Doris3.0.4使用paimon catalog连接带ssl证书的s3报错

Viewed 45
3.0 catalog

创建catalog ddl:
CREATE CATALOG paimon_s3 PROPERTIES (
"warehouse" = "s3://dataplat-dev/",
"type" = "paimon",
"s3.secret_key" = "*XXX",
"s3.region" = "us-east-1",
"s3.endpoint" = "https://172.16.7.131:9000",
"s3.access_key" = "xxx",
"paimon.s3.paging.maximum" = "1000",
"paimon.s3.list.version" = "1",
"metadata_refresh_interval_sec" = "60"
);

连接时报错:
org.jkiss.dbeaver.model.sql.DBSQLException: SQL 错误 [1105] [HY000]: UncheckedIOException, msg: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.jkiss.dbeaver.model.impl.jdbc.exec.JDBCStatementImpl.executeStatement(JDBCStatementImpl.java:133)
at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.executeStatement(SQLQueryJob.java:583)
at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.lambda$1(SQLQueryJob.java:492)
at org.jkiss.dbeaver.model.exec.DBExecUtils.tryExecuteRecover(DBExecUtils.java:190)
at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.executeSingleQuery(SQLQueryJob.java:499)
at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.extractData(SQLQueryJob.java:947)
at org.jkiss.dbeaver.ui.editors.sql.SQLEditor$QueryResultsContainer.readData(SQLEditor.java:4100)
at org.jkiss.dbeaver.ui.controls.resultset.ResultSetJobDataRead.lambda$0(ResultSetJobDataRead.java:123)
at org.jkiss.dbeaver.model.exec.DBExecUtils.tryExecuteRecover(DBExecUtils.java:190)
at org.jkiss.dbeaver.ui.controls.resultset.ResultSetJobDataRead.run(ResultSetJobDataRead.java:121)
at org.jkiss.dbeaver.ui.controls.resultset.ResultSetViewer$ResultSetDataPumpJob.run(ResultSetViewer.java:5164)
at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:105)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: java.sql.SQLException: UncheckedIOException, msg: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:129)
at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
at com.mysql.cj.jdbc.StatementImpl.executeInternal(StatementImpl.java:763)
at com.mysql.cj.jdbc.StatementImpl.execute(StatementImpl.java:648)
at org.jkiss.dbeaver.model.impl.jdbc.exec.JDBCStatementImpl.execute(JDBCStatementImpl.java:330)
at org.jkiss.dbeaver.model.impl.jdbc.exec.JDBCStatementImpl.executeStatement(JDBCStatementImpl.java:131)
... 12 more

2 Answers

大佬加我主页微信我们一起看看吧。

得取fe.log的详细堆栈来看,这个报错看着都是 dbeaver 返回的一些信息,看不出啥

阿渊@SelectDB7690

好的。我们想过用paimon catalog的相关参数来禁用ssl校验,但试了多个参数都不生效,官方文档也确实没找到这方面的参数配置说明。包括paimon官方文档也找了好久没找到这块的说明。

网上也能查到starrocks的官方文档中有参数可以禁用ssl的:"aws.s3.enable_ssl" = "false"。

另外,将s3的ssl证书导入到doris主机的cacerts库这条路也验证过,有的环境可以,有的生产环境有些不明原因导致就不行。所以优先还是希望像starrocks或者别的工具那样,可以有参数配置直接禁用掉ssl校验。

fe的日志如下:

2025-06-04 09:41:51,848 WARN (mysql-nio-pool-991|197) [StmtExecutor.executeByLegacy():1159] execute Exception. stmt[545494, 5bed9dc372a14bbb-9e16181f0917a64d]
java.io.UncheckedIOException: org.apache.hadoop.fs.s3a.AWSClientIOException: getFileStatus on s3://dataplat-dev/user.sys: com.amazonaws.SdkClientException: Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target: Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.paimon.privilege.FileBasedPrivilegeManager.getTable(FileBasedPrivilegeManager.java:371) ~[paimon-core-0.8.1.jar:0.8.1]
at org.apache.paimon.privilege.FileBasedPrivilegeManager.getUserTable(FileBasedPrivilegeManager.java:352) ~[paimon-core-0.8.1.jar:0.8.1]
at org.apache.paimon.privilege.FileBasedPrivilegeManager.privilegeEnabled(FileBasedPrivilegeManager.java:118) ~[paimon-core-0.8.1.jar:0.8.1]
at org.apache.paimon.catalog.FileSystemCatalogFactory.create(FileSystemCatalogFactory.java:55) ~[paimon-core-0.8.1.jar:0.8.1]
at org.apache.paimon.catalog.CatalogFactory.createCatalog(CatalogFactory.java:95) ~[paimon-core-0.8.1.jar:0.8.1]
at org.apache.paimon.catalog.CatalogFactory.createCatalog(CatalogFactory.java:66) ~[paimon-core-0.8.1.jar:0.8.1]
at org.apache.doris.datasource.paimon.PaimonExternalCatalog.createCatalogImpl(PaimonExternalCatalog.java:164) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.datasource.paimon.PaimonExternalCatalog.lambda$createCatalog$4(PaimonExternalCatalog.java:156) ~[doris-fe.jar:1.2-SNAPSHOT]
at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?]
at javax.security.auth.Subject.doAs(Subject.java:439) ~[?:?]
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1899) ~[hadoop-common-3.3.6.jar:?]
at org.apache.doris.common.security.authentication.HadoopAuthenticator.doAs(HadoopAuthenticator.java:31) ~[fe-common-1.2-SNAPSHOT.jar:1.2-SNAPSHOT]
at org.apache.doris.datasource.paimon.PaimonExternalCatalog.createCatalog(PaimonExternalCatalog.java:149) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.datasource.paimon.PaimonFileExternalCatalog.initLocalObjectsImpl(PaimonFileExternalCatalog.java:45) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.datasource.ExternalCatalog.initLocalObjects(ExternalCatalog.java:307) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.datasource.ExternalCatalog.makeSureInitialized(ExternalCatalog.java:270) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.datasource.ExternalCatalog.getDbNames(ExternalCatalog.java:573) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.qe.ShowExecutor.handleShowDb(ShowExecutor.java:932) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.qe.ShowExecutor.execute(ShowExecutor.java:323) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.qe.StmtExecutor.handleShow(StmtExecutor.java:2937) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.qe.StmtExecutor.executeByLegacy(StmtExecutor.java:1121) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.qe.StmtExecutor.execute(StmtExecutor.java:642) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.qe.StmtExecutor.queryRetry(StmtExecutor.java:572) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.qe.StmtExecutor.execute(StmtExecutor.java:562) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.qe.ConnectProcessor.executeQuery(ConnectProcessor.java:347) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.qe.ConnectProcessor.handleQuery(ConnectProcessor.java:250) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.qe.MysqlConnectProcessor.handleQuery(MysqlConnectProcessor.java:209) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.qe.MysqlConnectProcessor.dispatch(MysqlConnectProcessor.java:237) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.qe.MysqlConnectProcessor.processOnce(MysqlConnectProcessor.java:417) ~[doris-fe.jar:1.2-SNAPSHOT]
at org.apache.doris.mysql.ReadListener.lambda$handleEvent$0(ReadListener.java:52) ~[doris-fe.jar:1.2-SNAPSHOT]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[?:?]
at java.lang.Thread.run(Thread.java:833) ~[?:?]

yezinong1
Related Questions
Doris Manager搭建存算分离Doris集群,问下选择mysql和内置h2有什么区别?
1 answers
并发查询数过高出现报错,未找到合适配置项
1 answers
ocenbase数据库替代Mysql数据库可以吗
1 answers
doris_fe_query_latency_ms指标问题
增量刷新中会出现维表数据变化后物化视图中出现多条数据的问题么
1 answers
be配置里没找到dirty_decay_ms
1 answers