Download the artifacts for this pull request:

• all-ddev-executables.zip
• ddev-macos-amd64.zip
• ddev-macos-arm64.zip
• ddev-linux-arm64.zip
• ddev-linux-amd64.zip
• ddev-windows-amd64.zip
• ddev-windows-amd64-installer.zip
• ddev-windows-arm64.zip
• ddev-windows-arm64-installer.zip

See Testing a PR.

Should we also be considering using SSL optionally for communication between web and db?

It's already done automatically in MariaDB 11.4+
https://www.youtube.com/watch?v=JymQOSYTI-Y&t=73s
https://mariadb.org/mission-impossible-zero-configuration-ssl/

We don't actually need disable-ssl-verify-server-cert config or --skip-ssl-verify-server-cert flag to connect to the db server in MariaDB 11.4+.

I guess it's too much work to add SSL for every possible MariaDB version below 11.4.

And people may still need to connect to some external databases without SSL from the ddev-webserver.

It's already done automatically in MariaDB 11.4+

Didn't know that! But I was actually talking about configuring our server to do TLS.

Lima timing out after 4 hours, perhaps something wrong with runner, https://buildkite.com/ddev/macos-lima/builds/5712#019c5905-5b6e-4500-b779-32989145e0af (tb-macos-arm64-6 lima)

We should see if we can test this on Craft's db dump utility, which should have the same problem.

Bizarre:

rfay@rfay-mba-m4:~/tmp/d11-mariadb-10.6$ ddev drush sql-cli
ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it

In Process.php line 280:

  The command "mariadb --defaults-file=/tmp/drush_0hcqa8s0r9l8dvJfIL5 --database=db --host=db --port=
  3306 -A" failed.

  Exit Code: 1(General error)

  Working directory: /var/www/html/web

  Output:
  ================


  Error Output:
  ================


Failed to run drush sql-cli: exit status 1
rfay@rfay-mba-m4:~/tmp/d11-mariadb-10.6$ ddev drush si
 You are about to:
 * CREATE the 'db' database.


 ┌ Do you want to continue? ────────────────────────────────────┐
 │ Yes                                                          │
 └──────────────────────────────────────────────────────────────┘

 [warning] Failed to drop or create the database. Do it yourself before installing. ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it

 [notice] Starting Drupal installation. This takes a while.
 [notice] Performed install task: install_select_language
 [notice] Performed install task: install_select_profile
 [notice] Performed install task: install_load_profile
 [notice] Performed install task: install_verify_requirements
 [notice] Performed install task: install_verify_database_ready
 [notice] Performed install task: install_base_system
 [notice] Performed install task: install_bootstrap_full
 [notice] Performed install task: install_profile_modules
 [notice] Performed install task: install_profile_themes
 [notice] Performed install task: install_install_profile
 [notice] Performed install task: install_configure_form
 [notice] Performed install task: install_finished
 [success] Installation complete. (Admin)
 [success] User name: admin  User password: UUVLuipzMx
rfay@rfay-mba-m4:~/tmp/d11-mariadb-10.6$
rfay@rfay-mba-m4:~/tmp/d11-mariadb-10.6$ ddev mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 10.6.24-MariaDB-ubu2204-log mariadb.org binary distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [db]> show tables;
+----------------------------------+
| Tables_in_db                     |
+----------------------------------+
| block_content                    |
| block_content__body              |
| block_content_field_data         |
| block_content_field_revision     |
| block_content_revision           |
| block_content_revision__body     |
| comment                          |
| comment__comment_body            |
| comment_entity_statistics        |
| comment_field_data               |
| config                           |

This works great of course, but I have questions and haven't fully grokked all the intent.

Could you flesh out body just a bit more?

• What mariadb versions are affected and why (and how)? Mariadb 10.11 is not. 10.6 yes, dramatically. Table would be great.
• Slightly more explanation about what really happens with the wrappers.
• When is the choice made about installing the wrappers?
• Are the wrappers always used if installed?
• Is there any conflict about the old mysql that was traditional, vs Maria's current mariadb + mysql symlink.
• Do we need anything in docs?

This absolutely solves a very real problem, and waiting for the tools that encounter it doesn't seem like a very successful approach. But it has quite a lot of complexity risk. We're taking basic behavior and trying to roll it back, which usually has unintended consequences.

What mariadb versions are affected and why (and how)? Mariadb 10.11 is not. 10.6 yes, dramatically. Table would be great.

We install MariaDB 11.8 client inside the ddev-webserver, this is our default.
The problem appeared because everything below MariaDB 10.11 uses MariaDB 11.8 client.

Slightly more explanation about what really happens with the wrappers.

I create wrappers in /usr/local/bin/ for some of the mariadb* commands, these wrappers run the exact same command as requested, but with addition of the --skip-ssl-verify-server-cert flag. This is needed because disable-ssl-verify-server-cert inside $HOME/.my.cnf is not respected by external programs.

When is the choice made about installing the wrappers?

I decided to preinstall them, so they already come bundled with ddev-webserver, if you change the default database to MySQL, they are removed completely. And when you change it to MariaDB 10.11, they are also removed.

Are the wrappers always used if installed?

Yes.

Is there any conflict about the old mysql that was traditional, vs Maria's current mariadb + mysql symlink.

No, mysql wrapper will call mariadb wrapper, which will call the original /usr/bin/mariadb

Do we need anything in docs?

I don't think we need to add anything.

After internal discussion we decided it's better to keep MariaDB 10.11 client for all old MariaDB servers:

Run this to download the updated ddev-webserver:

ddev utility download-images

The MariaDB 10.11 client doesn't use any wrappers, so even if there is an issue with the wrappers, it would only affect MariaDB 11.x.

A note: Since this was done against fork, some of the more extensive tests like TestDdevAllDatabases may not be run against everything until it gets pulled.