无法从Spark应用程序连接到启用SSL的mongo集群

时间:2019-06-28 21:17:06

标签: mongodb scala apache-spark ssl

我正在尝试从Spark应用程序连接到启用SSL的mongo群集。我正在尝试使用自签名证书,并收到以下错误。

0

我的读取配置uri看起来像这样:

Exception in monitor thread while connecting to server CLUSTER_NAME
com.mongodb.MongoSocketWriteException: Exception sending message
    at com.mongodb.internal.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:525)
    at com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:413)
    at com.mongodb.internal.connection.InternalStreamConnection.sendCommandMessage(InternalStreamConnection.java:269)
    at com.mongodb.internal.connection.InternalStreamConnection.sendAndReceive(InternalStreamConnection.java:253)
    at com.mongodb.internal.connection.CommandHelper.sendAndReceive(CommandHelper.java:83)
    at com.mongodb.internal.connection.CommandHelper.executeCommand(CommandHelper.java:33)
    at com.mongodb.internal.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:106)
    at com.mongodb.internal.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:63)
    at com.mongodb.internal.connection.InternalStreamConnection.open(InternalStreamConnection.java:127)
    at com.mongodb.internal.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:117)
    at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching CLUSTER_NAME found
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

我想使用自签名证书,例如:

    val uri: String = "mongodb://" + URLEncoder.encode(Login, "UTF-8") + ":" + URLEncoder.encode(Password, "UTF-8") + "@" + cluster + ":27017/" + database + "." + collection + "?authSource=" + (if (authenticationDatabase != "") authenticationDatabase else "admin") + (if (replicaset == null) "" else "&replicaSet=" + replicaset) + "&ssl=true"

我正在使用的环境版本:

火花:2.2.0 蒙哥:3.4

任何帮助将不胜感激。

谢谢!

1 个答案:

答案 0 :(得分:0)

这与建立任何其他SSL连接相同。将您的证书导入密钥库,并使用以下代码引用该密钥库

System.setProperty("javax.net.ssl.trustStore", "keystoreFilefullpath")

System.setProperty("javax.net.ssl.trustStorePassword", "password")

一旦设置了这些参数,则Kafka SSL应该起作用。如果您是从Spark发布的,则必须使用--files选项将密钥库文件上传到驱动程序/执行程序