Performance Management SslConfig fails with error connecting to MySql database

book

Article ID: 207819

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

When running the SslConfig script to set up SSL for HTTPS access an error is received.

This is an environment where the DX NetOps Performance Management Performance Center and the MySql database are installed on different hosts.

When running the ./SslConfig command as instructed from the (default path) /opt/CA/PerformanceCenter directory the following error is observed:

Cannot connect to the database: nested exception is java.sql.SQLException: null,  message from server: "Host '<IP-or-HostName_for_MySql_Host>' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'"

Cause

The system time on the Performance Center and MySql host servers are not aligned and are out of sync. This time difference was present when MySql was installed.

By default we configure MySql with SSL encryption.

As a result of the time difference the connection request from the SslConfig script is rejected due to time not matching between requestor (PC host SslConfig command) and recipient, the MySql host.

Environment

All supported DX NetOps Performance Management releases

Resolution

Fix the system time on the two hosts to ensure they are time aligned. Maintain this via time sync tools.

Once that is resolved there are two options to resolve this.

The simplest if this is a new install is to reinstall Performance Center. Reinstall it on the Performance Center services host, and reinstall it on the MySql remote host.

See below in Additional Information for option 2.

Additional Information

NOTE: This is an untested workaround.

After fixing the time on the servers reboot them thus restarting their respective Performance Center and MySql services. After confirming the services are running post reboot run the following command on the MySql host from the (default path) /opt/CA/MySql directory.

./bin/mysqld --initialize-insecure --user=mysql --datadir=$MYSQL_DATA_FOLDER$

Run this passing the same /tmp/mysqldata as the --datadir value. It will create new *.pem files for everything using the correct current time.

Next stop the MySql services on the MySql host (stop Performance Center services first!). While MySql is down copy all the new /tmp/mysqldata/*.pem files to the (default path) /opt/CA/MySql/data directory.

When done copying the files start the MySql service and the SslConfig command should now run without error.