I upgraded mysql to 5.7.21 on RHEL6. I created my self-signed certificates and added correct path in my.cnf, however, now I am getting ERROR 2026 when trying to connect normally. I can connect only when I explicitly specify SSL_DISABLED.
I have double checked for RSA appearing in key files. Relevant files are:
[root#my-DB1 log]# mysql -u myuser -p
Enter password:
ERROR 2026 (HY000): SSL connection error: SSL is required but the server doesn't support it
my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
#localhost
#sql_mod="NO_AUTO_CREATE_USER"
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under different user or group,
# customize your systemd unit file for mysqld according to the
# instructions in http://fedoraproject.org/wiki/Systemd
ssl-ca=/var/lib/mysql/ca.pem
ssl-cert=/var/lib/mysql/server-cert.pem
ssl-key=/var/lib/mysql/server-key.pem
ssl_capath=/var/lib/mysql/
ssl-cipher=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:DES-CBC3-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:PSK-3DES-EDE-CBC-SHA:KRB5-IDEA-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-IDEA-CBC-MD5:KRB5-DES-CBC3-MD5:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5
[client]
ssl-ca=/var/lib/mysql/ca.pem
ssl-cert=/var/lib/mysql/client-cert.pem
ssl-key=/var/lib/mysql/client-key.pem
[mysqld_safe]
log-error=/var/log/mysql55-mysqld.log
pid-file=/opt/rh/mysql55/root/var/run/mysqld/mysqld.pid
/var/log/mysql directory contents:
[root#my-DB1 log]# ls /var/lib/mysql
auto.cnf client-cert.pem ibdata1 ibtmp1 logs.000003 logs.index mysql.sock.lock public_key.pem my_db
ca-key.pem client-key.pem ib_logfile0 logs.000001 logs.000004 mysql performance_schema server-cert.pem
ca.pem ib_buffer_pool ib_logfile1 logs.000002 logs.000005 mysql.sock private_key.pem server-key.pem
Any idea where am I missing?
Thanks
Re-generated certificates with keeping in mind that the CN should be different for all 3.
Changed ownership on newly generated certificates to match mysql:mysql .
Restarted mysql and this error is out.
Thanks
Related
I try to change Mysql 5.6 data directory in centos 7 from default dir /var/lib/mysql to target dir /data1/mysqldata/mysql.
Follow is my operation step by step
1.Stop mysql service
2.Create target directory and chown
mkdir /data1/mysqldata
chown -R mysql:mysql /data1/mysqldata
2.Change /etc/my.cfg to below code
[mysqld]
datadir=/data1/mysqldata/mysql
socket=/data1/mysqldata/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Recommended in standard MySQL setup
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[client]
port=3306
socket=/data1/mysqldata/mysql/mysql.sock
4.Move data from default directory to target
mv /var/lib/mysql /data1/mysqldata/
5.Start mysql service
But I get error from /var/log/mysqld.log like this
190813 10:40:23 mysqld_safe Logging to '/var/log/mysqld.log'.
190813 10:40:23 mysqld_safe Directory '/data1/mysqldata/mysql' for UNIX socket file don't exists.
It's strange that Mysql run normaly in the default directory /var/lib/mysql when I undo all my config
My machine version is CentOS Linux release 7.6.1810 (Core), and Mysql Version is mysql Ver 14.14 Distrib 5.6.45, for Linux (x86_64)
I have an amazon ec2 instance running on Amazon Linux AMI. I'm trying to move the data directory for mysql on a second volume (mounted on /home/ec2-user/data) with following config file (/etc/my.cnf) but mysql fails to start:
[mysqld]
datadir=/home/ec2-user/data/mysql
socket=/home/ec2-user/data/mysql/mysql.sock
log-bin=/var/log/mysql/mariadb-bin
log-bin-index=/var/log/mysql/mariadb-bin.index
symbolic-links=0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[client]
port=3306
socket=/home/ec2-user/data/mysql/mysql.sock
I get these error messages in the log file:
2017-10-12 14:06:33 20082 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it.
2017-10-12 14:06:33 20082 [ERROR] Can't start server : Bind on unix socket: Permission denied
2017-10-12 14:06:33 20082 [ERROR] Do you already have another mysqld server running on socket: /home/ec2-user/data/mysql/mysql.sock ?
