MySQL 8.x with SSL Developer Testing
- Jorge Hernandez
These are some notes to test mysql 8.x using the docker-compose set up from the CSITs:
https://git.onap.org/policy/docker/tree/csit/docker-compose-all.yml
Replace mariadb components in docker-compose-all.yml with:
mariadb replacement
mariadb:
image: mysql/mysql-server
command: ['--lower-case-table-names=1', '--wait_timeout=28800', '--default-authentication-plugin=mysql_native_password', '--require_secure_transport=ON']
container_name: mariadb
hostname: mariadb
env_file: config/db/db.conf
volumes:
- ./config/db:/docker-entrypoint-initdb.d:ro
expose:
- 3306
db-migrator only need changes in the environment variables to use the ssl flag in the script for mysql cli tool it the config/db/db.conf file.
DB Migrator component: config/db/db.conf
...
MYSQL_CMD=mysql --ssl
API configuration changes like this in config/api/apiParameters.yaml
API component configuration: config/api/apiParameters.yaml
datasource:
url: jdbc:mariadb://mariadb:3306/policyadmin?useSSL=true&disableSslHostnameVerification=true&trustServerCertificate=true
driverClassName: org.mariadb.jdbc.Driver
username: XXXXXX
password: XXXXX
hikari:
maximumPoolSize: 20
jpa:
properties:
hibernate:
dialect: org.hibernate.dialect.MySQL8Dialect
hibernate:
ddl-auto: none
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
Similaly PAP configuration changes in config/pap/papParameters.yaml to:
PAP component configuration: papParameters.yaml
XACML-PDP should mount a guard config/xacml/xacml.properties with these properties:
XACML-PDP component Guard configuration: config/xacml/xacml.properties
For the guard xacml.properties to to be mounted have this set in the docker-compose.yaml
docker compose: xacml volume
For drools-applications component have the config/drools-applications/env/base.conf containing these environment variables: