Skip to content

1.4.9 docker: MySQL connection fails with SSL error on startup #474

Description

@stephdl

Describe the bug

When starting the piler 1.4.9 Docker container, the startup script fails to connect to MariaDB with the following error, looping indefinitely:

ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it

This regression does not occur with piler 1.4.8.

To Reproduce

  1. Start piler 1.4.9 using the provided docker-compose.yaml
  2. Observe the piler container logs
  3. See the SSL error repeating every 5 seconds in the wait_until_mysql_server_is_ready loop

Expected behavior

Piler connects to MariaDB without SSL errors, as it did in version 1.4.8.

Root cause

Piler 1.4.9 uses ubuntu:26.04 as its base image (confirmed by php8.5-fpm in start.sh). Ubuntu 26.04 ships a newer mariadb-client-core package where the default SSL mode for TCP connections changed to REQUIRED. The MariaDB server has no SSL certificates configured, so the connection fails.

The create_my_cnf_files() function in docker/start.sh generates /etc/piler/.my.cnf without any SSL option:

printf "[client]\nhost = %s\nuser = %s\npassword = %s\n..."

Piler 1.4.8 used an older Ubuntu base image where the mariadb client did not require SSL by default on TCP connections.

Fix

Add ssl=false to the [client] section in create_my_cnf_files():

printf "[client]\nhost = %s\nuser = %s\npassword = %s\nssl=false\n[mysqldump]\nhost = %s\nuser = %s\npassword = %s\n" \
    "$MYSQL_HOSTNAME" "$MYSQL_USER" "$MYSQL_PASSWORD" \
    "$MYSQL_HOSTNAME" "$MYSQL_USER" "$MYSQL_PASSWORD" \
    > "$PILER_MY_CNF"

This was confirmed by manually adding ssl=false under [client] in the running container — piler connected successfully and completed its initialization.

[client]
ssl=false
host = 127.0.0.1
user = piler
password = piler
[mysqldump]
host = 127.0.0.1
user = piler
password = piler

Piler version:

  • piler 1.4.9

Additional context

Verified on a NethServer 8 deployment using mariadb:10.11.18. The issue is not specific to the MariaDB server version — it is caused by the newer mariadb client inside the piler container requiring SSL when connecting via TCP to 127.0.0.1.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions