AndersKlint opened a new issue, #5659: URL: https://github.com/apache/incubator-devlake/issues/5659
### Search before asking - [X] I had searched in the [issues](https://github.com/apache/incubator-devlake/issues?q=is%3Aissue) and found no similar issues. ### What happened I'm trying to connect Devlake to a "Azure MySQL Flexible Server" which is configured to require SSL (--require_secure_transport=ON), however Devlake throws this error: ``` Version: v0.17.0-rc1@ time="2023-07-11 12:17:45" level=info msg="/go/pkg/mod/gorm.io/[email protected]/gorm.go:206 [error] failed to initialize database, got error Error 3159: Connections using insecure transport are prohibited while --require_secure_transport=ON." panic: Error 3159: Connections using insecure transport are prohibited while --require_secure_transport=ON. Wraps: (2) Error 3159: Connections using insecure transport are prohibited while --require_secure_transport=ON. Error types: (1) *hintdetail.withDetail (2) *mysql.MySQLError goroutine 1 [running]: github.com/apache/incubator-devlake/core/runner.CreateAppBasicRes() /app/core/runner/basic_res.go:50 +0x231 github.com/apache/incubator-devlake/server/services.InitResources() /app/server/services/init.go:54 +0x45 github.com/apache/incubator-devlake/server/services.Init() /app/server/services/init.go:80 +0x2b github.com/apache/incubator-devlake/server/api.CreateApiService() /app/server/api/api.go:61 +0x2e main.main() /app/server/main.go:39 +0x7e ``` Setting "--require_secure_transport=OFF" will of course resolve the issue. I've tried: * Install the CA provided by azure with the following container startup command: ` command: [ "sh", "-c", "curl -ks 'https://dl.cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem' -o '/usr/local/share/ca-certificates/DigiCertGlobalRootCA.crt'; update-ca-certificates; lake" ] ` But this has no effect (actually it seems to already be installed as the logs are printing `rehash: warning: skipping duplicate certificate in DigiCertGlobalRootCA.pem `). * Setting the env var "IN_SECURE_SKIP_VERIFY" to true: This has no effect. * Appending the argument `&tls=skip-verify` to the DB_URL env var: This throws an argument not found error in the python migration code in devlake as the same connection string is used both for GORM and SqlAlchemy (or actually python MySql connection ). This is because the two DB connections has different connection arguments. * Same as above but alos editing the source code in `backend/python/pydevlake/pydevlake/ipc.py` to replace the GORM argument with a python MySQL acceptable one:  This works and we can connect to the remote MySQL DB. However, we are not verifying certificates. ### What do you expect to happen Devlake should be able to connect to a remote MySQL db over TLS, either out of the box, by modifying the DB_URL arguments, or by installing a CA certificate. Or maybe there is already a way? In that case that should be added to the troubleshooting section in the wiki. ### How to reproduce 1. Create a public MySQL flexible server on Azure. 2. Add a DB called lake to it and create an account for it. 3. Host a cluster / docker compse with devlake and point devlake to the DB. ### Anything else I've run both from a local cluster and a cluster hosted remotely on Azure. ### Version v0.17.0-rc1 ### Are you willing to submit PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
