amazon-rdsamazon-eksmulesoftanypoint-rtf

Access AWS DB using MuleSoft RTF EKS

MuleSoft version: 4.3.0 AWS-RTF EKS DB: AWS RDS (Aurora MySQL) 5.7

Able to connect to AWS DB from anypoint studio successfully, but unable to connect from RTF EKS Pod.

org.mule.runtime.api.connection.ConnectionException: Could not obtain connection from data source
Caused by: org.mule.db.commons.shaded.api.exception.connection.ConnectionCreationException: Could not obtain connection from data source
Caused by: org.mule.runtime.extension.api.exception.ModuleException: java.sql.SQLException: Cannot get connection for URL jdbc:mysql://<host>:3306/DBNAME?verifyServerCertificate=false&useSSL=true&requireSSL=true : Communications link failure

The last packet successfully received from the server was 99 milliseconds ago. The last packet sent successfully to the server was 94 milliseconds ago.
Caused by: java.sql.SQLException: Cannot get connection for URL jdbc:mysql://<host>:3306/DBNAME?verifyServerCertificate=false&useSSL=true&requireSSL=true : Communications link failure

I'm able to access the DB from EKS by creating a default pod with --image=mysql:5.7. But not from MuleSoft App.

Use cases tried:

 1. verifyServerCertificate=false&useSSL=true&requireSSL=true
 2. verifyServerCertificate=true&useSSL=true&requireSSL=true. (passing truststore in java arguments )

 -Djavax.net.ssl.trustStore=/opt/mule/apps/test-rds/mySqlKeyStore.jks 
 -Djavax.net.ssl.trustStoreType=JKS 
 -Djavax.net.ssl.trustStorePassword=xxxxxx
 (Generated jks file from .pem file using below commands)

openssl x509 -outform der -in us-west-2-bundle.pem -out us-west-2-bundle.der
keytool -import -alias mysql -keystore mySqlKeyStore -file us-west-2-bundle.der

What else am i missing here ? please help

Solution

  • I'm able to resolve this .

    By adding this jvm argument i came to know that its something related to ssl handshake. -M-Djavax.net.debug=ssl

    It gave debug logs like this

    javax.net.ssl|SEVERE|43|[MuleRuntime].uber.03: [test-rds].uber@org.mule.runtime.module.extension.internal.runtime.config.LifecycleAwareConfigurationInstance.testConnectivity:179 @3781e9a3|2021-12-23 09:55:53.715 PST|TransportContext.java:316|Fatal (HANDSHAKE_FAILURE): Couldn't kickstart handshaking (
"throwable" : {
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
enter code here

    After going through this question its clear that i need to pass enabledTLSProtocols=TLSv1.2

    Why can Java not connect to MySQL 5.7 after the latest JDK update and how should it be fixed? (ssl.SSLHandshakeException: No appropriate protocol)

    So here are the params that i passed in DB Config

    <db:connection-properties >                 
                <db:connection-property key="verifyServerCertificate" value="false" />
                <db:connection-property key="useSSL" value="true" />
                <db:connection-property key="requireSSL" value="true" />
                <db:connection-property key="enabledTLSProtocols" value="TLSv1.2" />
            </db:connection-properties>
enter code here

    Even after adding the enabledTLSProtocols flag ,if you are getting error make sure the DB Version is correct (I had issue with non-prod and prod)

    Non-Prod: MySQL 5.7 worked fine

    Prod: MySQL 5.6 didn't work even with enabledTLSProtocols. I had to update DB to 5.7 to make it work

    Thank you , Hope it helps someone