dataverse icon indicating copy to clipboard operation
dataverse copied to clipboard

Published 20 hours ago verified publisher icon IQSS

DB connection: defaults and more options

Open poikilotherm opened this issue 3 years ago • 2 comments

Now that #7701 is merged and we are on 5.2021.4, we can enable real defaults for the database connection.

Context

I learned that any variable expansion supporting annotations or files, that will have Payara create resources, containers or sth else from, will not retrieve default values from the microprofile-config.properties file bundled in the WAR.

Instead, we need to provide defaults with the new ${MPCONFIG=name:default} syntax.

Todo

  • [x] Add defaults to the connection URL. Using "localhost", "5432" and "dataverse" will allow most installation and devs to go without config.
  • [x] Use the newly introduced caps to configure more Payara specific properties regarding connection monitoring etc.
  • [x] Edit release notes of 5.3 to be more precise about database configuration not having defaults...
  • [x] Maybe others

poikilotherm avatar Jun 29 '21 23:06 poikilotherm

FWIW: this can now be addressed given the fact that Payara 5.2022.2 included a fix for this.

poikilotherm avatar Aug 11 '22 16:08 poikilotherm

Here's a real life example of a problem this will solve: We had a support request (RT 321319) where a remote admin was asking about hardening their installation, specifically about enforcing SSL on the connection between the application and the database. When the jdbc library opens the connection to PostgresQL, it defaults to sslmode=prefer (meaning, it will use SSL if the remote server supports it; but would also be happy to use an unencrypted connection if not; it does not verify the SSL certificates in this mode either). If a user wants to ensure that their Dataverse installation will never talk to the database w/out SSL, they need to use sslmode=require. Or sslmode=verify-ca, to verify the certs. As of now, the only way to pass this parameter is to attach it to the database name, like this: <system-property name="dataverse.db.name" value="dvndb?sslmode=require"/> so that it ends up in the combined connection string; but it's a bit hacky. #8915 will provide a clean way to supply this extra parameter (via dataverse.db.parameters).

landreev avatar Aug 11 '22 23:08 landreev

I am pleased to report that, so far, Leonid's ?sslmode=require suggestion above appears to work with a test RDS instance.

donsizemore avatar Oct 12 '22 14:10 donsizemore