Cloudera Docs

Database setup details for Streams Messaging Manager for TLS 1.2/TCPS-enabled databases

Learn how you can configure Streams Messaging Manager (SMM) to securely connect to its database using TLS 1.2 when installing a new cluster.

When installing a new cluster, Streams Messaging Manager’s database connection is set up during the Setup Database step of the Add Cluster - Configuration wizard. Complete the following when you reach this step in the wizard to configure TLS 1.2.

  • Ensure that TLS 1.2 has already been enabled on the SMM database.
  • Ensure that a truststore file containing the database certificate is available on the SMM hosts. Additionally, ensure that you know the location of the file and that the user SMM runs as has access to the file. The default user for SMM is streamsmsgmgr.
  1. Select the appropriate database type from the Type drop-down list.
  2. Select yes from the Use JDBC URL Override drop-down list.
  3. Enter the database username and password you set up for SMM in the Username and Password fields.
    The username and password you must enter are set up in a previous step of the installation. For more information, see Configuring the Database for Streaming Components.
  4. Enter an appropriate JDBC URL in the JDBC URL field.
    The JDBC URL must contain all necessary properties needed for SMM to establish a secure connection with its database. Use the following templates to construct the JDBC URL.
    MySQL
    jdbc:mysql://[***DB HOST***]:[***DB PORT***]/[***DB NAME***]?useSSL=true&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE PASSWORD***]&enabledTLSProtocols=TLSv1.2
    PostgreSQL
    jdbc:postgresql://[***DB HOST***]:[***DB PORT***]/[***DB NAME***]?useSSL=true&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE PASSWORD***]&enabledTLSProtocols=TLSv1.2
    Oracle
    jdbc:oracle:thin:@tcps://[***DB HOST***]:[***DB PORT***]/[***DB NAME***]?javax.net.ssl.trustStore=[***TRUSTSTORE PATH***]&javax.net.ssl.trustStorePassword=[***TRUSTSTORE PASSWORD***]&oracle.net.ssl_server_dn_match=false
    • Replace [***DB HOST***], [***DB PORT***], and [***DB NAME***] with the host, port, and name of the database.
    • Replace [***TRUSTSTORE PATH***] with the full path to a truststore that contains the database certificate. The truststore must be available on the host that SMM is deployed on. Additionally, the user that the SMM service runs as, default is streamsmsgmgr, must have access to the file.
    • Replace [***TRUSTSTORE PASSWORD***] with the password used to access the truststore you specify in [***TRUSTSTORE PATH***].
  5. Click Test Connection.
    If the connection test fails, review your configuration, fix any errors, and rerun the connection test.
  6. Click Continue to continue with cluster installation.
The SMM service establishes a secure connection with its database.