Cannot connect jboss to mysql innodb cluster

Latest response

I am fairly new to JBOSS and mysql router, so bear with me. We have a working stable install of JBOSS EAP 7.0 on a Windows 2012 R2 server running custom web services software. We have a new instance of mysql 8 InnoDB cluster (3 nodes) running on RHEL 7 that I need to connect to from the JBOSS server.

I have installed mysqlrouter on Windows and successfully bootstrapped it and installed it to run as a service. The log shows that it is connecting to the cluster with no errors.

I have installed the Connector/J software and registered the driver as a core module and then built a jboss datasource using the mysql driver class.

When I test the datasource connection, I get an error stating the connection is not valid. In the JBOSS server.log I get
java.sql.SQLException: Access denied for user 'username@192.168.27.16' (using password: YES)

Based on the logs, it appears there is no connection issue between JBOSS, mysqlrouter, and the mysql cluster.

I have verified that the username and password in the datasource definition (not shown here) are valid and work on the database.

I know the mysql cluster requires secure connections. That is indicated in the mysqlrouter.conf file and I have verified that we have a valid certificate and CA certificates installed on our JBOSS instance. These are being used for other connections. Is there something else that needs to be installed or registered with mysqlrouter in terms of certificates?

I am stumped on what to check next. Any suggestions would be helpful.

Responses

Hi John,

Please evaluate if one of these solutions will assist you resolving this... taking a stab since I don't deal with JBOSS

https://access.redhat.com/solutions/2858111

eap 6 https://access.redhat.com/solutions/2475821

when "vault" is used https://access.redhat.com/solutions/868953

less likely https://access.redhat.com/solutions/1410383

also check https://developers.redhat.com/help/#!q= use the drop-down menu to pick the right product, and developers of various sorts (including JBOSS) have solutions there too.

If needed open a case

Let us know

Regards

RJ

Thank you so much for your reply. I finally solved this problem with help from our MySQL DBA. The issue was that the DB user had the X509 flag set as a requirement on the login. This required that we set a system property in the JBOSS environment (javax.net.ssl.KeyStore) to point to our .jks file that contains the certificate for the client machine, the CA cert, and the CA root cert. I am still not clear on which certificate it is using, but the connection works now.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.