TAS Scheduler fails to deploy in 2.5
Article ID: 292935
Updated On:
Products
Issue/Introduction
Symptoms:
Scheduler for VMware Tanzu Application Service (TAS) has a dependency on MySQL for the TAS v2.x tile. It currently does not support connecting to a MySQL database over TLS (Translate Layer Security). Therefore, if MySQL for TAS is configured to require TLS connection to the database, the Scheduler tile will fail to install.
Tanzu Support recommends that those who use MySQL for the TAS v2.x tile, configure the tile to allow Optional TLS. This approach can be applied to other use cases, such as Spring Cloud Services, or for developer applications.
Tanzu Application Service (TAS) Scheduler fails to deploy with the following error message:
++ cf service scheduler-broker-mysql
++ grep -q -F p.mysql
++ echo 0
+ [[ 0 != 0 ]]
+ set +e
+ cf app scheduler-broker --guid
+ exit_code=0
+ set -e
+ [[ 0 -ne 0 ]]
+ set +e
+ blue_green broker scheduler-broker /var/vcap/jobs/deploy-scheduler/broker-manifest.yml /v2
+ local app_dir=broker
+ local app_name=scheduler-broker
+ local manifest_path=/var/vcap/jobs/deploy-scheduler/broker-manifest.yml
+ local route_path=/v2
+ pushd /var/vcap/packages/broker
+ cf push scheduler-broker-new -f /var/vcap/jobs/deploy-scheduler/broker-manifest.yml -i 1 -n scheduler-new -d sys.pcf-2-3-aws-clean.iet.to.cf-app.com -s cflinuxfs3
Start unsuccessful
TIP: use 'cf logs scheduler-broker-new --recent' for more information
++ cf app scheduler-broker-new
++ grep '#0'
++ awk '{print $2}'
+ app_state=crashed
+ popd
+ [[ crashed != \r\u\n\n\i\n\g ]]
+ exit 1
1 errand(s)
===== 2019-01-22 05:47:12 UTC Finished "/usr/local/bin/bosh --no-color --non-interactive --tty --environment=10.0.16.6 --deployment=p-scheduler-####### run-errand deploy-scheduler";
Environment
Cause
The Scheduler broker application is not configured to connect to MySQL over TLS, producing the error message:
$ cf logs --recent scheduler-broker ... 2019-01-22T15:34:54.72-0800 [APP/PROC/WEB/0] ERR panic: Error 3159: Connections using insecure transport are prohibited while --require_secure_transport=ON. 2019-01-22T15:34:54.72-0800 [APP/PROC/WEB/0] ERR goroutine 1 [running]: 2019-01-22T15:34:54.72-0800 [APP/PROC/WEB/0] ERR pcf-scheduler/broker/db.connect(0xc4200a4280, 0x7e, 0x0) 2019-01-22T15:34:54.72-0800 [APP/PROC/WEB/0] ERR /var/vcap/data/compile/broker/src/pcf-scheduler/broker/db/database.go:114 +0x1fd 2019-01-22T15:34:54.72-0800 [APP/PROC/WEB/0] ERR pcf-scheduler/broker/db.getSqlModeAllowingZeroDateTime(0xc42002e00d, 0x76, 0xc42014def0, 0xc42014df10) 2019-01-22T15:34:54.72-0800 [APP/PROC/WEB/0] ERR /var/vcap/data/compile/broker/src/pcf-scheduler/broker/db/database.go:49 +0x6d 2019-01-22T15:34:54.72-0800 [APP/PROC/WEB/0] ERR pcf-scheduler/broker/db.NewDB(0xc42002e00d, 0x76, 0xc4200a69a0, 0xe, 0x0) 2019-01-22T15:34:54.72-0800 [APP/PROC/WEB/0] ERR /var/vcap/data/compile/broker/src/pcf-scheduler/broker/db/database.go:35 +0x39 2019-01-22T15:34:54.72-0800 [APP/PROC/WEB/0] ERR main.main() 2019-01-22T15:34:54.72-0800 [APP/PROC/WEB/0] ERR /var/vcap/data/compile/broker/src/pcf-scheduler/broker/main.go:28 +0xb2 ...
This error message means that the MySQL server is expecting a TLS connection, but the application is not connecting through a TLS connection.
Resolution
Scheduler does not support MySQL TLS.
To workaround this issue
- Operators should configure TLS in the MySQL tile to "Optional". Refer to Pivotal Documentation for more information
- For external MySQL v8.0 or later database with TLS deactivated.
- Update Scheduler 2.0.10 to Allow use of ssl for external database connections
Feedback
