Closed vpelagatti closed 1 month ago
Having the same issue, did you figured it out all ready?
No, I don't. Still trying to figure out how to solve it
Hi @ItsReddi, @vpelagatti,
let me try to help with this issue. I think that the problem you might be having is that you are trying to create non-SSL
connections while using chaching_sha2_password
as authentication method. This is not possible, since caching_sha2_password
requires a secure channel for the password to be shared, you can see ProxySQL
interaction with a similar script to yours:
output
- failure as in your script:
Connect with ftptest
PHP Fatal error: Uncaught PDOException: SQLSTATE[HY000] [2006] MySQL server has gone away in /home/.../script.php:18
Stack trace:
#0 /home/.../4596/script.php(18): PDO->__construct()
#1 {main}
thrown in /home/.../4596/script.php on line 18
And in this traffic capture, you can see that ProxySQL denies the access when the public key is requested in an insecure channel by the client: PHP-ProxySQL-No-SSL.pcapng.zip.
Now, the situation changes once you perform this action Connect with the same credentials using 'mysql' client
this is because the MySQL
client will establish an SSL
connection with ProxySQL
, and after that interaction ProxySQL
will remember internally password in clear-text, so no more full-authentication
from caching_sha2
would be required, and SSL
(a secure channel) won't be a requirement for the connection establishment.
Modifying your PHP
script into something like the following, you should be providing a secure channel (SSL
) for performing the connection, and thus, authentication should work also the first time, when secrets are required to be shared:
#!/usr/bin/php
<?php
print("Connect with ftptest\n");
$ssl_options = array(
PDO::MYSQL_ATTR_SSL_CA => '',
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
);
$dsn = "mysql:host=127.0.0.1;port=6033;charset=utf8mb4";
// Creds
$user = "sbtest1";
$pass = "sbtest1";
$con = new PDO($dsn, $user, $pass);
print(">>>>> ftptest connected\n");
?>
This requirement is also expressed in a couple of points of the documentation for caching_sha2_password
. Especially in this two places:
I hope this helps to clarify your doubts, please feel free to close the issue if that is the case.
Regards, Javier.
I'm struggiling since 4 days with a strange issue with my ProxySQL+MySQL cluster. I've attached all information that seems relevant to me. I read documentation about how to import 'caching_sha2_password' from MySQL to ProxySQL (https://proxysql.com/documentation/Password-management/#import-caching_sha2_passwords) but even that worked, when I try to connect using a PHP script, it failed. After connect to ProxySQL using MySQL cliente (mysql) and I execute PHP script again, it works!
Hope anyone can help. Below you have my secuencial path....
=============================================================================================== OS: # Red Hat Enterprise Linux release 9.4 (Plow) - Oracle Linux 9
MySQL cluster: 3 nodes (1 master, 2 slaves) replicating MySQL version: Server version: 8.0.36-28 Percona Server (GPL), Release 28, Revision 47601f19
ProxySQL version: ProxySQL version 2.6.3-percona-1.1, codename Truls
global variables:
Get user's password from MySQL
Insert username's password into ProxySQL, load mysql users to runtime and save them to disk:
Create a 'test.php' file and connect using 'ftptest' credentials using ProxySQL
Execute test.php and FAIL!
On /var/lib/proxysql/proxysql.log, I've got:
Connect with the same configuration using 'mysql' client
Execute test.php and SUCCESS!
If I update the user's password, I need to connect again using the credentials and then test.php executes successfully.
Update user's password in MySQL master
Update username's password in ProxySQL
Execute test.php and FAIL!
On /var/lib/proxysql/proxysql.log, I've got:
Connect with the same credentials using 'mysql' client
Execute test.php and SUCCESS!
Do you have any clue about how to fix this issue?
Thank you very much!