Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MySQL connection issue since 3.0.68 version #191

Open
mouglou opened this issue Jan 13, 2025 · 2 comments
Open

MySQL connection issue since 3.0.68 version #191

mouglou opened this issue Jan 13, 2025 · 2 comments

Comments

@mouglou
Copy link

mouglou commented Jan 13, 2025

Hello !

Following my message in an other trade, I create dedicated issue to avoid too much noise on the other one.

So yes, as reminder, the issue is since the update to 3.0.68 version of the provider, we have connection issue with our MariaDB cluster.

If you set the provider to 3.0.67, the job is well executed, and database created. But not with the 3.0.68 version and after.

Provider version

3.0.68 and later

MySQL version and settings

mysql --version
mysql  Ver 15.1 Distrib 10.4.28-MariaDB, for Linux (x86_64) using readline 5.1

Terraform Configuration Files

resource "mysql_database" "test" {
  name                  = "testuser1"
  default_character_set = "utf8"
  default_collation     = "utf8_general_ci"
  lifecycle {
    prevent_destroy = true
  }
}

terraform {
  required_providers {
    mysql = {
      source = "petoju/mysql"
    }
  }
}

provider "mysql" {
  endpoint = "fqdn.domain.local"
  username = "user"
  password = "password"
  tls      = true
}

Debug Output

https://gist.github.com/mouglou/1137d0dec6a521f3f92eca0d91cec34b

By setting TF_LOG=debug:
2025-01-10T18:23:18.790Z [ERROR] provider.terraform-provider-mysql_v3.0.68: Response contains error diagnostic: @module=sdk.proto tf_provider_addr=provider tf_rpc=ReadResource diagnostic_severity=ERROR diagnostic_summary="failed to connect to MySQL: could not create new connection: could not connect to server: remote error: tls: handshake failure" tf_proto_version=5.7 tf_req_id=92f0618d-f50e-bed6-1652-08199fe8bebf @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:58 diagnostic_detail= tf_resource_type=mysql_database timestamp=2025-01-10T18:23:18.790Z

If you set the provider back to the 3.0.67 version, no more issue. Job is succeeded.

Expected Behavior

What should have happened?
Creating/refreshing the state of MySQL schema

Actual Behavior

What actually happened?
Not able to connect to the cluster

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply

References
@mouglou
Copy link
Author

mouglou commented Jan 13, 2025
edited
Loading

As you said, I try the same job by adding this variable:
export GODEBUG=tlsrsakex=1

And yes, by adding this one in our pipeline, the job is doing good.

Is the variable can be added in a native way in the provider itself to ensure a better compatibility ?

@petoju
Copy link
Owner

petoju commented Jan 31, 2025

@mouglou sorry, I missed the update here.

Yes, we just need to add support of those ciphers to mysql/provider.go
My suggestion is to add some new value here[1] and check it later similar to how custom_tls works. The config would be like allow-weak to allow weak ciphers. I certainly wouldn't like to allow it globally.

[1] https://github.com/petoju/terraform-provider-mysql/blob/master/mysql/provider.go#L127

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@petoju @mouglou