mysql 8.0 警告日志大量写入sha256_password‘ is deprecated and will be removed

原创作者:运维工程师 谢晋

mysql 8.0 警告日志大量写入sha256_password‘ is deprecated and will be removed

  1. 问题

ha256_password’ is deprecated and will be removed in a future release. Please use caching_sha2_password instead

mysql server errorlog忽然爆出大量的sha256_password’ is deprecated and will be removed in a future release.错误,导致error不停写入报错信息

2021-07-11T13:17:25.067300Z 2385 [Warning] [MY-013360] [Server] Plugin sha256_password reported: ''sha256_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead'
........
...............
............................
2021-07-11T13:17:31.197610Z 2417 [Warning] [MY-013360] [Server] Plugin sha256_password reported: ''sha256_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead'
  1. 首先的排查思路是要查清楚什么原因导致的大量报错,疯狂的写入日志,从报错看有点像bug,但最后打消了这个念头此版本是MySQL-8.0.25最新的GA,不应该有这么低级的错误,然后梳理下面排查思路,从字面上看是sha256_password以后不被支持了,所以不断的报错,是什么原因出发这个报错呢,很可能是老的程序客户端使用的加密方式与MySQL 8.0.25的加密方式不兼容导致的。那么我们就从连接方向来排查,首先要找到哪些客户端和程序连接到MySQL,导致的报错
  2. 首先查询本地下加密方式,所有用户使用的都是caching_sha2_password,也是MySQL 8.0建议的加密方式
mysql> show variables like '%auth%';
+-------------------------------+-----------------------+
| Variable_name                 | Value                 |
+-------------------------------+-----------------------+
| default_authentication_plugin | caching_sha2_password |
+-------------------------------+-----------------------+
 
mysql> select user,host,plugin from mysql.user;
+------------------+--------------+-----------------------+
| user             | host         | plugin                |
+------------------+--------------+-----------------------+
| repl             | %            | caching_sha2_password |
| root             | 127.0.0.1    | caching_sha2_password |
| NC               | 192.168.200.%| caching_sha2_password |
| mysql.infoschema | localhost    | caching_sha2_password |
| mysql.session    | localhost    | caching_sha2_password |
| mysql.sys        | localhost    | caching_sha2_password |
| root             | localhost    | caching_sha2_password |
+------------------+--------------+-----------------------+
7 rows in set (0.00 sec)
  1. 可以从查询connection_control_failed_login_attempts表来确定哪些客户端在连接MySQL和连接报错
mysql> select * from information_schema.connection_control_failed_login_attempts;
ERROR 1109 (42S02): Unknown table 'CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS' in information_schema
 
默认情况下connection_control_failed_login_attempts没有被启用,我们需要安装connection_control.so插件来获取查询支持

mysql> INSTALL PLUGIN CONNECTION_CONTROL SONAME 'connection_control.so';
Query OK, 0 rows affected (0.00 sec)

mysql> INSTALL PLUGIN CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS SONAME 'connection_control.so';
Query OK, 0 rows affected (0.00 sec)

安装好后查看默认配置

mysql> show variables like 'connection_control%';
+-------------------------------------------------+------------+
| Variable_name                                   | Value      |
+-------------------------------------------------+------------+
| connection_control_failed_connections_threshold | 3          |
| connection_control_max_connection_delay         | 2147483647 |
| connection_control_min_connection_delay         | 1000       |
+-------------------------------------------------+------------+

01.connection_control_failed_connections_threshold :连续失败最大次数3次,0表示不开启
02.connection_control_max_connection_delay :超过最大失败次数之后阻塞登录最大时间(毫秒)
03.connection_control_min_connection_delay :超过最大失败次数之后阻塞登录最小时间(毫秒)

  1. 通过查询我们可以看到两个网段的程序一个是mysqlrouter一个是nc的程序不断尝试连接MySQL,很可能是他们的连接加密方式问题导致的
mysql>  select * from information_schema.connection_control_failed_login_attempts;
+-----------------------------------------------+-----------------+
| USERHOST                                      | FAILED_ATTEMPTS |
+-----------------------------------------------+-----------------+
| 'mysql_router5_da1ufs1lvt0b'@'172.16.200.153' |              22 |
| 'NCAPP'@'192.168.200.153'                     |             1154|
+-----------------------------------------------+-----------------+
2 rows in set (0.00 sec)
  1. 经过排查和确认,NC程序的加密方式与MySQL 8.0.25 caching_sha2_password 不兼容导致的,可以通过使用 mysql_native_password 创建用户尝试避开不兼容的问题

你可能感兴趣的:(数据库,mysql,运维)