Search code examples
mysqlruby-on-rails-4sslrakejruby

Error in db:migrate using JRuby on Rails with remote Amazon MySQL via SSL connection

Error with jruby 1.7.19 (ruby 1.9.3 compatible on oracle JVM 1.8) but not error with the corresponding plan ruby 1.9.3 in “rake db:migrate" to modify MySQL of Amazon RDS via SSL connection.

I got a message below when “rake db:migrate” under jruby environment 

“rake aborted!
ActiveRecord::JDBCError: Access denied for user 'myid'@'ip_of_my_amazon_rds' (using password: YES)
arjdbc/jdbc/RubyJdbcConnection.java:453:in `init_connection'
Tasks: TOP => db:migrate
(See full trace by running task with –trace)”

No problem of “rake db:migarate” under the plan ruby. No problem of “rake db:migrate” without SSL for both jruby and plain ruby. I am wondering why I get the error with jruby via SSL connection.

My dabase.yml is

development:
  adapter: mysql2
  encoding: utf8
  pool: 5
  verifyServerCertificate: true
  useSSL: true
  requireSSL: true
  host: myhosturl.us-east-1.rds.amazonaws.com
  port: 3306
  sslca: rds-combined-ca-bundle.pem
  username: myid
  password: mypassword
  database: develop

Corresponding gems in Gemfile are 

gem 'mysql2', platform: :ruby
gem 'jdbc-mysql', platform: :jruby
gem 'activerecord-jdbc-adapter', platform: :jruby
gem 'jruby-openssl', platform: :jruby

I can connect the same database by “rails dbconsole” commands under both jruby and ruby environments without error – password is asked in both cases even it is specified in the database.yml file though. I grabbed the rds-combined-ca-bundle.pem file from the Amazon web site and put it at the root of my app. I use rbenv to switch the environments.

I want to use Java libraries in my rails app with jruby. If you have any idea to fix the problem, I greatly appreciate.

Solution

  • be sure to put the JDBC specific options under properties:

    development:
  adapter: mysql2
  encoding: utf8
  pool: 5
  host: myhosturl.us-east-1.rds.amazonaws.com
  port: 3306
  sslca: rds-combined-ca-bundle.pem
  username: myid
  password: mypassword
  database: develop
  properties:
    useSSL: true
    requireSSL: true
    verifyServerCertificate: true

    still you might need to wrap the certificate (sslca) into Java's format, just read the jdbc doc how ... you do not need to manually set the properties - those can be specified on the command line or in JRUBY_OPTS e.g. -J-Djavax.net.ssl.keyStore=/opt/tomcat/etc/myKS.jks