Friday, August 19, 2022

[FIXED] Why WordPress Helm Chart not able to connect azure MariaDB having SSL enabled?

      , , , ,      No comments   

Issue

I have managed MariaDB with SSL enabled deployed in Azure, and i created a service type "external" named "mysql" within my k8s cluster.

Then i created a secret like follwing :

kubectl create secret generic ca-cert --from-file=ca-cert=./BaltimoreCyberTrustRoot.crt.pem -n app

PS: where i got BaltimoreCyberTrustRoot.crt.pem from :

wget https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt.pem

Then i deployed Wordpress:

helm template wp azure-marketplace/wordpress -n app --create-namespace -f values.yml

where values.yml looks like :

##############################PART1########################
#pvc wordpress
persistence:
  enabled: false

#pvc mariadb
mariadb:
  enabled: false 

externalDatabase:
  host: mysql
  port: 3306
  user: benighil@benighil 
  password: "SomePassword"
  database: bitnami_wordpress

##############################PART2########################
extraEnvVars:
  - name: "WORDPRESS_DATABASE_SSL_CA_FILE"
    value: /tmp/ca-cert

## Additional volume mounts
## Example: Mount CA file
extraVolumeMounts:
  - name: ca-cert
    mountPath: /tmp

## Additional volumes
## Example: Add secret volume
extraVolumes:
 - name: ca-cert
   secret:
     secretName: ca-cert

But the pods logs gives :

wordpress 22:08:07.00 ERROR ==> Could not connect to the database

NOTE1: When i exec into pod, and do : env | grep WORDPRESS_DATABASE_SSL_CA_FILE it gives : WORDPRESS_DATABASE_SSL_CA_FILE=/tmp/ca-cert and when i do cat /tmp/ca-cert it gives its content normally.

NOTE2: The credentials are CORRECT, because when i desable SSL from MariaDB, and delete the whole PART2 from values.yml then it works fine!

Any help please?


Solution

So make sure that the DB exist on the Azure MariaDB server and the second thing is that path is further used by the daemon tmp so certs should not be mounted here, somewhere where the daemon can read.

wordpress 04:19:09.91 INFO  ==> Persisting WordPress installation
/opt/bitnami/scripts/libpersistence.sh: line 51: /tmp/perms.acl: Read-only file system

so make the below changes and it should work

extraEnvVars:
  - name: "WORDPRESS_DATABASE_SSL_CA_FILE"
    value: /opt/bitnami/wordpress/tmp/ca-cert
  - name: WORDPRESS_ENABLE_DATABASE_SSL
    value: "yes"

## Additional volume mounts
## Example: Mount CA file
extraVolumeMounts:
  - name: ca-cert
    mountPath: /opt/bitnami/wordpress/tmp

or you will have to set extra params for the same path

  containerSecurityContext:
    enabled: true
    privileged: false
    allowPrivilegeEscalation: false
    ## Requires mounting an `extraVolume` of type `emptyDir` into /tmp
    ##
    readOnlyRootFilesystem: false
    capabilities:
      drop:
        - ALL


Answered By - Adiii
Answer Checked By - Robin (PHPFixing Admin)

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...