spark-submit,该选项应为'--driver-java-options': 

spark-submit --deploy-mode cluster --driver-java-options='-Djavax.net.ssl.trustStore=truststore' --files s3://path/to/truststore ..other spark options

Being "truststore" the file generated with the keytool. 作为“信任库”,使用keytool生成的文件。 The --driver-java-options will allow the truststore file to be available on the slaves's environments. --driver-java-options将允许信任库文件在从属环境中可用。

Reference: 参考:

Connecting to an Amazon Aurora DB Cluster: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Connect.html 连接到Amazon Aurora数据库集群: http : //docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Connect.html

Connecting Mysql Java Connector Using SSL https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using-ssl.html 使用SSL连接Mysql Java连接器https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using-ssl.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何配置连接到AWS EMR spark集群的Java客户端 - How to configure Java client connecting to AWS EMR spark cluster (Tomcat)通过SSL连接到MySQL的Java WAR - (Tomcat) Java WAR connecting, via SSL, to MySQL 在Java中连接到AWS EMR集群上的HBase - Connect to HBase on AWS EMR cluster in java JAVA:通过URL的JDBC连接Aurora(mysql)aws - JAVA: JDBC Connection by URL Aurora(mysql) aws 通过SSL与Java连接:基础知识 - Connecting via SSL with Java: The basics 通过AWS Java SDK设置EMR - Setup EMR via AWS Java SDK 使用Java SDK从AWS EMR集群获取主公共DNS值 - Obtain Master public DNS value from AWS EMR Cluster using the Java SDK 在ubuntu上使用Connector / J将MySQL与Java连接时出错 - Error on connecting MySQL with Java with Connector/J on ubuntu 如何在 EMR 集群 AWS 中使用 java runtime 11 - How to use java runtime 11 in EMR cluster AWS 群集故障转移后连接到Aurora-Mysql时出现通信链接故障 - Getting communication Link failure while connecting to Aurora-Mysql after cluster failover
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM