Open HelLViS69 opened 1 month ago
Looks like your database server requires SSL to connect, right?
If that is the case you'll need to configure passbolt to use the SSL certificates to communicate with your database. Check the following env vars: https://github.com/passbolt/passbolt_api/blob/727e938c35dbbd43f798f36bbfba25898d8ae7b5/config/app.default.php#L343C13-L345C63
You'll have to mount the certificates in your passbolt container using the extraVolumes and extraVolumeMounts. Then passbolt should be able to connect.
If you want to use the mariadb cli you'll have to pass certain parameters to use SSL https://mariadb.com/kb/en/securing-connections-for-client-and-server/
Yes, it requires SSL, but I don't find any configuration in values.yml to pass. The database btw is the one installed by passbolt chart using default bitnami/mariadb
Please share your values.yaml
I'm using K3s, so the values.yaml is wrapped in the following CRD:
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
namespace: kube-system
name: passbolt
spec:
valuesContent: |-
redis:
auth:
password: "xxx"
mariadb:
auth:
username: "passbolt"
password: "yyy"
replicationPassword: "zzz"
passboltEnv:
plain:
APP_FULL_BASE_URL: "https://passbolt.local"
PASSBOLT_KEY_EMAIL: "passbolt@yourdomain.com"
PASSBOLT_SSL_FORCE: false
EMAIL_DEFAULT_FROM: "no-reply@passbolt.local"
secret:
CACHE_CAKE_DEFAULT_PASSWORD: "xxx"
DATASOURCES_DEFAULT_USERNAME: "passbolt"
DATASOURCES_DEFAULT_PASSWORD: "yyy"
I just saw that there's an additional configuration I didn't try yet:
app:
tls:
autogenerate: false
existingSecret: ""
This could be af any help?
I did also see this with a vanilla setup with MariaDB from the chart.
Anyways, I got it to work in the pod shell with mariadb --skip-ssl ...
. It seems the default switched from ssl=off to on some time ago.
Looks like your database server requires SSL to connect, right?
No, the message actually says that the server does not support SSL but the client wants to use SSL.
I managed to get passbolt-depl-srv's init script to go through by patching the deployment to change the config file that is written to /tmp/defaultsfile.cnf to contain ssl = off:
cat <<-EOF > /tmp/defaultsfile.cnf
[client]
ssl = off
user=${DATASOURCES_DEFAULT_USERNAME}
password=${DATASOURCES_DEFAULT_PASSWORD}
host=${DATASOURCES_DEFAULT_HOST}
connect-timeout=2
EOF
Switching over to PostgreSQL was much smoother...
on templates/deployment.yaml, on line 64, add --skip-ssl change from: while ! ${client} --defaults-file=/tmp/defaultsfile.cnf -e "SELECT 1" --skip-ssl > /dev/null 2>&1; do to: while ! ${client} --defaults-file=/tmp/defaultsfile.cnf -e "SELECT 1" > /dev/null 2>&1; do
I think the correct should be enable SSL on mariadb, someone could help on this ?
I'm also stuck on the same thing
Same thing
Hello, as title says the installation remains stuck at "waiting on database connection".
After entering the pod "passbolt-depl-srv" and open a shell in the init container "passbolt-depl-srv-init", I tried the connection to MariaDB and this is the result:
I also tried to pass PASSBOLT_SSL_FORCE to false but didn't help