我使用 Amazon RDS MySQL 作为主数据库。根据此 blog,我需要更新应用程序以使用新的 CA。我正在按照 AWS 证明的 this instruction 更新我的应用程序。
以下具体说明不是很清楚:
java -Djavax.net.ssl.trustStore=/path_to_truststore/MyTruststore.jks -Djavax.net.ssl.trustStorePassword=my_truststore_password com.companyName.MyApplication
即使更新后,应用程序也无法启动并显示以下错误消息:
2021-05-08 22:30:15org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'flywayInitializer' defined in class path resource [org/springframework/boot/autoconfigure/flyway/FlywayAutoConfiguration$FlywayConfiguration.class]: Invocation of init method failed; nested exception is org.flywaydb.core.internal.exception.FlywaySqlException:
2021-05-08 22:30:15Unable to obtain connection from database: Communications link failure
2021-05-08 22:30:15The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
2021-05-08 22:30:15--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2021-05-08 22:30:15SQL State : 08S01
2021-05-08 22:30:15Error Code : 0
2021-05-08 22:30:152021-05-08 12:30:15.312 INFO 6 --- [ main] ConditionEvaluationReportLoggingListener :
我的应用程序在 Fargate 平台版本 1.3.0 中运行。
应用 Dockerfile(简化版):
FROM openjdk:11
ARG JAR_PATH
RUN curl -k https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem -o rds-ca-2019-root.pem
RUN openssl x509 -outform der -in rds-ca-2019-root.pem -out rds-ca-2019-root.der
RUN echo yes | keytool -import -alias rds-root -keystore clientkeystore.jks -storepass changeme -file rds-ca-2019-root.der
RUN mkdir app
WORKDIR app
RUN mkdir config
COPY $JAR_PATH app.jar
CMD java -Djavax.net.ssl.trustStore=/clientkeystore.jks -Djavax.net.ssl.trustStorePassword=changeme -jar app.jar
EXPOSE 8080
我在 clientStore.jks 命令中使用 trustStore 作为 java 值。我不完全确定它是否正确。