skip to Main Content

I run a MariaDB PaaS on azure with SSL and run phpMyAdmin on AKS. By trying to connect I get a very unclear message: Cannot log in to the MySQL server and mysqli::real_connect(): (HY000/2002): No such file or directory

At this point ssl is not the issue. I’ve tried the same without enforcing ssl on the DB side and configured phpmyadmin without those ssl settings.

I also tested the connectivity from the phpmyadmin pod using curl -v telnet://my-database-12345.mariadb.database.azure.com:3306 successfully.

This is how I tried to get phpmyadmin working with azure mariadb:

apiVersion: v1
kind: Namespace
metadata:
  name: pma
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: pma-cfg
  namespace: pma
  labels:
    app: phpmyadmin
data:
  config-user-inc: |
    <?php
      $i = 0;
      $i++;
      $cfg['Servers'][$i]['auth_type'] = 'cookie';
      $cfg['Servers'][$i]['host'] = 'my-database-12345.mariadb.database.azure.com';
      $cfg['Servers'][$i]['port'] = '3306';
      $cfg['Servers'][$i]['ssl'] = true;
      $cfg['Servers'][$i]['ssl_ca'] = 'ssl/BaltimoreCyberTrustRoot.crt.pem';
      $cfg['Servers'][$i]['ssl_verify'] = false;
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: ssl-cert
  namespace: oneup
  labels:
    app: phpmyadmin
data:
  ssl-cert: |
    -----BEGIN CERTIFICATE-----
    # truncated BaltimoreCyberTrustRoot.crt
    -----END CERTIFICATE-----
---
apiVersion: v1
kind: Service
metadata:
  name: internal-pma
  namespace: pma
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
  type: LoadBalancer
  loadBalancerIP: 10.xxx.xxx.xxx
  ports:
    - port: 80
      targetPort: pma
  selector:
    app: pma
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pma
  namespace: pma
  labels:
    app: pma
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pma
  template:
    metadata:
      labels:
        app: pma
    spec:
      containers:
        - name: pma
          image: phpmyadmin/phpmyadmin
          ports:
            - containerPort: 80
              name: pma
          volumeMounts:
            - name: pma-cfg
              mountPath: /etc/phpmyadmin/
            - name: ssl-cert
              mountPath: /etc/phpmyadmin/ssl/
      volumes:
        - name: pma-cfg
          configMap:
            name: pma-cfg
            items:
              - key: config-user-inc
                path: config.user.inc.php
        - name: ssl-cert
          configMap:
            name: ssl-cert
            items:
              - key: ssl-cert
                path: BaltimoreCyberTrustRoot.crt.pem

Many thanks!

2

Answers


  1. Chosen as BEST ANSWER

    When mounting an custom configuration for phpmyadmin without using any environment variables (which is required if you use ssl), there's no default config file generated by the image.

    Eg: if you start the pod like:

    apiVersion: apps/v1
    ...
        spec:
          containers:
            - name: pma
              image: phpmyadmin/phpmyadmin
              env:
                name: PMA_HOST
                value: myhost.local
              ports:
                - containerPort: 80
                  name: pma
    

    A config.inc.php file will be generated in /etc/phpmyadmin

    By mounting an config.user.inc.php, no config.inc.php will be generated.

    What I did

    is copying the content from /var/www/html/config.sample.inc.php in my configMap and do the needful changes for my azure mariadb:

    ConfigMap:

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: pma-cfg
      namespace: pma
      labels:
        app: pma
    data:
      config-inc: |
        <?php
        declare(strict_types=1);
        $cfg['blowfish_secret'] = '*****'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
        $i = 0;
        $i++;
    
        /* Authentication type */
        $cfg['Servers'][$i]['auth_type'] = 'cookie';
        /* Server parameters */
        $cfg['Servers'][$i]['host'] =  'mydb123456.mariadb.database.azure.com';
        $cfg['Servers'][$i]['compress'] = false;
        $cfg['Servers'][$i]['AllowNoPassword'] = false;
    
        /* SSL */
        $cfg['Servers'][$i]['ssl'] = true;
        $cfg['Servers'][$i]['ssl_ca'] = '/etc/phpmyadmin/ssl/BaltimoreCyberTrustRoot.crt.pem';
        $cfg['Servers'][$i]['ssl_verify'] = true;
    
        /* Directories for saving/loading files from server */
        $cfg['UploadDir'] = '';
        $cfg['SaveDir'] = '';
    
      ssl-cert: |
        -----BEGIN CERTIFICATE-----
        # Trunkated BaltimoreCyberTrustRoot.crt
        -----END CERTIFICATE-----
    

    Finally mount the config map to the deployment:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: pma
      namespace: pma
      labels:
        app: pma
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: pma
      template:
        metadata:
          labels:
            app: pma
        spec:
          containers:
            - name: pma
              image: phpmyadmin/phpmyadmin
              ports:
                - containerPort: 80
                  name: pma
              volumeMounts:
                - name: pma-cfg
                  mountPath: /etc/phpmyadmin/
          volumes:
             - name: pma-cfg
               configMap:
                 name: pma-cfg
                 items:
                   - key: config-inc
                     path: config.inc.php
                   - key: ssl-cert
                     path: ssl/BaltimoreCyberTrustRoot.crt.pem
    

    Maybe it will help others too.

    Cheers!


  2. The Error you are getting is an known issue can be resolve by restarting the MSSQL server or
    do the following change:

    $cfg['Servers'][$i]['host'] = 'my-database-12345.mariadb.database.azure.com';
    to
    
    $cfg['Servers'][$i]['host'] = '127.0.0.1'
    

    You can refer this SO thread for more information and Troubleshooting

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search