Thanks for the help Nick.
I rechecked the username/password config between the guacamole and mysql
containers and they both matched but to be double sure I changed the
password for the guacamole_user account to be very simple but still I get
the same error.
I believe the below shows a correctly configured mysql account which is not
limited to subnet, host or otherwise?
bash-4.2# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 17
Server version: 8.0.18 MySQL Community Server - GPL
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.
mysql> select user,host from mysql.user;
+------------------+-----------+
| user | host |
+------------------+-----------+
| guacamole_user | % |
| healthchecker | localhost |
| mysql.infoschema | localhost |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+------------------+-----------+
6 rows in set (0.00 sec)
mysql> show grants for guacamole_user
-> ;
+----------------------------------------------------------------------------------+
| Grants for guacamole_user@%
|
+----------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `guacamole_user`@`%`
|
| GRANT SELECT, INSERT, UPDATE, DELETE ON `guacamole_db`.* TO
`guacamole_user`@`%` |
+----------------------------------------------------------------------------------+
2 rows in set (0.01 sec)
Okay so this last part is the bit I'm getting a little confused over, your
reference to a guacamole.properties file...I have done a lot of reading as
best I could locate documentation and articles other than @
https://guacamole.apache.org/doc/gug/ and my current understanding is that
when using docker containers best practice is to avoid directly editing
configuration files via a shell and instead pass environment variables in
the 'docker run' command to supply the necessary credentials, at least to
get this part of the build working. Am I mistaken?
My comment to creating the guacamole container is as follows..
docker run --name guacamole --link guacd:guacd --link mysql:mysql -e
MYSQL_DATABASE='guacamole_db' -e MYSQL_USER='guacamole_user' -e
MYSQL_PASSWORD='password' -d -p 8080:8080 guacamole/guacamole
The below is from a shell on the guacamole container showing the
environment variables present, I'm leaving the IP's visible as I'm just
using internal networking for now whilst I get this working...
root@4ad292480b37:/etc# printenv | grep -i mysql
MYSQL_PASSWORD='password'
MYSQL_ENV_MYSQL_ROOT_PASSWORD=xxxxxxxxx
MYSQL_PORT_3306_TCP_PROTO=tcp
MYSQL_PORT_33060_TCP_PORT=33060
MYSQL_DATABASE='guacamole_db'
MYSQL_NAME=/guacamole/mysql
MYSQL_PORT=tcp://172.17.0.2:3306
MYSQL_PORT_3306_TCP=tcp://172.17.0.2:3306
MYSQL_USER='guacamole_user'
MYSQL_PORT_3306_TCP_PORT=3306
MYSQL_PORT_3306_TCP_ADDR=172.17.0.2
MYSQL_PORT_33060_TCP_ADDR=172.17.0.2
MYSQL_PORT_33060_TCP_PROTO=tcp
MYSQL_PORT_33060_TCP=tcp://172.17.0.2:33060
Thanks,
Kelvin
On Thu, 2 Jan 2020 at 19:15, Nick Couchman <[email protected]> wrote:
> On Thu, Jan 2, 2020 at 11:30 AM Kelvin Middleton <
> [email protected]> wrote:
>
>> Hi, I'm new to gaucamole so trying to setup my first working conf to test
>> and am having new user *issues*.
>>
>> I'm using docker with linux containers on a Windows host and have guacd,
>> mysql and guacamole all up and running. However when I attempt to load the
>> web interface at http://localhost/guacamole/ I get a blank webpage and
>> the docker logs on the guacamole server show...
>>
>> 13:55:54.844 [http-nio-8080-exec-9] ERROR o.a.g.rest.RESTExceptionMapper
>> - Unexpected internal error:
>> ### Error querying database. Cause: java.sql.SQLException: Access denied
>> for user 'guacamole_user'@'xxx.xx.x.x' (using password: YES)
>> ### The error may exist in
>> org/apache/guacamole/auth/jdbc/user/UserMapper.xml
>> ### The error may involve
>> org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
>> ### The error occurred while executing a query
>> ### Cause: java.sql.SQLException: Access denied for user
>> 'guacamole_user'@'xxx.xx.x.x'
>> (using password: YES)
>>
>> I've validated the guacamole_user account is working and accepting both
>> local and remote connections and the grants on the database match all
>> documentation I've seen.
>>
>
> This indicates the following items:
> 1) The MySQL extension is correctly installed within the Docker image.
> 2) The MySQL server is up and running and responding.
> 3) The username or password is incorrectly configured. Since it looks
> like the account name is correct, I suspect that the password is
> misconfigured somewhere - either mis-matched between the server and the
> Guacamole configuration, or not being correctly passed through to the
> Docker container.
>
> I'd suggest that you get a shell going in the Guacamole Client Docker
> container and look at the guacamole.properties file and make sure that the
> password for the MySQL extension is present in the file, and the value is
> what you expect. It's also possible, depending on how you've configured
> that user account in MySQL, that the IP address being used to access it is
> not the same as the one you configured when you issued the GRANT statement
> for the guacamole_user account. Make sure that matches up.
>
> -Nick
>
>>