2017-10-12 14:06:33 20082 [ERROR] Aborting
When I set the config file back to former settings (to the backup of the data folder) everything works fine:
[mysqld]
datadir=/var/lib/mysql.bak
socket=/var/lib/mysql.bak/mysql.sock
log-bin=/var/log/mysql/mariadb-bin
log-bin-index=/var/log/mysql/mariadb-bin.index
symbolic-links=0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[client]
port=3306
socket=/var/lib/mysql.bak/mysql.sock
What could be the cause of this problem? I've already checked for the permissions on the new data folder but that doesn't change anything.
Run this command:
chgrp -R mysql /home/ec2-user/data/mysql
chown -R mysql /home/ec2-user/data/mysql
Can you try the following config file ?
[mysqld]
datadir=/home/ec2-user/data/mysql
socket=/var/lib/mysql.bak/mysql.sock
log-bin=/var/log/mysql/mariadb-bin
log-bin-index=/var/log/mysql/mariadb-bin.index
symbolic-links=0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[client]
port=3306
socket=/var/lib/mysql.bak/mysql.sock
I'm trying to install mysql5 (the latest from Oracle, via .dmg) on OS X Mavericks. My /opt/local/my.cnf looks like this:
[client]
socket=/tmp/mysql.sock
[mysqld]
socket=/tmp/mysql.sock
[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
When I try to connect, I get the following:
$ mysql5 -u root -p
Enter password:
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
And there is no /tmp/mysql.sock file created.
Here's my /tmp dir:
$ ls -l /tmp
lrwxr-xr-x# 1 root wheel 11 Oct 24 08:31 /tmp -> private/tmp
I've also tried forcing the socket from the command line:
$ time sudo mysqld_safe5 --socket=/tmp/mysql.sock
Password:
131221 07:26:02 mysqld_safe Logging to '/opt/local/var/db/mysql5/Macintosh.local.err'.
131221 07:26:02 mysqld_safe Starting mysqld daemon with databases from /opt/local/var/db/mysql5
131221 07:17:26 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
I know it's reading the conf file because if I remove it, I get a different socket location when I attempt to connect:
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/opt/local/var/run/mysql5/mysqld.sock' (2)
But again, no luck. What do I need to do to get that socket created?
Change your /tmp folder to have permission for MySQL user. (chown mysql:mysql /tmp or chmod 777 /tmp would resolve your issue.)
Try using dtrace to see if mysqld is actually opening a socket, and if so, where. You'll also be able to tell what config files are being read by the server, although that doesn't seem to be the issue since passing --socket=... doesn't work.
I'm used to strace on Linux but recently started using dtrace at work. Here's a pretty simple example of how to trace open(2) calls, which you could modify to trace socket creation, or just all syscalls: https://github.com/tsibley/dtrace-scripts/blob/master/trace-open.d
I have installed mysql through binary installation and followed below steps
http://dev.mysql.com/doc/refman/5.0/en/binary-installation.html
Right now sock files are craeted on /tmp/mysql.sock when mysql service is started.
I want to know which configuration files need to be edited to change the path of mysql.sock
I tried the following steps to change mysql.sock path from /tmp/mysql.sock to /var/lib/mysql/mysql.sock
1.I tried to enter socketpath in /etc/my.cnf
socket =/var/lib/mysql/mysql.sock
2./etc/init.d/mysql
basedir=/var/lib/mysql
datadir=/var/lib/mysql/data
socket=/var/lib/mysql/mysql.sock
Can anybody help me to fix this issue.
Setting these variables in my.cnf should work just fine (Tested locally, Ubuntu 10.10).
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
Just make sure you're restarting MySQL Service?
Below is what I did, this is on Fedora (Since you're using RHEL this should more mimic your setup):
[root#rudi /]# ls /var/lib/mysql/
ibdata1 ib_logfile0 ib_logfile1 mysql mysql.sock
[root#rudi /]# ls /var/run/mysqld/
mysqld.pid
[root#rudi /]# nano /etc/my.cnf
[root#rudi /]# service mysqld restart
Stopping mysqld: [ OK ]
Starting mysqld: [ OK ]
[root#rudi /]# ls /var/lib/mysql/
ibdata1 ib_logfile0 ib_logfile1 mysql
[root#rudi /]# ls /var/run/mysqld/
mysqld.pid mysql.sock
The only thing that I changed was socket= this time, and restarting still worked fine.
