Question

Has anyone been able to use managed MySQL?

Posted September 6, 2019 1.2k views
DigitalOcean

I tried to use Digital Ocean’s new managed MySQL but users I create use cachingsha2password authentication which the Node mysql client doesn’t support. DigitalOcean support told me to run

ALTER USER myuser IDENTIFIED WITH mysql_native_password BY 'mypassword';

but I got a permissions error, apparently I don’t have permission to run that on their MySQL cluster.

So, is their new managed MySQL offering 100% useless for anyone wanting to use it with Node?

Add a comment
30e8cdc2b0b21c99f4895bf509b996de8f474e94
By:
tsongas
edited by bobbyiliev
Add a comment
5 comments
  • tsongas September 6, 2019
    Reply Report

    Edit…sorry…I can run that ALTER USER command but it has no effect unless I then run FLUSH PRIVILEGES which I don’t have permission to do on the cluster.

  • ReneH January 26, 2020
    Reply Report

    @tsongas Have you ever been able to resolve it? I think I’ve tried every possible solution for 2 days but I am still not able to connect to the managed database.

  • bake1 January 28, 2020
    Reply Report

    @tsongas @ReneH I am also very interested, as I have been stuck on this for a few days now.

  • ReneH January 28, 2020
    Reply Report

    @bake1 I was able to solve it by updating PHP to at least PHP 7.2+

    Even after updating make sure that your web app runs under that version by using phpinfo(); In my particular case it turned out that my website still used PHP 7.0 because I’ve “overlooked” to modify the nginx.conf of my server.

  • bake1 January 28, 2020
    Reply Report

    @ReneH I was able to get it working as well.

    I fixed it by:
    1) changing my db user with ‘ALTER USER myuser IDENTIFIED WITH mysqlnativepassword BY 'mypassword’;’
    1a) using the new 'mypassword’ in my .env file when connecting to the db from my application
    2) upgrading node to 12
    3) making sure I included my droplet’s ip address in the list of trusted sources for my managed database.

    Thanks for the response

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

4 answers
bobbyiliev September 6, 2019

Hello,

I am already using the managed MySQL services for a few of my projects.

I’ve also tested your query and I can confirm that it is working as normal and also I can confirm that the doadmin database user has privileges to run this on your MySQL cluster.

There are two things that you might want to consider:

  • Create a new user with mysql_native_password, then you can use this for your projects as normal:
CREATE USER 'your_user'@'your_server_ip ' IDENTIFIED WITH mysql_native_password BY 'your_password';
  • Or if you would like to keep using the doadmin user, then the query that you need to run would be:
ALTER USER doadmin IDENTIFIED WITH mysql_native_password BY 'your_new_password_here';

If you are still getting any errors feel free to share them here and I’ll be happy to advise you further.

Regards,
Bobby

Reply Report
  • tsongas September 6, 2019

    Sorry, I’m able to run that ALTER USER command, but it doesn’t have any effect unless you then also run “FLUSH PRIVILEGES” which is where I get the permissions error.

    Reply Report
    • bobbyiliev September 6, 2019

      If you update the user using ALTER, nothing should need to be flushed as the changes take effect immediately.

      Reply Report
      • tsongas September 6, 2019

        Here’s the error I continue to get after creating a new user with CREATE USER 'your_user'@'localhost' IDENTIFIED WITH mysql_native_password BY 'your_password'; and assigning privileges:

        2019-09-06T20:30:10.007394293Z app[web.1]: { Error: Handshake inactivity timeout
2019-09-06T20:30:10.007419844Z app[web.1]:     at Handshake.<anonymous> (/app/node_modules/mysql/lib/protocol/Protocol.js:160:17)
2019-09-06T20:30:10.007445275Z app[web.1]:     at Handshake.emit (events.js:197:13)
2019-09-06T20:30:10.007453335Z app[web.1]:     at Handshake._onTimeout (/app/node_modules/mysql/lib/protocol/sequences/Sequence.js:124:8)
2019-09-06T20:30:10.007460212Z app[web.1]:     at Timer._onTimeout (/app/node_modules/mysql/lib/protocol/Timer.js:32:23)
2019-09-06T20:30:10.007466844Z app[web.1]:     at listOnTimeout (timers.js:327:15)
2019-09-06T20:30:10.007484431Z app[web.1]:     at processTimers (timers.js:271:5)
2019-09-06T20:30:10.007492423Z app[web.1]:     --------------------
2019-09-06T20:30:10.007522501Z app[web.1]:     at Protocol._enqueue (/app/node_modules/mysql/lib/protocol/Protocol.js:144:48)
2019-09-06T20:30:10.007529061Z app[web.1]:     at Protocol.handshake (/app/node_modules/mysql/lib/protocol/Protocol.js:51:23)
2019-09-06T20:30:10.007535556Z app[web.1]:     at PoolConnection.connect (/app/node_modules/mysql/lib/Connection.js:119:18)
2019-09-06T20:30:10.007542081Z app[web.1]:     at Pool.getConnection (/app/node_modules/mysql/lib/Pool.js:48:16)
2019-09-06T20:30:10.007551525Z app[web.1]:     at Pool.query (/app/node_modules/mysql/lib/Pool.js:202:8)
2019-09-06T20:30:10.007557870Z app[web.1]:     at /app/model/database.js:17:8
2019-09-06T20:30:10.007584365Z app[web.1]:     at new Promise (<anonymous>)
2019-09-06T20:30:10.007591333Z app[web.1]:     at Object.exports.query (/app/model/database.js:15:9)
2019-09-06T20:30:10.007597417Z app[web.1]:     at Object.exports.get (/app/model/reminder.js:33:25)
2019-09-06T20:30:10.007603221Z app[web.1]:     at sendReminders (/app/reminder.js:16:34)
2019-09-06T20:30:10.007609780Z app[web.1]:   code: 'PROTOCOL_SEQUENCE_TIMEOUT',
2019-09-06T20:30:10.007615978Z app[web.1]:   fatal: true,
2019-09-06T20:30:10.007622201Z app[web.1]:   timeout: 10000 }
        Reply Report
        • bobbyiliev September 7, 2019

          Hello,

          It looks like that the connection is timing out now. This is most likely because of the custom port that the managed cluster uses.

          You need to make sure that you open the traffic for this port via your droplet’s firewall, so that your droplet could connect to the managed cluster.

          And also make sure to allow the droplet’s IP address on your managed cluster, you can do that via your DigitalOcean control panel.

          Hope that this helps!
          Regards,
          Bobby

          Reply Report
          • tsongas September 7, 2019

            This makes no sense to me. Of course I added the droplet to my managed cluster as a trusted source. I completely disabled the UFW firewall on the droplet, and am still getting the same error.

            I never had a problem connecting to my MySQL droplet, even though I never opened incoming port 3306 on the web droplet’s firewall. So, I’m not sure why I’d have to open incoming port 25060 on the web droplet to connect to the MySQL cluster. I allowed all outgoing traffic by default, and like I said still getting the same error even with UFW completely disabled.

            Reply Report
          • bobbyiliev September 7, 2019

            I would suggest testing the connection from your droplet to the managed cluster using telnet to make sure that the droplet is actually able to communicate with the cluster:

            telnet your_managed_cluster 25060

            The the Handshake inactivity timeout error means that the default timeout was exceeded which usually is due to something interfering with the connection such as a firewall or some configuration problem. This is why I mentioned that you need to make sure that the custom port is open on your droplet, and I was referring to outgoing traffic of course.

            Reply Report
          • bobbyiliev September 7, 2019

            I tried this at my end:

            • I created a new managed cluster and a new droplet

            • I allowed the traffic from the droplet to the cluster and I allowed the droplet on the cluster as well

            • I used ALTER to adjust the default user

            • Then I installed node test the connection and I created a simple test.js app:

            My package.json:

            {
  "name": "node-mysql",
  "version": "0.0.1",
  "dependencies": {
    "express": "^4.10.6",
    "mysql": "^2.5.4"
  }
}

            My test.js file:

            var mysql      = require('mysql');
var connection = mysql.createConnection({
  host     : 'my_cluster.db.ondigitalocean.com',
  user     : 'doadmin',
  password : 'my_password',
  database : 'defaultdb',
  port     : '25060'
});

connection.connect(function(err){
if(!err) {
    console.log("The connection was successful!");    
} else {
    console.log("Error connecting to database..");    
}
});

connection.query('SELECT * from test', function(err, rows, fields) {
  if (!err)
    console.log('Result: ', rows);
  else
    console.log('Error while performing Query.');
});

connection.end();
            • I created a test table with 1 entry only.

            It all worked like a charm:

            # node test.js 
The connection was successful!
Result:  [ RowDataPacket { test: 'It works!' } ]

            Hope that this helps!
            Regards,
            Bobby

            Reply Report
greenaro September 6, 2019

I’m facing a similar issue with the provided primary user “doadmin” having no super privileges. Not even able to import an existing db because of this

Apparently, “root” is the only user on the cluster with any rights

Reply Report
  • tsongas September 6, 2019

    I’m looking into Aiven to see if their managed MySQL solution has super privileges.

    Reply Report
    • ServerEnthusiast September 6, 2019

      What is the point of having a MySQL solution with super privileges? The point of a managed service is not to have root/admin access and not to have to deal with the management, configuration and etc.

      If you have super privileges then the service is no longer managed.. that way the vendor can not really guarantee anything as you can mess up something and they would not have any control over it.

      If you need super privileges that much just install MySQL on a droplet and you can do whatever you like there with root access.

      Reply Report
      • tsongas September 6, 2019

        I already installed MySQL on a droplet, before their managed service was available.

        What’s the point of having a managed service that doesn’t work at all because my app can’t access it?

        Reply Report
        • ServerEnthusiast September 6, 2019

          What do you mean that it does not work? It’s a matter of a couple commands, isn’t it? You would usually take with any database, both managed and unmanaged.

          1. Create a new database
          2. Create a new user
          3. Grant privileges

          The only specific thing is that you need to specify mysql_native_password while creating the new user.

          Reply Report
          • tsongas September 6, 2019

            Tried this, still unable to connect due to this Node error:

            2019-09-06T20:30:10.007394293Z app[web.1]: { Error: Handshake inactivity timeout
2019-09-06T20:30:10.007419844Z app[web.1]:     at Handshake.<anonymous> (/app/node_modules/mysql/lib/protocol/Protocol.js:160:17)
2019-09-06T20:30:10.007445275Z app[web.1]:     at Handshake.emit (events.js:197:13)
2019-09-06T20:30:10.007453335Z app[web.1]:     at Handshake._onTimeout (/app/node_modules/mysql/lib/protocol/sequences/Sequence.js:124:8)
2019-09-06T20:30:10.007460212Z app[web.1]:     at Timer._onTimeout (/app/node_modules/mysql/lib/protocol/Timer.js:32:23)
2019-09-06T20:30:10.007466844Z app[web.1]:     at listOnTimeout (timers.js:327:15)
2019-09-06T20:30:10.007484431Z app[web.1]:     at processTimers (timers.js:271:5)
2019-09-06T20:30:10.007492423Z app[web.1]:     --------------------
2019-09-06T20:30:10.007522501Z app[web.1]:     at Protocol._enqueue (/app/node_modules/mysql/lib/protocol/Protocol.js:144:48)
2019-09-06T20:30:10.007529061Z app[web.1]:     at Protocol.handshake (/app/node_modules/mysql/lib/protocol/Protocol.js:51:23)
2019-09-06T20:30:10.007535556Z app[web.1]:     at PoolConnection.connect (/app/node_modules/mysql/lib/Connection.js:119:18)
2019-09-06T20:30:10.007542081Z app[web.1]:     at Pool.getConnection (/app/node_modules/mysql/lib/Pool.js:48:16)
2019-09-06T20:30:10.007551525Z app[web.1]:     at Pool.query (/app/node_modules/mysql/lib/Pool.js:202:8)
2019-09-06T20:30:10.007557870Z app[web.1]:     at /app/model/database.js:17:8
2019-09-06T20:30:10.007584365Z app[web.1]:     at new Promise (<anonymous>)
2019-09-06T20:30:10.007591333Z app[web.1]:     at Object.exports.query (/app/model/database.js:15:9)
2019-09-06T20:30:10.007597417Z app[web.1]:     at Object.exports.get (/app/model/reminder.js:33:25)
2019-09-06T20:30:10.007603221Z app[web.1]:     at sendReminders (/app/reminder.js:16:34)
2019-09-06T20:30:10.007609780Z app[web.1]:   code: 'PROTOCOL_SEQUENCE_TIMEOUT',
2019-09-06T20:30:10.007615978Z app[web.1]:   fatal: true,
2019-09-06T20:30:10.007622201Z app[web.1]:   timeout: 10000 }
            Reply Report
tsongas September 6, 2019

