Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PMM user creation instructions for MySQL 8 on Amazon RDS don't work and are harmful #1214

Open
fredericgboutin-yapla opened this issue Feb 14, 2024 · 1 comment · May be fixed by #1298
Open

PMM user creation instructions for MySQL 8 on Amazon RDS don't work and are harmful #1214

fredericgboutin-yapla opened this issue Feb 14, 2024 · 1 comment · May be fixed by #1298
Assignees
@catalinaadam

Comments

@fredericgboutin-yapla
Copy link

fredericgboutin-yapla commented Feb 14, 2024
edited
Loading

When reading https://docs.percona.com/percona-monitoring-and-management/setting-up/client/aws.html#setting-up-the-amazon-rds-db-instance you see,

CREATE USER 'pmm'@'%' IDENTIFIED BY 'pass';
GRANT SELECT, PROCESS, REPLICATION CLIENT ON *.* TO 'pmm'@'%';
ALTER USER 'pmm'@'%' WITH MAX_USER_CONNECTIONS 10;
GRANT SELECT, UPDATE, DELETE, DROP ON performance_schema.* TO 'pmm'@'%';

The problem is, running this script on an AWS RDS MySQL 8 database "aggressively" doesn't work. It closed my client connection after complaining about an invalid GRANT. It then blocked the replication process of our replica, failing on the GRANT instructions (Context: we are migrating our Primary from 5.7 to 8.0.x so our 8.0.x replica failed quite hard).

After a chat with GPT, it explained that in MySQL 8 the default authentication method changed and that running this script instead would work,

-- Create user with caching_sha2_password authentication plugin
CREATE USER 'pmm'@'%' IDENTIFIED WITH 'caching_sha2_password' BY 'pass';

-- Grant necessary privileges using the new syntax
GRANT SELECT, PROCESS, REPLICATION CLIENT ON *.* TO 'pmm'@'%';
GRANT SELECT, UPDATE, DELETE, DROP ON performance_schema.* TO 'pmm'@'%';

-- Set maximum user connections
ALTER USER 'pmm'@'%' WITH MAX_USER_CONNECTIONS 10;

I tried it and indeed it seems to work.

I'm not expert here on the why and how; we should probably use the mysql_native_password plugin instead, I don't know. But I know that the current instructions in the documentation were very harmful for us.

Thanks !
@fredericgboutin-yapla fredericgboutin-yapla changed the title PMM user creation instructions for MySQL 8 on Amazon RDS don't work PMM user creation instructions for MySQL 8 on Amazon RDS don't work and are harmful Feb 14, 2024
@fredericgboutin-yapla
Copy link
Author

fredericgboutin-yapla commented Feb 19, 2024
edited
Loading

BTW,
(God damn is anybody here or what?)

I began to get errors in my providers. I could not see any query in QAN. I dug into PMM log files only to see

time="2024-02-14T21:43:29.382+00:00" level=info msg="Action started." component=runner id=/action_id/6a4103d9-6ad2-4581-aa43-26bb68fe7f8e type=mysql-query-show
time="2024-02-14T21:43:29.386+00:00" level=warning msg="Action terminated with error: Error 1226 (42000): User 'pmm' has exceeded the 'max_connections_per_hour' resource

And there you have a solution - https://forums.percona.com/t/gaps-in-mysql-metrics-due-to-max-connections-per-hour/13209 - that should have been documented.

So the script in the documentation should also including something like,

ALTER USER 'pmm'@'%' WITH MAX_CONNECTIONS_PER_HOUR 0;

@catalinaadam catalinaadam self-assigned this Aug 12, 2024
@rnovikovP rnovikovP linked a pull request Aug 12, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@catalinaadam catalinaadam

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update instructions for PMM User creation for MySQL 8 on Amazon RDS percona/pmm-doc
2 participants
@fredericgboutin-yapla @catalinaadam