Unable to connect to database with SSL enabled during Jira setup
プラットフォームについて: サーバーと Data Center のみ。この記事は、サーバーおよび Data Center プラットフォームのアトラシアン製品にのみ適用されます。
問題
In Jira, when testing the database connection to PostgreSQL with SSL enabled, you may receive an error message:
The following appears in the catalina.log:
2018-05-27 15:25:48,747 http-nio-8080-exec-1 ERROR anonymous 925x38x1 92lmp6 10.53.222.101 /secure/SetupDatabase!connectionCheck.jspa [c.a.config.bootstrap.DefaultAtlassianBootstrapManager] Could not successfully test your database:
org.postgresql.util.PSQLException: Something unusual has occurred to cause the driver to fail. Please report this exception.
at org.postgresql.Driver.connect(Driver.java:275)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:247)
at com.atlassian.config.bootstrap.DefaultAtlassianBootstrapManager.getTestDatabaseConnection(DefaultAtlassianBootstrapManager.java:347)
at com.atlassian.jira.config.database.JdbcDatasource.getConnection(JdbcDatasource.java:211)
at com.atlassian.jira.config.database.DatabaseConfig.testConnection(DatabaseConfig.java:87)
at com.atlassian.jira.web.action.setup.SetupDatabase.testConnection(SetupDatabase.java:225)
at com.atlassian.jira.web.action.setup.SetupDatabase.doValidation(SetupDatabase.java:189)
at com.atlassian.jira.web.action.setup.SetupDatabase.doConnectionCheck(SetupDatabase.java:121)
... 3 filtered
at java.lang.reflect.Method.invoke(Method.java:498)
at webwork.util.InjectionUtils$DefaultInjectionImpl.invoke(InjectionUtils.java:70)
at webwork.util.InjectionUtils.invoke(InjectionUtils.java:56)
... 2 filtered
at com.atlassian.jira.action.JiraActionSupport.execute(JiraActionSupport.java:63)
... 7 filtered
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
... 49 filtered
at com.atlassian.jira.security.JiraSecurityFilter.lambda$doFilter$2(JiraSecurityFilter.java:78)
... 1 filtered
at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:76)
... 28 filtered
at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30)
... 27 filtered
at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25)
... 26 filtered
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
at org.apache.log4j.CategoryKey.<init>(CategoryKey.java:32)
at org.apache.log4j.Hierarchy.getLogger(Hierarchy.java:266)
at org.apache.log4j.Hierarchy.getLogger(Hierarchy.java:247)
at org.apache.log4j.LogManager.getLogger(LogManager.java:228)
at org.apache.log4j.Logger.getLogger(Logger.java:104)
at java.util.logging.Logger.log(Logger.java:738)
at org.postgresql.core.v3.ConnectionFactoryImpl.log(ConnectionFactoryImpl.java:317)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:261)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
at org.postgresql.Driver.makeConnection(Driver.java:452)
at org.postgresql.Driver.connect(Driver.java:254)
... 164 more原因
It is currently not possible to force the SSL connection to the database from the Jira Web UI. This is being tracked in the following feature request: JRASERVER-67403 - Getting issue details... STATUS
ソリューション
You will need to manually edit the dbconfig.xml to force the SSL connection.
- Jira を停止します。
- Edit the dbconfig.xml (located at the jira-home directory) as follows:
For JIRA 7.13 / postgreSQL driver below version 42.2.5: Add the following parameter to the JDBC URL parameter: ssl=true
For JIRA 8.5 / postgreSQL driver above version 42.2.5: Add the following parameter to the JDBC URL parameter: sslmode=require - Start Jira
Sample of JDBC URL
JIRA 7.13 / postgreSQL driver below version 42.2.5:
<url>jdbc:postgresql://DB-Server:5432/jiradb?ssl=true</url>
For JIRA 8.5 / postgreSQL driver above version 42.2.5:
<url>jdbc:postgresql://DB-Server:5432/jiradb?sslmode=require</url>
depending on the setup the following URLs may need to be used:
<url>jdbc:postgresql://DB-Server:5432/jiradb?sslmode=prefer</url>
<url>jdbc:postgresql://DB-Server:5432/jiradb?sslmode=allow</url>
*Note that the "?" demarcates the end of the database name and the beginning of the database connection parameters. If you already have connection parameters, you will add a ";ssl=true" instead of "?ssl=true".
*Note for a full explanation of the sslmode and the different options for it, see Postgres SQL Documentation Configuring the Client
In case the dbconfig.xml file is not yet present, you can create this file via Startup check: Creating and editing the dbconfig.xml file.
dbconfig.xml
Sample of the dbconfig.xml for PostgreSQL database:
<jira-database-config>
<name>defaultDS</name>
<delegator-name>default</delegator-name>
<database-type>postgres72</database-type>
<schema-name>public</schema-name>
<jdbc-datasource>
<url>jdbc:postgresql://DB-Server:5432/jiradb?ssl=true</url>
<driver-class>org.postgresql.Driver</driver-class>
<username>dbuser</username>
<password>password</password>
<pool-min-size>20</pool-min-size>
<pool-max-size>20</pool-max-size>
<pool-max-wait>30000</pool-max-wait>
<pool-max-idle>20</pool-max-idle>
<pool-remove-abandoned>true</pool-remove-abandoned>
<pool-remove-abandoned-timeout>300</pool-remove-abandoned-timeout>
<validation-query>select version();</validation-query>
<min-evictable-idle-time-millis>60000</min-evictable-idle-time-millis>
<time-between-eviction-runs-millis>300000</time-between-eviction-runs-millis>
<pool-test-on-borrow>false</pool-test-on-borrow>
<pool-test-while-idle>true</pool-test-while-idle>
</jdbc-datasource>
</jira-database-config>
In some cases, force the SSL connection to the database could lead to Collation not being detected. This is being tracked in this bug report: JRASERVER-46026 - Getting issue details... STATUS