Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error "Backing up the database" with SSL config #10351

Closed
nickdunn opened this issue Jan 11, 2022 · 8 comments
Closed

Error "Backing up the database" with SSL config #10351

nickdunn opened this issue Jan 11, 2022 · 8 comments
Assignees
@angrybrad
Labels
bug

Comments

@nickdunn
Copy link

Description

When I run a project config update, Craft backs up the database. This has been working fine, but I recently updated to 3.7.28 (from 3.7.23) and when I deploy I now see:

2022-01-11T16:23:30.529761721Z Backing up the database ... error: The shell command "mysqldump --defaults-extra-file="/tmp/amvmktvlfncx.cnf" --add-drop-table --comments --create-options --dump-date --no-autocommit --routines --default-character-set=utf8 --set-charset --triggers --no-tablespaces --single-transaction --no-data --result-file="/var/www/craft/storage/backups/uat--2022-01-11-162330--v3.7.28.sql" craftcms && mysqldump --defaults-extra-file="/tmp/amvmktvlfncx.cnf" --add-drop-table --comments --create-options --dump-date --no-autocommit --routines --default-character-set=utf8 --set-charset --triggers --no-tablespaces --no-create-info --ignore-table=craftcms.assetindexdata --ignore-table=craftcms.assettransformindex --ignore-table=craftcms.sessions --ignore-table=craftcms.templatecaches --ignore-table=craftcms.templatecachequeries --ignore-table=craftcms.templatecacheelements --ignore-table=craftcms.cache --ignore-table=craftcms.templatecachecriteria craftcms >> "/var/www/craft/storage/backups/uat--2022-01-11-162330--v3.7.28.sql"" failed with exit code 2: mysqldump: Got error: 9002: "SSL connection is required. Please specify SSL options and retry." when trying to connect

I'm hosted in Azure and we have SSL enabled on the database:

return [
    'driver' => 'mysql',
    'server' => App::env('DB_SERVER'),
    'port' => App::env('DB_PORT'),
    'database' => App::env('DB_DATABASE'),
    'user' => App::env('DB_USER'),
    'password' => App::env('DB_PASSWORD'),
    'password' => App::env('DB_PASSWORD'),
    'tablePrefix' => '',
    'attributes' => App::env('DB_SSL') === '1' ? [
        // https://docs.microsoft.com/en-us/azure/mysql/howto-configure-ssl
        PDO::MYSQL_ATTR_SSL_CA => '/var/www/craft/config/BaltimoreCyberTrustRoot.crt.pem',
        // https://cloud.google.com/sql/docs/mysql/samples/cloud-sql-mysql-pdo-timeout
        PDO::ATTR_TIMEOUT => 240,
        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
    ] : null,
];

Has anything changed recently in Craft that would break this?

Additional info

  • Craft version: 3.7.28
  • PHP version: 8.0
@nickdunn nickdunn added the bug label Jan 11, 2022
@nickdunn
Copy link
Author

I'm going ahead and changing backupOnUpdate config setting to false to see if this lets me deploy... but nothing else has changed that I'm aware of so does feel like a Craft issue.

@angrybrad angrybrad self-assigned this Jan 11, 2022
@angrybrad
Copy link
Member

Nothing in Craft has changed around this in quite a while. I'm guessing something in the local certificate chain on that box has expired or is no longer valid and that's causing SSL not to work from PHP.

Take Craft out of the equation and try writing a simple PHP script that curls out using the same CA file.

@nickdunn
Copy link
Author

nickdunn commented Jan 11, 2022 via email

@angrybrad
Copy link
Member

hrm... possibly, but I just glanced through the last few releases on https://github.com/yiisoft/yii2/blob/master/framework/CHANGELOG.md and nothing is jumping out at me.

Maybe try reaching out to Azure support? If it's a common occurrence, they've probably seen it before and might have some answers.

@okolvik-avento
Copy link
Contributor

Craft 3 doesn't read the SSL settings at all.

cms/src/db/mysql/Schema.php

Line 151 in 43275a6

public function getDefaultBackupCommand(array $ignoreTables = null): string

@okolvik-avento
Copy link
Contributor

okolvik-avento commented Jul 2, 2022
edited

Workaround for alpine (adjust paths for other distros).
I assume you use BaltimoreCyberTrustRoot since it's azure.
Create /etc/my.cnf.d/client-ssl.cnf

[client]
ssl-ca=/path/to/BaltimoreCyberTrustRoot.crt.pem

30.01.2023 - This method no longer works due to craft changing to using --defaults-file

@erickertzvfc erickertzvfc mentioned this issue Oct 6, 2022
Closed
@okolvik-avento okolvik-avento mentioned this issue Jan 30, 2023
Closed
@angrybrad angrybrad mentioned this issue Feb 3, 2023
Merged
@brandonkelly
Copy link
Member

This is fixed now for the next Craft 3 and 4 releases, via #12596. Thanks @okolvik-avento!

@brandonkelly
Copy link
Member

Craft 3.7.64 and 4.3.7 have been released with that fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@angrybrad angrybrad

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nickdunn @brandonkelly @angrybrad @okolvik-avento