Are you sure that you're not editing socket within the [client] section of my.cnf? It must be under the [mysqld] section.
Hi i have been trying this for hours upon hours, this forum is my last resort
sfter googling hundreds of pages.
PROBLEM:
Sorry for the length but i am supplying in detail of what i have tried
I have set up mysql and its working fine, i now need to change the data-storage to point at my External HD.
With mac osx there is no default my.cnf so i copied
my-huge.cnf from /usr/local/mysql-5.1.53-osx10.6-x86/support-files, now if it makes any odds i also have a 'mysql' folder in local also.
when i place and rename my-huge.cnf into /etc
i renamed it to my.cnf like instructed,
it works as normal if i dont add a datadir field which looks like this
datadir= /Volumes/Elements/database,
i have also copied my old data to my new location using
sudo cp -R -p /var/lib/mysql /Volumes/Elements/database
Everything workds fine unless i add the field datadir = /Volumes/Elements/database
to the my.cnf file, if i do i get the error
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
my.cnf file looks like the following
Macintosh-100:support-files seanf$ cd /etc
Macintosh-100:etc seanf$ sudo nano my.cnf
Password:
Macintosh-100:etc seanf$ nano my.cnf
Macintosh-100:etc seanf$ my.cnf > /Desktop/blah.txt
-bash: /Desktop/blah.txt: No such file or directory
Macintosh-100:etc seanf$ my.cnf < /Desktop/blah.txt
-bash: /Desktop/blah.txt: No such file or directory
Macintosh-100:etc seanf$ nano my.cnf
GNU nano 2.0.6 File: my.cnf
# Example MySQL config file for very large systems.
#
# This is for a large system with memory of 1G-2G where the system runs mainly
# MySQL.
#
# You can copy this file to
# /etc/my.cnf to set global options,
# mysql-data-dir/my.cnf to set server-specific options (in this
# installation this directory is /usr/local/mysql/data) or
# ~/.my.cnf to set user-specific options.
#
# In this file, you can use all long options that a program supports.
# If you want to know which options a program supports, run the program
# with the "--help" option.
# The following options will be passed to all MySQL clients
[client]
#password = your_password
port = 3306
socket = /tmp/mysql.sock
# Here follows entries for some specific programs
# The MySQL server
[mysqld]l
datadir = /Volumes/Elements/database
port = 3306
socket = /tmp/mysql.sock
skip-locking
key_buffer_size = 384M
etc....
I hope someone can shed light on this, i have an assignment due and have spent 2 days trying to get this working on my external
Also even when mysql is working and i type mysqld i get errors if this is an issue?
Macintosh-100:lib s$ mysqld
101201 13:31:13 [Warning] '--skip-locking' is deprecated and will be removed in a future >release. Please use '--skip-external-locking' instead.
101201 13:31:13 [Warning] Can't create test file /usr/local/mysql-5.1.53-osx10.6-x86/data>/Macintosh-100.lower-test
101201 13:31:13 [Warning] Can't create test file /usr/local/mysql-5.1.53-osx10.6-x86/data>/Macintosh-100.lower-test
mysqld: Can't change dir to '/usr/local/mysql-5.1.53-osx10.6-x86/data/' (Errcode: 13)
101201 13:31:13 [ERROR] Aborting
101201 13:31:13 [Note] mysqld: Shutdown complete
Macintosh-100:lib s$
Thanks for your time i hope an expert can answer this
Though I haven't played with datadir property but I've changed data storage location to the external HD by mounting default location to it as follows:
Backup your current data directory
Delete everything from your data directory
Mount it to your external HD (mount /var/lib/mysql/data /dev/XXX)
I've done it at Ubuntu Server. When changing InnoDB specific directories I've noticed that one have to be careful with rights (apparmord in case of ubuntu). When mysql cannot perform some filesystem operation I find its error messages very misleading. Sometimes it is really helpful to study it's error.log (/var/log/mysql/error.log in my case).
Hope this helps you to resolve your issue ASAP.
Use:
rsync -Pa /var/lib/mysql /Volumes/Elements/database
instead of:
cp -R -p /var/lib/mysql /Volumes/Elements/database
"rsync -a" can keep some permissions important for mysql.