Metricbeat-6.6.0 "MySQL module" ("MySQL status metricset" can't connect to MySQL 8)

Sergey_Ambaryan · May 17, 2019, 1:19pm

Hi!
I have MySQL Ver 8.0.13 for Linux and i have installed and configured Metricbeat-6.6.0 with enabled module "mysql" (enabled metricsets "- status").

But, when i run metricbeat - in debug log i see next part of message:

"error": {
    "message": "this user requires mysql native password authentication."
},

For this user, in mysql, enabled "mysql_native_password" auth plugin.

I'm change auth plugin to "caching_sha2_password", and in metricbeat debug log i see next part of message:

"error": {
    "message": "this authentication plugin is not supported"
},

Okey, I'm change auth plugin to "sha256_password", and in metricbeat debug log i see next part of message:

"error": {
    "message": "this authentication plugin is not supported"
},

...what im doing wrong?
I'm sure that all configuration files are correct, because all another metricbeat function's work's fine!

/etc/metricbeat/mysql.yml file content:

- module: 
  metricsets:
    - status
  period: 10s
  hosts: ["username:password@tcp(127.0.0.1:3306)/"]

Sergey_Ambaryan · May 17, 2019, 4:13pm

I enable mysql_native_password plugin in MySQL for this user and changed /etc/metricbeat/mysql.yml file content to this:

- module: mysql
  metricsets:
    - status
  period: 10s
  hosts: ["tcp(localhost:3306)/?allowNativePasswords=true"]

  username: my_username
  password: my_password

...and all work fine!
Please, add info about ?allowNativePasswords=true to documentation

martinr_ubi · May 17, 2019, 9:00pm

I think you should open a github issue and ask if metricbeat should support the new auth in mysql 8 no?

Not an expert in mysql but I think it doesnt work unless you REVERT that user to this plugin because mysql 8 now uses a better auth. My thinking is, metricbeat should support mysql 8 default auth without requiring you to downgrade security.

I might have this all wrong though but it would be worth a github issue to clarify.

What do you think? Whats the new auth in mysql 8 and is it more secure than mysql_native_password ?
If it is you just had to downgrade security in your DB server to make metricbeat work?

martinr_ubi · May 17, 2019, 9:02pm

also when you ask for a doc change I think you need to open a github issue too.

Topic		Replies	Views
Metricbeat and MySQL doesnt show results Beats metricbeat	3	1178	June 18, 2018
ELK MetricBeat - Monitor remote mysqlDB Beats beats-module , metricbeat	5	642	September 27, 2021
No data MySQL dashboard - version mismatch? Beats metricbeat	25	2333	October 16, 2018
Metricbeat for MySQL fails - "missing required field accessing '0.queries'" Beats metricbeat	3	2355	May 31, 2021
Mysql Module not retrieving data Beats metricbeat	7	832	January 13, 2020

Metricbeat-6.6.0 "MySQL module" ("MySQL status metricset" can't connect to MySQL 8)

Related topics