I was able to insert the mongodb v5.5.1 sync/core into the drill/jars/3rdparty directory which it seems to be start using, according to my info logging output but didn't seem to help give any new capabilities that I can tell, plus ended up giving me some other bson looking java error.
I also tried setting those JAVA OPTS mentioned above as DRILL_OPS in the drill-env.sh, but still haven't seen that work just yet. --daniel -- On Tue, Jul 15, 2025 at 1:07 PM Charles Givre <cgi...@gmail.com> wrote: > @Maksym, > This seems like something we should fix. Would updating the Mongo client > solve this? > Best, > — C > > On Jul 15, 2025, at 13:18, Rumar, Maksym <maksym.ru...@hpe.com.invalid> > wrote: > > I've checked the MongoDB Client(mongodb-driver-sync:4.11.1) source code > that Drill uses and found that the client actually doesn't support either > 'tlsallowinvalidcertificates' or 'tlscertificatekeyfile'. > > In theory, you can try to use the following Java system options: > 'javax.net.ssl.trustStore', 'javax.net.ssl.trustStorePassword', > 'javax.net.ssl.trustStoreType' to let the MongoDB client pick up the SSL > certificate you need. > ________________________________ > Від: Daniel Goolsby <danielgool...@gmail.com> > Надіслано: 15 липня 2025 р. 17:41 > Кому: user@drill.apache.org <user@drill.apache.org> > Тема: Re: mongo server with 3rd party certs > > I specified tlsCertificateKeyFile=/path/client.pem, but in the drill debug > output it just shows: > > time [something] WARN org.mongodb.driver.uri - Connection string contains > unsupported option 'tlscertificatekeyfile' > time [something] WARN org.mongodb.driver.uri - Connection string contains > unsupported option 'tlsallowinvalidcertifcates' > > my connection string indeed has the case sensitive names in there, the log > just lowercases them. > > it seems like the connection string doesn't allow or isn't parsing those > values. > > > > On Tue, Jul 15, 2025 at 8:52 AM Rumar, Maksym <maksym.ru...@hpe.com.invalid > > > wrote: > > Hi Daniel, > > You mentioned that you tried to use ssl option in the connection string. > You can also use various other options to specify the client certificate > and root certificate of the MongoDB: > > > https://urldefense.com/v3/__https://www.mongodb.com/docs/manual/reference/connection-string-options/*connection-options__;Iw!!NpxR!gPiXDMAbffgXF3U-nmdc5DMI66wOGvnzenmo-R7xJ1_MwyyAXQJpDwHztdPuDbM89HZpfa3wZhCT--8VVkC9tnA$ > > MongoDB connection string has a bunch of options to configure TLS/SSL > connection: > > * > tlsCAFile > * > tlsCertificateKeyFile > * > * > tlsCertificateKeyFilePassword > > Try to use them. Also, for debugging and testing purposes, you can try to > disable some validations: > > * > tlsAllowInvalidCertificates > * > * > tlsAllowInvalidHostnames > * > * > tlsInsecure > > Regards, > Maksym > > ________________________________ > Від: Daniel Goolsby <danielgool...@gmail.com> > Надіслано: 15 липня 2025 р. 16:01 > Кому: user@drill.apache.org <user@drill.apache.org> > Тема: mongo server with 3rd party certs > > I'm realy new to apache drill, hoping that it can suit my needs. quick > brief: i'm trying to use apache superset > drill > mongo.. I have a working > mongo cluster with dns srv records that work for fine for being fed with > telegraf, ansible, misc other clients. I'm coming up short trying to > configure the Mongo storage plugin for drill for my cluster that uses 3rd > party server certs with client ssl trust from trusted ca's. > > I've tried just using ssl=true in my connection string, but i need to be > able to provide a custom client cert. > > from the docs: > > > https://urldefense.com/v3/__https://drill.apache.org/docs/mongodb-storage-plugin/__;!!NpxR!gNKkG4YnZ66fgN11--ccTbttezRRNtIDFNY6Y8wXjfcPI7JpTnmh2JJKT465k4eCerKnC4zYCQnMXhuplC1B2O0$ > > it says i should be able to use the standard connection string format - but > those options aren't valid. I know java things like keytool exist, so i've > tried setting various JAVA_OPTS to create/specify keystores and > truststores, but I cannot seem to get drill to try ssl on the mongo > connection. > > the mongo server logs just hint that the connection only supports ssl, > failing whatever client connection that drill is trying to make. > > any suggestions? > > -- > --daniel > -- > > > > -- > --daniel > -- > > >
