Search code examples
mysqlgoogle-app-enginegoogle-cloud-platformgoogle-cloud-sql

Receiving SQLNonTransientConnectionException on Google Appengine


I've been using MySQL ("Cloud SQL") on Google's platform for years. First Generation. SSL connections only. I have had all my certs in place for months and running just fine. My certificates are not expired. Over the last day and a half I have been unable to connect to the database!!! Tried restarting the database. Did google change something in their environment as a result of the denial of service attacks that started Friday?

Exception in thread "main" java.sql.SQLNonTransientConnectionException: SSL Connection required, but not supported by server.
    at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:550)
    at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:537)
    at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:527)
    at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:512)
    at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:480)
    at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:498)
    at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:494)
    at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:72)
    at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:1634)
    at com.mysql.cj.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:637)
    at com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:351)
    at com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:224)
    at java.sql.DriverManager.getConnection(DriverManager.java:664)
    at java.sql.DriverManager.getConnection(DriverManager.java:208)
    at ... my code

What's going on?


Solution

  • So after some investigation I see that my server side certificates went missing . I found this out by using the Developer Console to restart my CloudSQL instance. Then I investigated the logs.

    2016-10-22 12:42:47 0 [Note] (mysqld 5.6.31-log) starting as process 554455 ...
    2016-10-22 12:42:47 554455 [Note] Semi-sync replication initialized for transactions.
    2016-10-22 12:42:47 554455 [Note] Semi-sync replication enabled on the master.
    2016-10-22 12:42:47 554455 [Note] InnoDB: Using atomics to ref count buffer pool pages
    2016-10-22 12:42:47 554455 [Note] InnoDB: The InnoDB memory heap is disabled
    2016-10-22 12:42:47 554455 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
    2016-10-22 12:42:47 554455 [Note] InnoDB: Memory barrier is not used
    2016-10-22 12:42:47 554455 [Note] InnoDB: Compressed tables use zlib 1.2.8
    2016-10-22 12:42:47 554455 [Note] InnoDB: Using CPU crc32 instructions
    2016-10-22 12:42:47 554455 [Note] InnoDB: Initializing buffer pool, size = 96.0M
    2016-10-22 12:42:47 554455 [Note] InnoDB: Completed initialization of buffer pool
    2016-10-22 12:42:47 554455 [Note] InnoDB: Highest supported file format is Barracuda.
    2016-10-22 12:42:51 554455 [Note] InnoDB: 128 rollback segment(s) are active.
    2016-10-22 12:42:51 554455 [Note] InnoDB: 5.6.31 started; log sequence number 10094548402
    2016-10-22 12:42:52 554455 [Note] RSA private key file not found: /sfs/project/database/data//private_key.pem. Some authentication plugins will not work.
    2016-10-22 12:42:52 554455 [Note] RSA public key file not found: /sfs/project/database/data//public_key.pem. Some authentication plugins will not work.
    2016-10-22 12:42:52 554455 [Note] Add the 'cloudsqladmin' user with the password hash '*ACE49C8814A8031C812FD739A573BDD4FFF8F7EE'
    2016-10-22 12:42:53 554455 [Note] Event Scheduler: Loaded 0 events
    2016-10-22 12:42:53 554455 [Note] : ready for connections.
    Version: '5.6.31-log' socket: '' port: 0 (43, 47) (Google)
    

    I'm still hoping to understand how this happened, will update when I can. Considering this happened on Google's side I'm not sure I can fix it directly. I see that there is an option to "Reset SSL Configuration" in the Dev Console. I hope I don't have to do that because it would mean rolling out new certs to production code and all devlopers. My issue also tracked here: https://code.google.com/p/googlecloudsql/issues/detail?id=188