使用 MuleSoft RTF EKS 访问 AWS DB
Access AWS DB using MuleSoft RTF EKS
MuleSoft 版本:4.3.0
AWS-RTF EKS
数据库:AWS RDS (Aurora MySQL) 5.7
能够从anypoint studio成功连接到AWS DB,但无法从RTF EKS Pod连接。
org.mule.runtime.api.connection.ConnectionException: Could not obtain connection from data source
Caused by: org.mule.db.commons.shaded.api.exception.connection.ConnectionCreationException: Could not obtain connection from data source
Caused by: org.mule.runtime.extension.api.exception.ModuleException: java.sql.SQLException: Cannot get connection for URL jdbc:mysql://<host>:3306/DBNAME?verifyServerCertificate=false&useSSL=true&requireSSL=true : Communications link failure
The last packet successfully received from the server was 99 milliseconds ago. The last packet sent successfully to the server was 94 milliseconds ago.
Caused by: java.sql.SQLException: Cannot get connection for URL jdbc:mysql://<host>:3306/DBNAME?verifyServerCertificate=false&useSSL=true&requireSSL=true : Communications link failure
我可以通过使用 --image=mysql:5.7 创建默认 pod 从 EKS 访问数据库。但不是来自 MuleSoft App。
尝试过的用例:
1. verifyServerCertificate=false&useSSL=true&requireSSL=true
2. verifyServerCertificate=true&useSSL=true&requireSSL=true. (passing truststore in java arguments )
-Djavax.net.ssl.trustStore=/opt/mule/apps/test-rds/mySqlKeyStore.jks
-Djavax.net.ssl.trustStoreType=JKS
-Djavax.net.ssl.trustStorePassword=xxxxxx
(Generated jks file from .pem file using below commands)
openssl x509 -outform der -in us-west-2-bundle.pem -out us-west-2-bundle.der
keytool -import -alias mysql -keystore mySqlKeyStore -file us-west-2-bundle.der
我还缺少什么?请帮忙
我可以解决这个问题。
通过添加这个 jvm 参数,我开始知道它与 ssl 握手有关。 -M-Djavax.net.debug=ssl
它给出了这样的调试日志
javax.net.ssl|SEVERE|43|[MuleRuntime].uber.03: [test-rds].uber@org.mule.runtime.module.extension.internal.runtime.config.LifecycleAwareConfigurationInstance.testConnectivity:179 @3781e9a3|2021-12-23 09:55:53.715 PST|TransportContext.java:316|Fatal (HANDSHAKE_FAILURE): Couldn't kickstart handshaking (
"throwable" : {
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
enter code here
在完成这个问题后,很明显我需要通过 enabledTLSProtocols=TLSv1.2
所以这是我在数据库配置中传递的参数
<db:connection-properties >
<db:connection-property key="verifyServerCertificate" value="false" />
<db:connection-property key="useSSL" value="true" />
<db:connection-property key="requireSSL" value="true" />
<db:connection-property key="enabledTLSProtocols" value="TLSv1.2" />
</db:connection-properties>
enter code here
即使在添加了 enabledTLSProtocols 标志之后,如果出现错误,请确保数据库版本正确(我遇到了非产品和产品问题)
非生产:MySQL 5.7 运行良好
产品:MySQL 5.6 即使启用了 TLS 协议也无法正常工作。我必须将数据库更新到 5.7 才能正常工作
谢谢,希望对大家有帮助
MuleSoft 版本:4.3.0 AWS-RTF EKS 数据库:AWS RDS (Aurora MySQL) 5.7
能够从anypoint studio成功连接到AWS DB,但无法从RTF EKS Pod连接。
org.mule.runtime.api.connection.ConnectionException: Could not obtain connection from data source
Caused by: org.mule.db.commons.shaded.api.exception.connection.ConnectionCreationException: Could not obtain connection from data source
Caused by: org.mule.runtime.extension.api.exception.ModuleException: java.sql.SQLException: Cannot get connection for URL jdbc:mysql://<host>:3306/DBNAME?verifyServerCertificate=false&useSSL=true&requireSSL=true : Communications link failure
The last packet successfully received from the server was 99 milliseconds ago. The last packet sent successfully to the server was 94 milliseconds ago.
Caused by: java.sql.SQLException: Cannot get connection for URL jdbc:mysql://<host>:3306/DBNAME?verifyServerCertificate=false&useSSL=true&requireSSL=true : Communications link failure
我可以通过使用 --image=mysql:5.7 创建默认 pod 从 EKS 访问数据库。但不是来自 MuleSoft App。
尝试过的用例:
1. verifyServerCertificate=false&useSSL=true&requireSSL=true
2. verifyServerCertificate=true&useSSL=true&requireSSL=true. (passing truststore in java arguments )
-Djavax.net.ssl.trustStore=/opt/mule/apps/test-rds/mySqlKeyStore.jks
-Djavax.net.ssl.trustStoreType=JKS
-Djavax.net.ssl.trustStorePassword=xxxxxx
(Generated jks file from .pem file using below commands)
openssl x509 -outform der -in us-west-2-bundle.pem -out us-west-2-bundle.der
keytool -import -alias mysql -keystore mySqlKeyStore -file us-west-2-bundle.der
我还缺少什么?请帮忙
我可以解决这个问题。
通过添加这个 jvm 参数,我开始知道它与 ssl 握手有关。 -M-Djavax.net.debug=ssl
它给出了这样的调试日志
javax.net.ssl|SEVERE|43|[MuleRuntime].uber.03: [test-rds].uber@org.mule.runtime.module.extension.internal.runtime.config.LifecycleAwareConfigurationInstance.testConnectivity:179 @3781e9a3|2021-12-23 09:55:53.715 PST|TransportContext.java:316|Fatal (HANDSHAKE_FAILURE): Couldn't kickstart handshaking (
"throwable" : {
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
enter code here
在完成这个问题后,很明显我需要通过 enabledTLSProtocols=TLSv1.2
所以这是我在数据库配置中传递的参数
<db:connection-properties >
<db:connection-property key="verifyServerCertificate" value="false" />
<db:connection-property key="useSSL" value="true" />
<db:connection-property key="requireSSL" value="true" />
<db:connection-property key="enabledTLSProtocols" value="TLSv1.2" />
</db:connection-properties>
enter code here
即使在添加了 enabledTLSProtocols 标志之后,如果出现错误,请确保数据库版本正确(我遇到了非产品和产品问题)
非生产:MySQL 5.7 运行良好
产品:MySQL 5.6 即使启用了 TLS 协议也无法正常工作。我必须将数据库更新到 5.7 才能正常工作
谢谢,希望对大家有帮助