Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Won't Fix
-
2.5.0
-
None
-
Ubuntu-16.04 LTS
Aurora MySQL RDS
maxscale 2.5.1
-
MXS-SPRINT-111, MXS-SPRINT-112, MXS-SPRINT-113
Description
Currently, we are using Aurora Mysql Rds with Maxscale Version 2.4. which works perfectly fine. But after upgrading from Version 2.4 to 2.5, we are not able to connect with our RDS instance. I will share with you configuration file & Logs, kindly check and let me know what is the issue.
Aurora does not allow us to give permission to this table.
mysql> SELECT a.user, a.host, a.role FROM mysql.roles_mapping AS a;
|
ERROR 1142 (42000): SELECT command denied to user 'maxscale'@'%' for table 'roles_mapping'
|
mysql>.
|
NOTE:- My Aurora mysql Credential works fine while connected traditionally.
mysql -u maxscale -h Aurora-DB-Sting -p
|
But while Try to connect like this throw an error
mysql -u maxscale -p -h127.0.0.1 -P4001
|
Enter password:
|
ERROR 1045 (28000): Access denied for user 'maxscale'@'127.0.0.1' (using password: YES)
|
|
cat /etc/maxscale.cnf
[maxscale]
|
threads=auto
|
|
|
[Aurora-Monitor-One]
|
type=monitor
|
module=auroramon
|
servers=node1
|
user=user=username
|
password=password
|
monitor_interval=2500
|
|
|
[Aurora-Monitor-Two]
|
type=monitor
|
module=auroramon
|
servers=node2
|
user=username
|
password=password
|
monitor_interval=2500
|
|
|
[MaxRows]
|
type=filter
|
module=maxrows
|
max_resultset_rows=10000
|
max_resultset_size=10485760
|
|
|
[DatabaseFirewall-whitelist]
|
type=filter
|
module=dbfwfilter
|
action=allow
|
rules=/etc/maxscale-rules.d/whitelist-rules.txt
|
log_no_match=true
|
|
|
[DatabaseFirewall-blacklist]
|
type=filter
|
module=dbfwfilter
|
action=block
|
rules=/etc/maxscale-rules.d/blacklist-rules.txt
|
|
|
[MyMasking]
|
type=filter
|
module=masking
|
warn_type_mismatch=always
|
large_payload=abort
|
rules=/etc/maxscale.modules.d/masking_PII.json
|
prevent_function_usage=false
|
|
|
[RWONE]
|
type=service
|
router=readconnroute
|
router_options=slave
|
servers=node1
|
user=username
|
password=password
|
connection_timeout=1000
|
filters= DatabaseFirewall-whitelist|DatabaseFirewall-blacklist|MaxRows|MyMasking
|
|
|
[RWTWO]
|
type=service
|
router=readconnroute
|
router_options=slave
|
servers=node2
|
user=username
|
password=password
|
connection_timeout=1000
|
filters= DatabaseFirewall-whitelist|DatabaseFirewall-blacklist|MaxRows|MyMasking
|
|
|
[RWONE-listener]
|
type=listener
|
service=RWONE
|
protocol=MySQLClient
|
address=0.0.0.0
|
port=4001
|
|
|
[RWTWO-listener]
|
type=listener
|
service=RWTWO
|
protocol=MySQLClient
|
address=0.0.0.0
|
port=4002
|
|
|
[node1]
|
type=server
|
address=RDS-AURORA-HOST
|
port=3306
|
protocol=MySQLBackend
|
persistpoolmax=50
|
persistmaxtime=3600
|
|
|
[node2]
|
type=server
|
address=RDS-AURORA-HOST
|
port=3306
|
protocol=MySQLBackend
|
persistpoolmax=50
|
persistmaxtime=3600
|
sudo tail -f /var/log/maxscale/maxscale.log
2020-07-17 19:05:01 warning: Protocol module 'mysqlclient' has been deprecated, use 'mariadbclient' instead.
|
2020-07-17 19:05:01 warning: (node2) persistmaxtime: Specifying durations without a suffix denoting the unit has been deprecated: 3600. Use the suffixes 'h' (hour), 'm' (minute) 's' (second) or 'ms' (milliseconds).
|
2020-07-17 19:05:01 warning: (node1) persistmaxtime: Specifying durations without a suffix denoting the unit has been deprecated: 3600. Use the suffixes 'h' (hour), 'm' (minute) 's' (second) or 'ms' (milliseconds).
|
2020-07-17 19:05:01 warning: The MaxScale GUI is enabled but encryption for the REST API is not enabled, the GUI will not be enabled. Configure `admin_ssl_key` and `admin_ssl_cert` to enable HTTPS or add `admin_secure_gui=false` to allow use of the GUI without encryption.
|
2020-07-17 19:05:01 notice : Started REST API on [127.0.0.1]:8989
|
2020-07-17 19:05:01 notice : Server 'node2' charset: latin1
|
2020-07-17 19:05:01 notice : Server 'node1' charset: latin1
|
2020-07-17 19:05:02 notice : Server 'node1' version: 5.6.10-log
|
2020-07-17 19:05:02 notice : Read 11 user@host entries from 'node1' for service 'RWONE'.
|
2020-07-17 19:05:02 notice : Server 'node2' version: 5.6.10-log
|
2020-07-17 19:05:02 notice : Read 13 user@host entries from 'node3' for service 'RWTWO'.
|
2020-07-17 19:05:04 notice : Starting a total of 2 services...
|
2020-07-17 19:05:04 notice : (RWTWO-listener) Listening for connections at [0.0.0.0]:4002
|
2020-07-17 19:05:04 notice : Service 'RWTWO' started (1/2)
|
2020-07-17 19:05:04 notice : (RWONE-listener) Listening for connections at [0.0.0.0]:4001
|
2020-07-17 19:05:04 notice : Service 'RWONE' started (2/2)
|
2020-07-17 19:05:23 warning: (1) [mariadbclient] Authentication failed for user 'maxscale'@[127.0.0.1] to service 'RWONE'. Originating listener: 'RWONE-listener'. MariaDB error: 'Access denied for user 'username'@'127.0.0.1' (using password: YES)'.
|
The user accounts seem to have been loaded normally:
2020-07-17 19:05:02 notice : Read 11 user@host entries from 'node1' for service 'RWONE'.
The roles_mapping table is not loaded on old server versions (there would be error messages in the log if it tried).
Enabling info log ("log_info=1") may help as it will print more detailed authentication errors.