Here’s the error I continue to get after creating a new user with CREATE USER 'your_user'@'localhost' IDENTIFIED WITH mysql_native_password BY 'your_password'; and assigning privileges:

2019-09-06T20:30:10.007394293Z app[web.1]: { Error: Handshake inactivity timeout
2019-09-06T20:30:10.007419844Z app[web.1]:     at Handshake.<anonymous> (/app/node_modules/mysql/lib/protocol/Protocol.js:160:17)
2019-09-06T20:30:10.007445275Z app[web.1]:     at Handshake.emit (events.js:197:13)
2019-09-06T20:30:10.007453335Z app[web.1]:     at Handshake._onTimeout (/app/node_modules/mysql/lib/protocol/sequences/Sequence.js:124:8)
2019-09-06T20:30:10.007460212Z app[web.1]:     at Timer._onTimeout (/app/node_modules/mysql/lib/protocol/Timer.js:32:23)
2019-09-06T20:30:10.007466844Z app[web.1]:     at listOnTimeout (timers.js:327:15)
2019-09-06T20:30:10.007484431Z app[web.1]:     at processTimers (timers.js:271:5)
2019-09-06T20:30:10.007492423Z app[web.1]:     --------------------
2019-09-06T20:30:10.007522501Z app[web.1]:     at Protocol._enqueue (/app/node_modules/mysql/lib/protocol/Protocol.js:144:48)
2019-09-06T20:30:10.007529061Z app[web.1]:     at Protocol.handshake (/app/node_modules/mysql/lib/protocol/Protocol.js:51:23)
2019-09-06T20:30:10.007535556Z app[web.1]:     at PoolConnection.connect (/app/node_modules/mysql/lib/Connection.js:119:18)
2019-09-06T20:30:10.007542081Z app[web.1]:     at Pool.getConnection (/app/node_modules/mysql/lib/Pool.js:48:16)
2019-09-06T20:30:10.007551525Z app[web.1]:     at Pool.query (/app/node_modules/mysql/lib/Pool.js:202:8)
2019-09-06T20:30:10.007557870Z app[web.1]:     at /app/model/database.js:17:8
2019-09-06T20:30:10.007584365Z app[web.1]:     at new Promise (<anonymous>)
2019-09-06T20:30:10.007591333Z app[web.1]:     at Object.exports.query (/app/model/database.js:15:9)
2019-09-06T20:30:10.007597417Z app[web.1]:     at Object.exports.get (/app/model/reminder.js:33:25)
2019-09-06T20:30:10.007603221Z app[web.1]:     at sendReminders (/app/reminder.js:16:34)
2019-09-06T20:30:10.007609780Z app[web.1]:   code: 'PROTOCOL_SEQUENCE_TIMEOUT',
2019-09-06T20:30:10.007615978Z app[web.1]:   fatal: true,
2019-09-06T20:30:10.007622201Z app[web.1]:   timeout: 10000 }
Reply Report
tobymccann September 24, 2019

I’m also having the same issue. One of the issues I’m experiencing is the requirement to specify the ssl-mode in the connection string. To be able to connect at all to the DO managed MySQL service, I have to specify ssl-mode=DISABLED.

I’ve downloaded the Cert and applied manually to my pod, but I’m still getting the cachingsha2password error after trying the ALTER USER query.

Tongas, you might try to see if you can add the ssl-mode=DISABLED or enable SSL from your app to the managed MySQL instance?

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help