You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@fineract.apache.org by "Piotr Gwiazda (Jira)" <ji...@apache.org> on 2021/12/29 11:53:00 UTC
[jira] [Updated] (FINERACT-1455) Fineract server cannot conntect to MySQL with SSL required
[ https://issues.apache.org/jira/browse/FINERACT-1455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Piotr Gwiazda updated FINERACT-1455:
------------------------------------
Description:
I am trying to run Fineract with Azure Database Flexible Server for MySQL. This requires SSL connections.
I am using Kubernetes deployments. Important parts of configuration below.
I've tried adding *useSsl=true* to *fineract_tenants_url* and also creating *FINERACT_DEFAULT_TENANTDB_CONN_PARAMS* env variable.
{code:java}
apiVersion: apps/v1
kind: Deployment
metadata:
name: fineract-server
labels:
app: fineract-server
spec:
selector:
matchLabels:
app: fineract-server
tier: backend
strategy:
type: Recreate
template:
metadata:
labels:
app: fineract-server
tier: backend
spec:
containers:
- name: fineract-server
image: apache/fineract:latest
resources:
limits:
cpu: "1000m"
memory: "1Gi"
requests:
cpu: "200m"
memory: "0.5Gi"
livenessProbe:
httpGet:
path: /fineract-provider/actuator/health/liveness
port: 8080
initialDelaySeconds: 180
periodSeconds: 1
readinessProbe:
httpGet:
path: /fineract-provider/actuator/health/readiness
port: 8080
initialDelaySeconds: 180
periodSeconds: 1
env:
- name: DRIVERCLASS_NAME
value: org.mariadb.jdbc.Driver
- name: PROTOCOL
value: jdbc
- name: SUB_PROTOCOL
value: mariadb
- name: node_id
value: '1'
- name: fineract_tenants_driver
value: org.mariadb.jdbc.Driver
- name: fineract_tenants_url
value: jdbc:mariadb://{{ .Values.mysqlhost }}:3306/fineract_tenants?useSsl=true
- name: fineract_tenants_uid
valueFrom:
secretKeyRef:
name: fineract-tenants-db-secret
key: username
- name: fineract_tenants_pwd
valueFrom:
secretKeyRef:
name: fineract-tenants-db-secret
key: password
- name: FINERACT_DEFAULT_TENANTDB_HOSTNAME
value: {{ .Values.mysqlhost }}
- name: FINERACT_DEFAULT_TENANTDB_CONN_PARAMS
value: 'useSsl=true'
- name: FINERACT_DEFAULT_TENANTDB_PORT
value: '3306'
- name: FINERACT_DEFAULT_TENANTDB_UID
valueFrom:
secretKeyRef:
name: fineract-tenants-db-secret
key: username
- name: FINERACT_DEFAULT_TENANTDB_PWD
valueFrom:
secretKeyRef:
name: fineract-tenants-db-secret
key: password
- name: FINERACT_DEFAULT_TENANTDB_CONN_PARAMS
value: ''
ports:
- containerPort: 8443
name: fineract-server{code}
Some initial connections are created correctly and FlywayDB is able to create tables in "fineract_tenants" database. However after that there is an exception
{{java.sql.SQLTransientConnectionException: (conn=49) Connections using insecure transport are prohibited while --require_secure_transport=ON }}
Attaching full log.
was:
I am trying to run Fineract with Azure Database Flexible Server for MySQL. This requires SSL connections.
I am using Kubernetes deployments. Important parts of configuration below.
I've tried adding *useSsl=true* to *fineract_tenants_url* and also creating *FINERACT_DEFAULT_TENANTDB_CONN_PARAMS* env variable.
{code:java}
apiVersion: apps/v1
kind: Deployment
metadata:
name: fineract-server
labels:
app: fineract-server
spec:
selector:
matchLabels:
app: fineract-server
tier: backend
strategy:
type: Recreate
template:
metadata:
labels:
app: fineract-server
tier: backend
spec:
containers:
- name: fineract-server
image: apache/fineract:latest
resources:
limits:
cpu: "1000m"
memory: "1Gi"
requests:
cpu: "200m"
memory: "0.5Gi"
livenessProbe:
httpGet:
path: /fineract-provider/actuator/health/liveness
port: 8080
initialDelaySeconds: 180
periodSeconds: 1
readinessProbe:
httpGet:
path: /fineract-provider/actuator/health/readiness
port: 8080
initialDelaySeconds: 180
periodSeconds: 1
env:
- name: DRIVERCLASS_NAME
value: org.mariadb.jdbc.Driver
- name: PROTOCOL
value: jdbc
- name: SUB_PROTOCOL
value: mariadb
- name: node_id
value: '1'
- name: fineract_tenants_driver
value: org.mariadb.jdbc.Driver
- name: fineract_tenants_url
value: jdbc:mariadb://{{ .Values.mysqlhost }}:3306/fineract_tenants?useSsl=true
- name: fineract_tenants_uid
valueFrom:
secretKeyRef:
name: fineract-tenants-db-secret
key: username
- name: fineract_tenants_pwd
valueFrom:
secretKeyRef:
name: fineract-tenants-db-secret
key: password
- name: FINERACT_DEFAULT_TENANTDB_HOSTNAME
value: {{ .Values.mysqlhost }}
- name: FINERACT_DEFAULT_TENANTDB_CONN_PARAMS
value: 'useSsl=true'
- name: FINERACT_DEFAULT_TENANTDB_PORT
value: '3306'
- name: FINERACT_DEFAULT_TENANTDB_UID
valueFrom:
secretKeyRef:
name: fineract-tenants-db-secret
key: username
- name: FINERACT_DEFAULT_TENANTDB_PWD
valueFrom:
secretKeyRef:
name: fineract-tenants-db-secret
key: password
- name: FINERACT_DEFAULT_TENANTDB_CONN_PARAMS
value: ''
ports:
- containerPort: 8443
name: fineract-server{code}
Some initial connections are created correctly and FlywayDB is able to create tables in "fineract_tenants" database. However after that there is an exception
> Fineract server cannot conntect to MySQL with SSL required
> ----------------------------------------------------------
>
> Key: FINERACT-1455
> URL: https://issues.apache.org/jira/browse/FINERACT-1455
> Project: Apache Fineract
> Issue Type: Bug
> Components: Deployment
> Affects Versions: 1.5.0
> Reporter: Piotr Gwiazda
> Priority: Major
>
> I am trying to run Fineract with Azure Database Flexible Server for MySQL. This requires SSL connections.
> I am using Kubernetes deployments. Important parts of configuration below.
> I've tried adding *useSsl=true* to *fineract_tenants_url* and also creating *FINERACT_DEFAULT_TENANTDB_CONN_PARAMS* env variable.
> {code:java}
> apiVersion: apps/v1
> kind: Deployment
> metadata:
> name: fineract-server
> labels:
> app: fineract-server
> spec:
> selector:
> matchLabels:
> app: fineract-server
> tier: backend
> strategy:
> type: Recreate
> template:
> metadata:
> labels:
> app: fineract-server
> tier: backend
> spec:
> containers:
> - name: fineract-server
> image: apache/fineract:latest
> resources:
> limits:
> cpu: "1000m"
> memory: "1Gi"
> requests:
> cpu: "200m"
> memory: "0.5Gi"
> livenessProbe:
> httpGet:
> path: /fineract-provider/actuator/health/liveness
> port: 8080
> initialDelaySeconds: 180
> periodSeconds: 1
> readinessProbe:
> httpGet:
> path: /fineract-provider/actuator/health/readiness
> port: 8080
> initialDelaySeconds: 180
> periodSeconds: 1
> env:
> - name: DRIVERCLASS_NAME
> value: org.mariadb.jdbc.Driver
> - name: PROTOCOL
> value: jdbc
> - name: SUB_PROTOCOL
> value: mariadb
> - name: node_id
> value: '1'
> - name: fineract_tenants_driver
> value: org.mariadb.jdbc.Driver
> - name: fineract_tenants_url
> value: jdbc:mariadb://{{ .Values.mysqlhost }}:3306/fineract_tenants?useSsl=true
> - name: fineract_tenants_uid
> valueFrom:
> secretKeyRef:
> name: fineract-tenants-db-secret
> key: username
> - name: fineract_tenants_pwd
> valueFrom:
> secretKeyRef:
> name: fineract-tenants-db-secret
> key: password
> - name: FINERACT_DEFAULT_TENANTDB_HOSTNAME
> value: {{ .Values.mysqlhost }}
> - name: FINERACT_DEFAULT_TENANTDB_CONN_PARAMS
> value: 'useSsl=true'
> - name: FINERACT_DEFAULT_TENANTDB_PORT
> value: '3306'
> - name: FINERACT_DEFAULT_TENANTDB_UID
> valueFrom:
> secretKeyRef:
> name: fineract-tenants-db-secret
> key: username
> - name: FINERACT_DEFAULT_TENANTDB_PWD
> valueFrom:
> secretKeyRef:
> name: fineract-tenants-db-secret
> key: password
> - name: FINERACT_DEFAULT_TENANTDB_CONN_PARAMS
> value: ''
> ports:
> - containerPort: 8443
> name: fineract-server{code}
>
> Some initial connections are created correctly and FlywayDB is able to create tables in "fineract_tenants" database. However after that there is an exception
> {{java.sql.SQLTransientConnectionException: (conn=49) Connections using insecure transport are prohibited while --require_secure_transport=ON }}
> Attaching full log.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)