The above error occurred when I launched the app in a Docker environment and tried to connect to an external MySQL (Amazon Aurora in this case) from it. Depending on the underlying Docker image, you may or may not get an error. ..
This time, I had to create a python environment with Docker, so I created it from the official image of python 3.7.4. I won't go into the details of the application, but it uses pandas for processing. I'm trying to connect using mysql.connector.
Docker (Debian base) where an error occurs ↓
Dockerfile
FROM python:3.7.4-slim
RUN apt-get -y update && apt-get install -y --no-install-recommends \
apt-utils \
python-dev \
build-essential \
libpq-dev
RUN pip install --upgrade pip
RUN pip install --upgrade setuptools
COPY requirements.txt /tmp/
RUN pip install -r /tmp/requirements.txt
No error Docker (Alpine base) ↓
Dockerfile
FROM python:3.7.4-alpine3.10
RUN apk --update-cache add \
bash \
gcc \
g++ \
gfortran \
postgresql-dev \
openblas-dev \
freetype-dev
RUN pip install --upgrade pip
RUN pip install --upgrade setuptools
COPY requirements.txt /tmp/
RUN pip install -r /tmp/requirements.txt
Python code for the connection part ↓
main.py
#Excerpt
import mysql.connector as my
myconfig = {
'user': 'user',
'password': 'your_password',
'host': 'your_host',
'database' : 'your_db',
}
conn = my.connect(**myconfig)
If it is based on Alpine, it takes a lot of time to build C such as numpy and pandas at the time of build, so I wanted to make it a Debian-based Docker image.
For MySQL 5.6 / 5.7, the supported TLS version seems to be up to TLSv1.1. [2] Changes in MySQL Connector/Python 8.0.18 (2019-10-14, General Availability)
In Debian, the default setting for openssl is TLSv1.2, which caused an error when connecting.
There are two patterns of solutions.
Dockerfile
FROM python:3.7.4-slim
RUN apt-get -y update && apt-get install -y --no-install-recommends \
apt-utils \
python-dev \
build-essential \
libpq-dev
#change point
RUN apt-get update -yqq \
&& apt-get install -y --no-install-recommends openssl \
&& sed -i 's,^\(MinProtocol[ ]*=\).*,\1'TLSv1.0',g' /etc/ssl/openssl.cnf \
&& rm -rf /var/lib/apt/lists/*
RUN pip install --upgrade pip
RUN pip install --upgrade setuptools
COPY requirements.txt /tmp/
RUN pip install -r /tmp/requirements.txt
About Debian's TLS default settings [1] Debian openssl-1.1.1
Python MySQL Connector Update Information [2] Changes in MySQL Connector/Python 8.0.18 (2019-10-14, General Availability)
How to investigate the error content and change the set value [3] SSL routines:ssl_choose_client_version:unsupported protocol
I didn't understand why Alpine didn't get the error. I can't find any mention of TLS default settings in etc / ssl / openssl.cnf. .. .. You may be asked to study the protocol, but if you don't have the default settings, it will select the TLS version and connect to you.
If anyone knows the cause, I would like to ask you to teach.
Recommended Posts