Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-3077

But after upgrading from Version 2.4 to 2.5, we are not able to connect with our RDS instance.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 2.5.0
    • Fix Version/s: N/A
    • Component/s: Authenticator
    • Labels:
      None
    • Environment:
      Ubuntu-16.04 LTS
      Aurora MySQL RDS
      maxscale 2.5.1
    • Sprint:
      MXS-SPRINT-111, MXS-SPRINT-112, MXS-SPRINT-113

      Description

      Currently, we are using Aurora Mysql Rds with Maxscale Version 2.4. which works perfectly fine. But after upgrading from Version 2.4 to 2.5, we are not able to connect with our RDS instance. I will share with you configuration file & Logs, kindly check and let me know what is the issue.

      Aurora does not allow us to give permission to this table.

      mysql> SELECT a.user, a.host, a.role FROM mysql.roles_mapping AS a;
      ERROR 1142 (42000): SELECT command denied to user 'maxscale'@'%' for table 'roles_mapping'
      mysql>.
      

      NOTE:- My Aurora mysql Credential works fine while connected traditionally.

      mysql -u maxscale -h Aurora-DB-Sting -p
      

      But while Try to connect like this throw an error

      mysql -u maxscale -p -h127.0.0.1 -P4001
      Enter password:
      ERROR 1045 (28000): Access denied for user 'maxscale'@'127.0.0.1' (using password: YES)
      
      

      cat /etc/maxscale.cnf

      [maxscale]
      threads=auto
       
      [Aurora-Monitor-One]
      type=monitor
      module=auroramon
      servers=node1
      user=user=username
      password=password
      monitor_interval=2500
       
      [Aurora-Monitor-Two]
      type=monitor
      module=auroramon
      servers=node2
      user=username
      password=password
      monitor_interval=2500
       
      [MaxRows]
      type=filter
      module=maxrows
      max_resultset_rows=10000
      max_resultset_size=10485760
       
      [DatabaseFirewall-whitelist]
      type=filter
      module=dbfwfilter
      action=allow
      rules=/etc/maxscale-rules.d/whitelist-rules.txt
      log_no_match=true
       
      [DatabaseFirewall-blacklist]
      type=filter
      module=dbfwfilter
      action=block
      rules=/etc/maxscale-rules.d/blacklist-rules.txt
       
      [MyMasking]
      type=filter
      module=masking
      warn_type_mismatch=always
      large_payload=abort
      rules=/etc/maxscale.modules.d/masking_PII.json
      prevent_function_usage=false
       
      [RWONE]
      type=service
      router=readconnroute
      router_options=slave
      servers=node1
      user=username
      password=password
      connection_timeout=1000
      filters= DatabaseFirewall-whitelist|DatabaseFirewall-blacklist|MaxRows|MyMasking
       
      [RWTWO]
      type=service
      router=readconnroute
      router_options=slave
      servers=node2
      user=username
      password=password
      connection_timeout=1000
      filters= DatabaseFirewall-whitelist|DatabaseFirewall-blacklist|MaxRows|MyMasking
       
      [RWONE-listener]
      type=listener
      service=RWONE
      protocol=MySQLClient
      address=0.0.0.0
      port=4001
       
      [RWTWO-listener]
      type=listener
      service=RWTWO
      protocol=MySQLClient
      address=0.0.0.0
      port=4002
       
      [node1]
      type=server
      address=RDS-AURORA-HOST
      port=3306
      protocol=MySQLBackend
      persistpoolmax=50
      persistmaxtime=3600
       
      [node2]
      type=server
      address=RDS-AURORA-HOST
      port=3306
      protocol=MySQLBackend
      persistpoolmax=50
      persistmaxtime=3600
      

      sudo tail -f /var/log/maxscale/maxscale.log

      2020-07-17 19:05:01   warning: Protocol module 'mysqlclient' has been deprecated, use 'mariadbclient' instead.
      2020-07-17 19:05:01   warning: (node2) persistmaxtime: Specifying durations without a suffix denoting the unit has been deprecated: 3600. Use the suffixes 'h' (hour), 'm' (minute) 's' (second) or 'ms' (milliseconds).
      2020-07-17 19:05:01   warning: (node1) persistmaxtime: Specifying durations without a suffix denoting the unit has been deprecated: 3600. Use the suffixes 'h' (hour), 'm' (minute) 's' (second) or 'ms' (milliseconds).
      2020-07-17 19:05:01   warning: The MaxScale GUI is enabled but encryption for the REST API is not enabled, the GUI will not be enabled. Configure `admin_ssl_key` and `admin_ssl_cert` to enable HTTPS or add `admin_secure_gui=false` to allow use of the GUI without encryption.
      2020-07-17 19:05:01   notice : Started REST API on [127.0.0.1]:8989
      2020-07-17 19:05:01   notice : Server 'node2' charset: latin1
      2020-07-17 19:05:01   notice : Server 'node1' charset: latin1
      2020-07-17 19:05:02   notice : Server 'node1' version: 5.6.10-log
      2020-07-17 19:05:02   notice : Read 11 user@host entries from 'node1' for service 'RWONE'.
      2020-07-17 19:05:02   notice : Server 'node2' version: 5.6.10-log
      2020-07-17 19:05:02   notice : Read 13 user@host entries from 'node3' for service 'RWTWO'.
      2020-07-17 19:05:04   notice : Starting a total of 2 services...
      2020-07-17 19:05:04   notice : (RWTWO-listener) Listening for connections at [0.0.0.0]:4002
      2020-07-17 19:05:04   notice : Service 'RWTWO' started (1/2)
      2020-07-17 19:05:04   notice : (RWONE-listener) Listening for connections at [0.0.0.0]:4001
      2020-07-17 19:05:04   notice : Service 'RWONE' started (2/2)
      2020-07-17 19:05:23   warning: (1) [mariadbclient] Authentication failed for user 'maxscale'@[127.0.0.1] to service 'RWONE'. Originating listener: 'RWONE-listener'. MariaDB error: 'Access denied for user 'username'@'127.0.0.1' (using password: YES)'.
      

        Attachments

          Activity

            People

            Assignee:
            esa.korhonen Esa Korhonen
            Reporter:
            sunni.kumar sunni kumar
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: