mysql 8.0 警告日志大量写入sha256_password‘ is deprecated and will be removed

sha256_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead

mysql server errorlog忽然爆出大量的sha256_password' is deprecated and will be removed in a future release.错误,导致error不停写入报错信息

2021-07-11T13:17:25.067300Z 2385 [Warning] [MY-013360] [Server] Plugin sha256_password reported: ''sha256_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead'
........
...............
............................
2021-07-11T13:17:31.197610Z 2417 [Warning] [MY-013360] [Server] Plugin sha256_password reported: ''sha256_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead'


1.首先的排查思路是要查清楚什么原因导致的大量报错,疯狂的写入日志,从报错看有点像bug,但最后打消了这个念头此版本是MySQL-8.0.25最新的GA,不应该有这么低级的错误

然后梳理下面排查思路,从字面上看是sha256_password以后不被支持了,所以不断的报错,是什么原因出发这个报错呢,很可能是老的程序客户端使用的加密方式与MySQL 8.0.25的加密方式不兼容导致的
那么我们就从连接方向来排查,首先要找到哪些客户端和程序连接到MySQL,导致的报错

首先查询本地下加密方式,所有用户使用的都是caching_sha2_password,也是MySQL 8.0建议的加密方式

mysql> show variables like '%auth%';
+-------------------------------+-----------------------+
| Variable_name                 | Value                 |
+-------------------------------+-----------------------+
| default_authentication_plugin | caching_sha2_password |
+-------------------------------+-----------------------+

mysql> select user,host,plugin from mysql.user;
+------------------+--------------+-----------------------+
| user             | host         | plugin                |
+------------------+--------------+-----------------------+
| repl             | %            | caching_sha2_password |
| root             | 127.0.0.1    | caching_sha2_password |
| NC               | 192.168.200.%| caching_sha2_password |
| mysql.infoschema | localhost    | caching_sha2_password |
| mysql.session    | localhost    | caching_sha2_password |
| mysql.sys        | localhost    | caching_sha2_password |
| root             | localhost    | caching_sha2_password |
+------------------+--------------+-----------------------+
7 rows in set (0.00 sec)


2.可以从查询connection_control_failed_login_attempts表来确定哪些客户端在连接MySQL和连接报错

mysql> select * from information_schema.connection_control_failed_login_attempts;
ERROR 1109 (42S02): Unknown table 'CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS' in information_schema

默认情况下connection_control_failed_login_attempts没有被启用,我们需要安装connection_control.so插件来获取查询支持

mysql> INSTALL PLUGIN CONNECTION_CONTROL SONAME 'connection_control.so';
Query OK, 0 rows affected (0.00 sec)


mysql> INSTALL PLUGIN CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS SONAME 'connection_control.so';
Query OK, 0 rows affected (0.00 sec)


安装好后查看默认配置

mysql> show variables like 'connection_control%';
+-------------------------------------------------+------------+
| Variable_name                                   | Value      |
+-------------------------------------------------+------------+
| connection_control_failed_connections_threshold | 3          |
| connection_control_max_connection_delay         | 2147483647 |
| connection_control_min_connection_delay         | 1000       |
+-------------------------------------------------+------------+

01.connection_control_failed_connections_threshold :连续失败最大次数3次,0表示不开启
02.connection_control_max_connection_delay :超过最大失败次数之后阻塞登录最大时间(毫秒)
03.connection_control_min_connection_delay :超过最大失败次数之后阻塞登录最小时间(毫秒)
 
 
3.通过查询我们可以看到两个网段的程序一个是mysqlrouter一个是nc的程序不断尝试连接MySQL,很可能是他们的连接加密方式问题导致的

mysql>  select * from information_schema.connection_control_failed_login_attempts;
+-----------------------------------------------+-----------------+
| USERHOST                                      | FAILED_ATTEMPTS |
+-----------------------------------------------+-----------------+
| 'mysql_router5_da1ufs1lvt0b'@'172.16.200.153' |              22 |
| 'NCAPP'@'192.168.200.153'                     |             1154|
+-----------------------------------------------+-----------------+
2 rows in set (0.00 sec)


4.经过排查和确认,NC程序的加密方式与MySQL 8.0.25 caching_sha2_password 不兼容导致的,可以通过使用 mysql_native_password 创建用户尝试避开不兼容的问题


评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值