drill
drill copied to clipboard
apache
Drill Embedded with TLS: Impossible?
Describe the bug
To secure the communication between client and server, drill-embedded is to be configured with TLS. Following the instructions on the website (https://drill.apache.org/docs/configuring-ssl-tls-for-encryption/) I always get the error message: Error: Failure in connecting to Drill: org.apache.drill.exec.rpc.RpcException: CONNECTION : io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection refused: localhost/127.0.0.1:31010 (state=,code=0)
To Reproduce Steps to reproduce the behavior:
- Download Apache Drill from Drill website
- Create keystore.jks and truststore.jks via
keytool - Create drill-override.conf (see "Additional context" below)
- Start drill-embedded with required "-u" JDBC parameter to define TLS (see "Additional context" below)
- See error
Expected behavior drill-embedded starts without any error message, sqlline interface is available, respective ports (8047, 31010) are bound
Error detail, log output or screenshots
Error: Failure in connecting to Drill: org.apache.drill.exec.rpc.RpcException: CONNECTION : io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection refused: localhost/127.0.0.1:31010 (state=,code=0)
Drill version 1.21.1
Additional context
- drill-override.conf:
drill.exec: {
cluster-id: "drillbits1",
zk.connect: "localhost:2181",
security.user.encryption.ssl.enabled: true,
ssl: {
protocol: "TLSv1.2",
keyStoreType: "JKS",
keyStorePath: "/InstallFolder/apache-drill-1.21.1/conf/keystore.jks",
keyStorePassword: "securePasswd",
keyPassword: "securePasswd",
trustStoreType: "JKS",
trustStorePath: "/InstallFolder/apache-drill-1.21.1/conf/truststore.jks"
trustStorePassword: "securePasswd",
provider: "JDK",
useHadoopConfig: false
}
}
- drill-embedded:
cd /InstallFolder/apache-drill-1.21.1
bin/drill-embedded -u "jdbc:drill:schema=data.query;drillbit=localhost:31010;enableTLS=true;trustStorePath=/InstallFolder/apache-drill-1.21.1/conf/truststore.jks;trustStorePassword=securePasswd"
