[MXS-2910] Maxscale sometimes (not always!) doesn't authenticate user via Splitter servise Created: 2020-03-03  Updated: 2020-03-05  Resolved: 2020-03-05

Status: Closed
Project: MariaDB MaxScale
Component/s: Authenticator
Affects Version/s: 2.1.7
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Dmitry Pronyaev Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Environment:

Debian 9, Percona-xtradb-cluster-server-5.7 5.7.20-29.24-1.stretch, maxscale 2.1.7


 Description   

Maxscale works but SOME queries fail with authentification error (it can happen for any user):

*020-03-03 13:30:01 error : [MySQLAuth] Client hostname lookup failed, getnameinfo() returned: 'Name or service not known'.
2020-03-03 13:30:01 warning: [MySQLAuth] Splitter Service: login attempt for user 'testfromast1'@[172.20.71.193]:54860, authentication failed.
2020-03-03 13:30:01 notice : [MySQLAuth] [Splitter Service] Loaded 127 MySQL users for listener Splitter Listener.
2020-03-03 13:30:01 error : [MySQLAuth] Client hostname lookup failed, getnameinfo() returned: 'Name or service not known'.
2020-03-03 13:30:01 warning: [MySQLAuth] Splitter Service: login attempt for user 'call_states'@[172.20.71.109]:55948, authentication failed.
2020-03-03 13:33:02 error : [MySQLAuth] Client hostname lookup failed, getnameinfo() returned: 'Name or service not known'.
2020-03-03 13:33:02 notice : [MySQLAuth] [Splitter Service] Loaded 127 MySQL users for listener Splitter Listener.
2020-03-03 13:33:02 notice : [MySQLAuth] [Splitter Service] Loaded 127 MySQL users for listener Splitter Listener.
2020-03-03 13:33:02 error : [MySQLAuth] Client hostname lookup failed, getnameinfo() returned: 'Name or service not known'.
2020-03-03 13:33:02 warning: [MySQLAuth] Splitter Service: login attempt for user 'call_states'@[172.20.71.109]:55976, authentication failed.*

These users exist with wildcard like 'user'@'%', most of queries done well.

Here are my maxscale permissions on backend servers:

GRANT SHOW DATABASES, REPLICATION SLAVE, REPLICATION CLIENT ON *. TO 'maxscale'@'172.31.254.61' |

GRANT SELECT ON `mysql`.`db` TO 'maxscale'@'172.31.254.61'
GRANT SELECT ON `mysql`.`tables_priv` TO 'maxscale'@'172.31.254.61'
GRANT SELECT ON `mysql`.`user` TO 'maxscale'@'172.31.254.61' *

Here is my /etc/maxscale.cnf:

*[maxscale]
threads=4
auth_connect_timeout=20
auth_read_timeout=20
auth_write_timeout=20
log_warning=1
log_info=0

[Splitter Service]
type=service
router=readwritesplit
router_options=master_accept_reads=true
servers=node1, node2
user=maxscale
passwd=PASSWD

[Splitter Listener]
type=listener
service=Splitter Service
protocol=MySQLClient
port=3306
address=0.0.0.0
socket=/tmp/ClusterMaster

[node1]
type=server
address=172.31.254.55
port=3306
protocol=MySQLBackend
priority=1

[node2]
type=server
address=10.77.12.33
port=3306
protocol=MySQLBackend
priority=2

[Galera Monitor]
use_priority=true
disable_master_failback=true
type=monitor
module=galeramon
servers=node1, node2
user=maxscale
passwd=PASSWD

[CLI]
type=service
router=cli

[CLI Listener]
type=listener
service=CLI
protocol=maxscaled
port=6603*

 Comments   
Comment by markus makela [ 2020-03-03 ]

Can you try if this happens with the latest 2.4 version of MaxScale?

Comment by Dmitry Pronyaev [ 2020-03-03 ]

@markus it's in my production environment. I can try to update it to the latest 2.4 version. Do I need modify my configuration file or it suitable for 2.4 in it's current state?

Comment by markus makela [ 2020-03-03 ]

I would first recommend testing the upgrade in a non-production environment.

Comment by Dmitry Pronyaev [ 2020-03-05 ]

I've updated maxscale 2.1.7 to 2.4.7 - now I don't have the problem with authentification existing users.

Comment by markus makela [ 2020-03-05 ]

Closing as fixed since it works with a newer release.

Generated at Thu Feb 08 04:17:34 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.