Hello HAProxy Team,
This patch adds MySQL 8.x compatibility to the mysql-check health check option.
Problem:
MySQL 8.0 changed the default authentication plugin from mysql_native_password
to caching_sha2_password. The existing post-41 option lacks CLIENT_PLUGIN_AUTH
capability, causing MySQL 8.x servers to reject health check connections with
error 1251.
Solution:
A new 'post-80' option that includes CLIENT_PLUGIN_AUTH capability and
explicitly requests mysql_native_password authentication.
Testing:
Built and tested on Linux (Debian bookworm)
Verified with MySQL 8.0.44 in Docker environment
Regression test with custom test configuration like below. (in
reg-tests/checks/mysql-check.vtc)
```vtc
# MySQL 8.0 server responding to post-80 client (with CLIENT_PLUGIN_AUTH)
server s6 {
sendhex
"4A0000000A382E302E3139000A0000006F3C025E6249410D00FFFFFF0200FFC715000000000000000000007C182159106E2761144322200063616368696E675F736861325F70617373776F726400"
recv 69
sendhex "0700000200000002000000"
} -start
```
Limitation:
The health check user must still use mysql_native_password authentication.
This is a MySQL server-side requirement, not a HAProxy limitation.
This addresses GitHub issue https://github.com/haproxy/haproxy/issues/2934.
Please review my patch and leave comments.
Sincerely,
Hyeonggeun.
Hyeonggeun Oh (2):
MEDIUM: tcpcheck: add post-80 option for mysql-check to support MySQL
8.x
DOC: add post-80 option for mysql-check to support MySQL 8.x
doc/configuration.txt | 8 +++++++-
src/tcpcheck.c | 37 ++++++++++++++++++++++++++++++++++++-
2 files changed, 43 insertions(+), 2 deletions(-)
--
2.48.1
