Metricbeat-6.6.0 "MySQL module" ("MySQL status metricset" can't connect to MySQL 8)

beats-module
(Sergey Ambaryan) #1

Hi!
I have MySQL Ver 8.0.13 for Linux and i have installed and configured Metricbeat-6.6.0 with enabled module "mysql" (enabled metricsets "- status").

But, when i run metricbeat - in debug log i see next part of message:

"error": {
    "message": "this user requires mysql native password authentication."
},

For this user, in mysql, enabled "mysql_native_password" auth plugin.

I'm change auth plugin to "caching_sha2_password", and in metricbeat debug log i see next part of message:

"error": {
    "message": "this authentication plugin is not supported"
},

Okey, I'm change auth plugin to "sha256_password", and in metricbeat debug log i see next part of message:

"error": {
    "message": "this authentication plugin is not supported"
},

...what im doing wrong?
I'm sure that all configuration files are correct, because all another metricbeat function's work's fine!

/etc/metricbeat/mysql.yml file content:

- module: 
  metricsets:
    - status
  period: 10s
  hosts: ["username:password@tcp(127.0.0.1:3306)/"]
(Sergey Ambaryan) #2

I enable mysql_native_password plugin in MySQL for this user and changed /etc/metricbeat/mysql.yml file content to this:

- module: mysql
  metricsets:
    - status
  period: 10s
  hosts: ["tcp(localhost:3306)/?allowNativePasswords=true"]

  username: my_username
  password: my_password

...and all work fine!
Please, add info about ?allowNativePasswords=true to documentation :pray:

(Martin R.) #3

I think you should open a github issue and ask if metricbeat should support the new auth in mysql 8 no?

Not an expert in mysql but I think it doesnt work unless you REVERT that user to this plugin because mysql 8 now uses a better auth. My thinking is, metricbeat should support mysql 8 default auth without requiring you to downgrade security.

I might have this all wrong though but it would be worth a github issue to clarify.

What do you think? Whats the new auth in mysql 8 and is it more secure than mysql_native_password ?
If it is you just had to downgrade security in your DB server to make metricbeat work?

(Martin R.) #4

also when you ask for a doc change I think you need to open a github issue too.