search

apache / drill

Apache Drill is a distributed MPP query layer for self describing data
https://drill.apache.org/
Apache License 2.0
1.93k stars 980 forks source link

Drill Embedded with TLS: Impossible? #2816

Open thinkORo opened 1 year ago

thinkORo commented 1 year ago

Describe the bug To secure the communication between client and server, drill-embedded is to be configured with TLS. Following the instructions on the website (https://drill.apache.org/docs/configuring-ssl-tls-for-encryption/) I always get the error message: Error: Failure in connecting to Drill: org.apache.drill.exec.rpc.RpcException: CONNECTION : io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection refused: localhost/127.0.0.1:31010 (state=,code=0)

To Reproduce Steps to reproduce the behavior:

  1. Download Apache Drill from Drill website
  2. Create keystore.jks and truststore.jks via keytool
  3. Create drill-override.conf (see "Additional context" below)
  4. Start drill-embedded with required "-u" JDBC parameter to define TLS (see "Additional context" below)
  5. See error

Expected behavior drill-embedded starts without any error message, sqlline interface is available, respective ports (8047, 31010) are bound

Error detail, log output or screenshots Error: Failure in connecting to Drill: org.apache.drill.exec.rpc.RpcException: CONNECTION : io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection refused: localhost/127.0.0.1:31010 (state=,code=0)

Drill version 1.21.1

Additional context

  1. drill-override.conf: 
    drill.exec: {
cluster-id: "drillbits1",
zk.connect: "localhost:2181",
security.user.encryption.ssl.enabled: true,
ssl: {
protocol: "TLSv1.2",
keyStoreType: "JKS",
keyStorePath: "/InstallFolder/apache-drill-1.21.1/conf/keystore.jks",
keyStorePassword: "securePasswd",
keyPassword: "securePasswd",
trustStoreType: "JKS",
trustStorePath: "/InstallFolder/apache-drill-1.21.1/conf/truststore.jks"
trustStorePassword: "securePasswd",
provider: "JDK",
useHadoopConfig: false
}
}
  2. drill-embedded: 
    cd /InstallFolder/apache-drill-1.21.1
bin/drill-embedded -u "jdbc:drill:schema=data.query;drillbit=localhost:31010;enableTLS=true;trustStorePath=/InstallFolder/apache-drill-1.21.1/conf/truststore.jks;trustStorePassword=securePasswd"