Uploaded image for project: 'Debezium'
  1. Debezium
  2. DBZ-8378

AWS DocumentDB SSL support

XMLWordPrintable

    • False
    • None
    • False

      In order to make your issue reports as actionable as possible, please provide the following information, depending on the issue type.

      Bug report

      For bug reports, provide this information, please:

      What Debezium connector do you use and what version?

      2.7

      What is the connector configuration?

      {
      "connector.class": "io.debezium.connector.mongodb.MongoDbConnector",
      "errors.log.include.messages": "true",
      "collection.include.list": "debezium.info",
      "max.queue.size": "500",
      "mongodb.password": "******",
      "mongodb.connection.string": "mongodb://docdb-2024-.cluster-**.*.docdb.amazonaws.com:27018/?tls=true&readPreference=secondaryPreferred&retryWrites=false&replicaSet=rs0",
      "database.history.consumer.sasl.jaas.config": "software.amazon.msk.auth.iam.IAMLoginModulerequired;",
      "tasks.max": "1",
      "schema.history.internal.consumer.sasl.jaas.config": "software.amazon.msk.auth.iam.IAMLoginModulerequired;",
      "capture.mode": "change_streams_update_full_with_pre_image",
      "database.history.producer.sasl.client.callback.handler.class": "software.amazon.msk.auth.iam.IAMClientCallbackHandler",
      "config.providers": "s3import,ssm,sm",
      "connection.ssl.truststore": "${s3import:*:**/rds-truststore.jks}",
      "include.schema.changes": "true",
      "mongodb.ssl.enabled": "true",
      "topic.prefix": "prodcuts.v1",
      "schema.history.internal.kafka.topic": "products.v1.schema-changes.*.1",
      "mongodb.authsource": "admin",
      "value.converter": "org.apache.kafka.connect.json.JsonConverter",
      "mongodb.ssl.truststore.password": "***",
      "errors.log.enable": "true",
      "mongodb.auth.source": "admin",
      "key.converter": "org.apache.kafka.connect.json.JsonConverter",
      "schema.history.internal.producer.sasl.mechanism": "AWS_MSK_IAM",
      "database.history.producer.sasl.mechanism": "AWS_MSK_IAM",
      "database.history.producer.sasl.jaas.config": "software.amazon.msk.auth.iam.IAMLoginModulerequired;",
      "schema.history.internal.consumer.sasl.client.callback.handler.class": "software.amazon.msk.auth.iam.IAMClientCallbackHandler",
      "connection.ssl.truststorePassword": "**",
      "mongodb.ssl.ca.certificate.file": "${s3import:a*:**/global-bundle.pem}",
      "database.server.id": "5051",
      "schema.history.internal.producer.sasl.client.callback.handler.class": "software.amazon.msk.auth.iam.IAMClientCallbackHandler",
      "mongodb.user": "debezium",
      "offset.flush.timeout.ms": "60000",
      "schema.history.internal.kafka.bootstrap.servers": "*.kafka..amazonaws.com=9098.kafka..amazonaws.com=9098..amazonaws.com=9098",
      "offset.flush.interval.ms": "1000",
      "config.providers.s3import.param.region": "**",
      "key.converter.schemas.enable": "false",
      "mongodb.ssl.invalidHostnameAllowed": "true",
      "value.converter.schemas.enable": "false",
      "schema.history.internal.consumer.sasl.mechanism": "AWS_MSK_IAM",
      "schema.history.internal.producer.sasl.jaas.config": "software.amazon.msk.auth.iam.IAMLoginModulerequired;",
      "mongodb.ssl.invalid.hostname.allowed": "true",
      "max.batch.size": "100",
      "config.providers.s3import.class": "com.amazonaws.kafka.config.providers.S3ImportConfigProvider",
      "database.history.consumer.sasl.mechanism": "AWS_MSK_IAM",
      "database.include.list": "debezium",
      "snapshot.mode": "no_data"
      }

      What is the captured database version and mode of deployment?

      (E.g. on-premises, with a specific cloud provider, etc.)

      AWS MSK 2.7.1 connector

      What behavior do you expect?

      connector should successfully connect with AWS Document DB

      What behavior do you see?

      even though using s3import truststore.jks file is imported to tmp/truststore.jks but still getting below socket exception

      Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

       

      INFO Exception in monitor thread while connecting to server docdb-2024-48.cluster.ap-s***.docdb.amazonaws.com:27018 (org.mongodb.driver.cluster:76)

      No server chosen by ReadPreferenceServerSelector{readPreference=primary} from cluster description ClusterDescription{type=REPLICA_SET, connectionMode=MULTIPLE, serverDescriptions=[ServerDescription{address=docdb-2024-1*1-48.cluster-*.ap-**.docdb.amazonaws.com:27018, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out (org.mongodb.driver.cluster:71)

      Do you see the same behaviour using the latest released Debezium version?

      (Ideally, also verify with latest Alpha/Beta/CR version)

      YES

      Do you have the connector logs, ideally from start till finish?

      (You might be asked later to provide DEBUG/TRACE level log)

      YES

      How to reproduce the issue using our tutorial deployment?

      try to connect with any AWS documentDB.

      Feature request or enhancement

      For feature requests or enhancements, provide this information, please:

      Which use case/requirement will be addressed by the proposed feature?

      <Your answer>

      Implementation ideas (optional)

      <Your answer>

              Unassigned Unassigned
              rhlingesh Lingesh M
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: