Uploaded image for project: 'Apache Fineract'
  1. Apache Fineract
  2. FINERACT-1455

Fineract server cannot conntect to MySQL with SSL required

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.5.0
    • None
    • Deployment
    • None

    Description

      I am trying to run Fineract with Azure Database Flexible Server for MySQL. This requires SSL connections.

      I am using Kubernetes deployments. Important parts of configuration below. 

      I've tried adding useSsl=true to fineract_tenants_url and also creating FINERACT_DEFAULT_TENANTDB_CONN_PARAMS env variable.

       apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: fineract-server
        labels:
          app: fineract-server
      spec:
        selector:
          matchLabels:
            app: fineract-server
            tier: backend
        strategy:
          type: Recreate
        template:
          metadata:
            labels:
              app: fineract-server
              tier: backend
          spec:
            containers:
            - name: fineract-server
              image: apache/fineract:latest
              resources:
                limits:
                  cpu: "1000m"
                  memory: "1Gi"
                requests:
                  cpu: "200m"
                  memory: "0.5Gi"
              livenessProbe:
                httpGet:
                  path: /fineract-provider/actuator/health/liveness
                  port: 8080
                initialDelaySeconds: 180
                periodSeconds: 1
              readinessProbe:
                httpGet:
                  path: /fineract-provider/actuator/health/readiness
                  port: 8080
                initialDelaySeconds: 180
                periodSeconds: 1
              env:
              - name: DRIVERCLASS_NAME
                value: org.mariadb.jdbc.Driver
              - name: PROTOCOL
                value: jdbc
              - name: SUB_PROTOCOL
                value: mariadb
              - name: node_id
                value: '1'
              - name: fineract_tenants_driver
                value: org.mariadb.jdbc.Driver
              - name: fineract_tenants_url
                value: jdbc:mariadb://{{ .Values.mysqlhost }}:3306/fineract_tenants?useSsl=true
              - name: fineract_tenants_uid
                valueFrom:
                  secretKeyRef:
                    name: fineract-tenants-db-secret
                    key: username
              - name: fineract_tenants_pwd
                valueFrom:
                  secretKeyRef:
                    name: fineract-tenants-db-secret
                    key: password
              - name: FINERACT_DEFAULT_TENANTDB_HOSTNAME
                value: {{ .Values.mysqlhost }}
              - name: FINERACT_DEFAULT_TENANTDB_CONN_PARAMS
                value: 'useSsl=true'
              - name: FINERACT_DEFAULT_TENANTDB_PORT
                value: '3306'
              - name: FINERACT_DEFAULT_TENANTDB_UID
                valueFrom:
                  secretKeyRef:
                    name: fineract-tenants-db-secret
                    key: username
              - name: FINERACT_DEFAULT_TENANTDB_PWD
                valueFrom:
                  secretKeyRef:
                    name: fineract-tenants-db-secret
                    key: password
              - name: FINERACT_DEFAULT_TENANTDB_CONN_PARAMS
                value: ''
              ports:
              - containerPort: 8443
                name: fineract-server

       

      Some initial connections are created correctly and FlywayDB is able to create tables in "fineract_tenants" database. However after that in tenantDatabaseUpgradeService there is an exception

      java.sql.SQLTransientConnectionException: (conn=49) Connections using insecure transport are prohibited while --require_secure_transport=ON 

      Attaching full log.

      I am using MySQL 8.0.21 as Flyway was failing on 5.7 (as MySQL 5.7 is unsupported). I am using "latest" Docker image of Fineract.

      Attachments

        1. logs.txt
          29 kB
          Piotr Gwiazda

        Activity

          People

            Unassigned Unassigned
            peperg Piotr Gwiazda
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: