Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MySQL 8.0.11 auth issue #1204

Open
Timester opened this issue May 30, 2019 · 4 comments

Comments

@Timester
Copy link

commented May 30, 2019

Environment

  • VerneMQ Version: 1.8.0 (official docker image)
  • OS: MacOS 10.14.5
  • Cluster size/standalone: single node, no clustering used
  • Run command
docker run -p 8884:8884 --link mysql:mysql -e "DOCKER_VERNEMQ_PLUGINS__VMQ_PASSWD=off" -e "DOCKER_VERNEMQ_PLUGINS__VMQ_ACL=off" -e "DOCKER_VERNEMQ_PLUGINS__VMQ_DIVERSITY=on" -e "DOCKER_VERNEMQ_VMQ_DIVERSITY__MYSQL__HOST=projectx" -e "DOCKER_VERNEMQ_VMQ_DIVERSITY__MYSQL__PORT=3306" -e "DOCKER_VERNEMQ_VMQ_DIVERSITY__MYSQL__USER=alma" -e "DOCKER_VERNEMQ_VMQ_DIVERSITY__MYSQL__PASSWORD=alma" -e "DOCKER_VERNEMQ_VMQ_DIVERSITY__MYSQL__DATABASE=projectx" -e "DOCKER_VERNEMQ_VMQ_DIVERSITY__MYSQLACL__FILE=/etc/scripts/mysqlacl.lua" -e "DOCKER_VERNEMQ_LISTENER__SSL__CAFILE=/etc/ssl/ca.crt" -e "DOCKER_VERNEMQ_LISTENER__SSL__CERTFILE=/etc/ssl/server.crt" -e "DOCKER_VERNEMQ_LISTENER__SSL__KEYFILE=/etc/ssl/server.key" -e "DOCKER_VERNEMQ_LISTENER__SSL__DEFAULT=0.0.0.0:8884" -e "DOCKER_VERNEMQ_LISTENER__SSL__DEFAULT__USE_IDENTITY_AS_USERNAME=off" -e "DOCKER_VERNEMQ_LISTENER__SSL__DEFAULT__REQUIRE_CERTIFICATE=off" -v /Users/alma/Desktop/zpmqtt/certs:/etc/ssl -v /Users/alma/Desktop/zpmqtt/scripts:/etc/scripts --name vernemq -d erlio/docker-vernemq:1.8.0

Expected behavior

  • VMQ Diversity can connect to a MySQL 8.0+ database and authenticate.

Actual behaviour

  • Authentication fails with the following:
15:55:14.447 [info] enable script for "/etc/scripts/mysqlacl.lua"
15:55:14.493 [error] can't load script "/etc/scripts/mysqlacl.lua" due to {throw,{auth_fail,{error_packet,2,1251,<<"08004">>,"Client does not support authentication protocol requested by server; consider upgrading MySQL client"}}}
15:55:14.495 [error] could not load script "/etc/scripts/mysqlacl.lua" due to {{'EXIT',{{badmatch,{error,{normal,{child,undefined,{vmq_diversity_script_state,1},{vmq_diversity_script_state,start_link,[1,"/etc/scripts/mysqlacl.lua"]},permanent,5000,worker,[vmq_diversity_script_state]}}}},[{vmq_diversity_script_sup_sup,setup_lua_states,2,[{file,"/vernemq-build/apps/vmq_diversity/src/vmq_diversity_script_sup_sup.erl"},{line,97}]},{vmq_diversity_script_sup_sup,start_link,1,[{file,"/vernemq-build/apps/vmq_diversity/src/vmq_diversity_script_sup_sup.erl"},{line,45}]},{supervisor,do_start_child_i,3,[{file,"supervisor.erl"},{line,379}]},{supervisor,do_start_child,2,[{file,"supervisor.erl"},{line,365}]},{supervisor,handle_start_child,2,[{file,"supervisor.erl"},{line,671}]},{supervisor,handle_call,3,[{file,"supervisor.erl"},{line,420}]},{gen_server,try_handle_call,4,[{file,"gen_server.erl"},{line,661}]},{gen_server,handle_msg,6,[{file,"gen_server.erl"},{line,690}]}]}},{child,undefined,{vmq_diversity_script_sup_sup,"/etc/scripts/mysqlacl.lua"},{vmq_diversity_script_sup_sup,start_link,["/etc/scripts/mysqlacl.lua"]},permanent,5000,supervisor,[vmq_diversity_script_sup_sup]}}

Altering the mysql user with the following fixes the problem.

ALTER USER 'alma'@'%' IDENTIFIED WITH mysql_native_password BY 'password'

We have tried to use the feature described here #1023 to no success.

@larshesel

This comment has been minimized.

Copy link
Contributor

commented May 31, 2019

Hi, thanks for reporting. As the error says then the MySQL client we are using is old and we should upgrade it. We'll have to look into that and which options we have.

@Timester

This comment has been minimized.

Copy link
Author

commented May 31, 2019

Thank you very much! Do you have anything in mind regarding the timing?

@larshesel

This comment has been minimized.

Copy link
Contributor

commented May 31, 2019

I'm afraid I can't say when we'll get to this. We'd likely have to switch to another MySQL client library to make this work and this might be easier said than done. Of course we have to support new MySQL versions out of the box, so we'll get to it at some point.

@larshesel larshesel added the bug label May 31, 2019

@larshesel

This comment has been minimized.

Copy link
Contributor

commented Jul 31, 2019

Perhaps we can use the https://github.com/mysql-otp/mysql-otp driver instead. Will have to investigate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.