I am using a Databricks Shared Compute Cluster (DBR 15.2) to connect to an Oracle DB using the JDBC Driver. For the connection, I need to specify the trust store location. My preferred option would be to have the trust store in a Volume. I get an error stating the the file can not be found even though it is there.
This is my current code to connect to Oracle:
url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(PORT=xxxx)(HOST=xxxx))(CONNECT_DATA=(SID=xxx)))"
df = (
spark.read.format("jdbc")
.option("url", url)
.option("dbTable", "schema.table")
.option("user", "user")
.option("password", dbutils.secrets.get(scope = "oracle", key = "password"))
.option("driver", "oracle.jdbc.driver.OracleDriver")
.option("fetchsize", 2000)
.option("javax.net.ssl.trustStoreType", "JKS")
.option("javax.net.ssl.trustStore", "/Volumes/test_catalog/test_schema/test_volume/oracle_truststore.jks")
.option("javax.net.ssl.trustStorePassword", dbutils.secrets.get(scope = "oracle", key = "truststore_pw"))
.load()
)
I get the following error:
(java.sql.SQLRecoverableException) IO Error: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, Authentication lapse 0 ms.
I can see the trust store when I use ls
:
%sh
ls /Volumes/test_catalog/test_schema/test_volume
oracle_truststore.jks
I am the Owner of the file and have the needed permissions.
Does anyone know, what I am doing wrong or what might work?
As a workaround, I have stored the trust store in dbfs. But this solution only works with Personal Compute Clusters as the dbfs is not available on Shared Compute Cluster. Anyway I would prefer not to have the file in the dbfs as I cannot control the access.
I have tried different combinations with the following outcome. It is the same file in the dbfs and in the Volume.
x | personal compute | shared compute |
---|---|---|
dbfs | works | Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target |
Volumes | java.nio.file.FileSystemException: /Volumes/test_catalog/test_schema/test_volume/oracle_truststore.jks: Operation not permitted | Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target |