Ubuntu
openstack package

  1. Focal (20.04)
  2. Bug #2003835
  3. Comment #5

Comment 5 for bug 2003835

Revision history for this message
DUFOUR Olivier (odufourc) wrote (last edit ):

So far this has been reproduced exclusively on Mysql-router 8.0.32
It works normally on 8.0.28 (from Jammy 22.04) and 8.0.31

Meaning the regression has been introduced between 8.0.31 and 8.0.32 where authentication done through mysql-routers for plmysql will fail until the password is cached on the database.
This impact many Openstack components relying on plmysql library.

A small reproducer can be :
* to deploy 3 mysql-innodb-cluster
* to deploy 1 Keystone unit with mysql-router

And from the Keystone unit to try to run the following python3 code :
import pymysql.cursors

# Connect to the database
connection = pymysql.connect(host='127.0.0.1',
                             user='keystone',
                             password='PASSWORD_IN_/ETC/KEYSTONE/KEYSTONE.CONF',
                             database='keystone',
                             cursorclass=pymysql.cursors.DictCursor)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3/dist-packages/pymysql/connections.py", line 353, in __init__
    self.connect()
  File "/usr/lib/python3/dist-packages/pymysql/connections.py", line 633, in connect
    self._request_authentication()
  File "/usr/lib/python3/dist-packages/pymysql/connections.py", line 932, in _request_authentication
    auth_packet = _auth.caching_sha2_password_auth(self, auth_packet)
  File "/usr/lib/python3/dist-packages/pymysql/_auth.py", line 257, in caching_sha2_password_auth
    raise OperationalError(
pymysql.err.OperationalError: caching sha2: Unknown packet for public key: b'-'

The password cache can be flushed when performing on the mysql-innodb-cluster server the command "FLUSH PRIVILEGES;"
--> this will trigger the issue mentioned for all sessions using mysql-router that were working before if the cluster was already preexisting.

A way to currently make the login cached on MySQL servers is to :
* either connect once with MySQL CLI and not plmysql to the mysql-router
* connect to the Unix socket of the mysql-router through plmysql
* connect either with MySQL CLI or plmysql directly to the mysql-innodb-cluster