search

opencast / opencast-docker

Dockerfiles for Opencast
https://quay.io/organization/opencast/
Educational Community License v2.0
41 stars 36 forks source link

ORG_OPENCASTPROJECT_DB_JDBC_URL and useSSL parameter #101

Closed slampunk closed 5 years ago

slampunk commented 5 years ago

I've been having trouble with passing the useSSL=false parameter to the JDBC connection string. E.g. docker run -e "ORG_OPENCASTPROJECT_DB_VENDOR=MySQL" -e "ORG_OPENCASTPROJECT_DB_JDBC_URL=jdbc:mysql://oc-mysql:3306/opencast?useSSL=false" ..other configs... produces

Run opencast_jdbc_trytoconnect Try to connect to DB (1/25) Mon Nov 12 12:43:28 UTC 2018 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

It seems to be the case that the useSSL=false parameter is not appended to the JDBC connection string.

Looking at Dockerfiles/{distribution}/assets/scripts/jdbc.sh, the connection string is parsed with

url=$(awk -F "=" '/org.opencastproject.db.jdbc.url/ {print $2}' etc/custom.properties | tr -d ' ')

Using = as a delimiter, the second column for

ORG_OPENCASTPROJECT_DB_JDBC_URL=jdbc:mysql://oc-mysql:3306/opencast?useSSL=false

results in

jdbc:mysql://oc-mysql:3306/opencast?useSSL.

Instead of only being the bearer of bad news, I come bearing gifts :) An alternative awk command like this should work:

url=$(awk -F "=" '/org.opencastproject.db.jdbc.url/ {url = ""; for (i=2; i <=NF; i++) url = url$i"="; print url}' etc/custom.properties | sed 's/=$//' | tr -d ' ')

The above command (or whatever ends up being accepted) should be applied to ACTIVEMQ_BROKER_URL as that connection string also allows the passing of parameters.

mtneug commented 5 years ago

The following is probably simpler to understand:

url=$(grep "^org.opencastproject.db.jdbc.url" etc/custom.properties | tr -d ' ' | cut -d '=' -f 2-)

Is it OK for you if I include the change for 5.2 and newer or do you need it in an older image?

mtneug commented 5 years ago

ACTIVEMQ_BROKER_URL is not affected; there is no script that checks if ActiveMQ is already available since that is done by Opencast anyway The only other place that uses this command is in the health check script.

mtneug commented 5 years ago

Fixed starting with 5.2.