Azure connection reading binlog fails with 'The connection string may not be right. Please visit portal for references' #26
Comments
|
Is there a possibility you could capture a packet trace of a JDBC connection and then the failing connection? Or really just a maxwell boot session.
Happy to send a PGP key if you’re concerned about posting in public
We’ve had very odd problems with azure through the years, their implementation has been super finicky about packets arriving together or separate, so I’m not totally surprised there’s something else.
… On Jan 14, 2021, at 17:59, Gil Cottle ***@***.***> wrote:
Trying to use debezium to read the binlog, but on Azure a MySQL 5.7 instance, am getting "The connection string may not be right. Please visit portal for references.�"
The debezium part of the connection works using the regular MySQL JDBC driver, but when connecting for the binlog it fails. Any insight into what to do or data you'd like me to provide, please let me know.
Tried to pull the latest and still didn't help:
com.zendesk:mysql-binlog-connector-java:0.23.3
mysql:mysql-connector-java:8.0.22
io.debezium:debezium-connector-mysql:1.4.0.Final
io.debezium:debezium-embedded:1.4.0.Final
Stack Trace:
2021-01-14 17:51:41,154 ERROR i.d.e.EmbeddedEngine [pool-2-thread-1] Unable to initialize and start connector's task class 'io.debezium.connector.mysql.MySqlConnectorTask' with config: {snapshot.mode=never, database.logger=com.mysql.cj.log.Slf4JLogger, ***@***.***, database.password=********, offset.storage=org.apache.kafka.connect.storage.FileOffsetBackingStore, database.server.name=me-debezium-testname, database.ssl.mode=required, database.serverTimezone=UTC, snapshot.locking.mode=NONE, offset.storage.file.filename=debeziumOffsetFile, connector.class=io.debezium.connector.mysql.MySqlConnector, database.port=3306, database.history.file.filename=dbhistory.dat, database.hostname=zzz.mysql.database.azure.com, bigint.unsigned.handling.mode=precise, table.include.list=^vvv.*\.vvv$, database.server.id=96406, database.history=io.debezium.relational.history.FileDatabaseHistory, name=me-debezium-test} org.apache.kafka.connect.errors.ConnectException: Failed to authenticate to the MySQL database at zzz.mysql.database.azure.com:3306 with user ***@***.***'
at io.debezium.connector.mysql.BinlogReader.doStart(BinlogReader.java:444)
at io.debezium.connector.mysql.AbstractReader.start(AbstractReader.java:127)
at io.debezium.connector.mysql.ChainedReader.startNextReader(ChainedReader.java:206)
at io.debezium.connector.mysql.ChainedReader.start(ChainedReader.java:103)
at io.debezium.connector.mysql.MySqlConnectorTask.start(MySqlConnectorTask.java:272)
at io.debezium.connector.common.BaseSourceTask.start(BaseSourceTask.java:106)
at io.debezium.embedded.EmbeddedEngine.run(EmbeddedEngine.java:758)
at io.debezium.embedded.ConvertingEngineBuilder$2.run(ConvertingEngineBuilder.java:171)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.github.shyiko.mysql.binlog.network.AuthenticationException: The connection string may not be right. Please visit portal for references.
at com.github.shyiko.mysql.binlog.network.Authenticator.readResult(Authenticator.java:85)
at com.github.shyiko.mysql.binlog.network.Authenticator.authenticate(Authenticator.java:70)
at com.github.shyiko.mysql.binlog.BinaryLogClient.connect(BinaryLogClient.java:526)
at com.github.shyiko.mysql.binlog.BinaryLogClient$7.run(BinaryLogClient.java:839)
... 1 more
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
Had a separate conversation, thanks for being responsive @osheroff and giving me the right idea for looking into this further. I ended up turning off TLS for a temp DB and using Wireshark which thankfully has a MySQL protocol interpeter already written to compare the differences. The failure was at the login step. The diff between logins is below. The piece that Azure wanted was specifying the Client Auth Plugin of I'm not sure if this should be behind a flag or something based on the MySQL version to maintain backwards compatibility, but this is the change that works. Change to make to Diff between login requests: |
|
nice work @redcape. This totally matches what the spec for the handshake is; according to https://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::HandshakeResponse we should always be sending the 'auth plugin name' in our scenario. I can't find any documentation that that field was added later than any conceivable mysql version we care about, so I think we're pretty safe to simply add it. Go ahead and PR the one liner and I'll get a release out. I do wonder just what those azure-mysql db devs are up to, but hey. |
…ions PLUGIN_AUTH is listed as one of the capabilities and connections to Azure MySQL require the Auth Plugin Name to be specified when that capability is present. If it is not there, Azure MySQL instances respond with "The connection string may not be right. Please visit portal for references.". See https://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::HandshakeResponse and osheroff#26 for more details about the investigation.
…ions PLUGIN_AUTH is listed as one of the capabilities and connections to Azure MySQL require the Auth Plugin Name to be specified when that capability is present. If it is not there, Azure MySQL instances respond with "The connection string may not be right. Please visit portal for references.". See https://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::HandshakeResponse and osheroff#26 for more details about the investigation.
|
Hey @osheroff , thanks for merging and creating new version 0.23.4. Any ETA on when this will make it maven central or another public repo? |
|
Hi @redcape I got stuck yak-shaving an issue with jdk11 and tls-hostname-verifying and oh-god-it's-a-tarpit. I'll see if I can get openjdk8 running somewhere so I can get a build out sooner than later. |
|
0.23.4 released. |
|
Hi @osheroff can you point to where this is released, both maven central seems to have the latest version at 0.23.3 |
|
harumph. the release seemed to go ok. trying again... |
|
ok this time it showed up at https://repo1.maven.org/maven2/com/zendesk/mysql-binlog-connector-java/0.23.4/ at least. so i think the artifact should be there... |
Pulls in the changes from osheroff/mysql-binlog-connector-java#27, which fix osheroff/mysql-binlog-connector-java#26, which made the connector impossible to use on Azure.
Pulls in the changes from osheroff/mysql-binlog-connector-java#27, which fix osheroff/mysql-binlog-connector-java#26, which made the connector impossible to use on Azure.
Trying to use debezium to read the binlog, but on Azure a MySQL 5.7 instance, am getting "The connection string may not be right. Please visit portal for references."
The debezium part of the connection works using the regular MySQL JDBC driver, but when connecting for the binlog it fails. Any insight into what to do or data you'd like me to provide, please let me know.
Tried to pull the latest and still didn't help:
com.zendesk:mysql-binlog-connector-java:0.23.3
mysql:mysql-connector-java:8.0.22
io.debezium:debezium-connector-mysql:1.4.0.Final
io.debezium:debezium-embedded:1.4.0.Final
Stack Trace:
Here's a better unit test of the whole issue showing only MySQL JDBC and mysql-binlog-connector-java:
Output is:
Note that without serverTimeZone=UTC, I get: the following as an error during connection with the first JDBC connection.
The text was updated successfully, but these errors were encountered: