Error 9002: SSL connection is required.

[rnkhouse]

Host operating system: output of uname -a

Linux vagrant-ubuntu-trusty-64 3.13.0-121-generic #170-Ubuntu SMP Wed Jun 14 09:04:33 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

MySQL server version

5.6

mysqld_exporter command line flags

What did you do that produced an error?

.my.cnf file:
[client]
user=dsad@dsa
password=dasd@dsaW#
host=eastus1-a.control.database.windows.net
[mysqld]
ssl-cert=/etc/mysql/BaltimoreCyberTrustRoot.crt.pem
ssl-ca=/etc/mysql/BaltimoreCyberTrustRoot.crt.pem

Command to run mysqld_exporter: sudo ./mysqld_exporter -config.my-cnf=".my.cnf"

What did you expect to see?

Successfully connected to Azure database

What did you see instead?

INFO[0325] Error scraping slave state: Error 9002: SSL connection is required. Please specify SSL options and retry. file=mysqld_exporter.go line=824
INFO[0325] Error scraping table schema: Error 9002: SSL connection is required. Please specify SSL options and retry. file=mysqld_exporter.go line=836
INFO[0327] Error scraping global state: Error 9002: SSL connection is required. Please specify SSL options and retry. file=mysqld_exporter.go line=812
INFO[0328] Error scraping global variables: Error 9002: SSL connection is required. Please specify SSL options and retry. file=mysqld_exporter.go line=818

[SuperQ]

The exporter currently doesn't support SSL connection parameters via the.my.cnf compatibility parser. In order to use SSL, you need to use the DATA_SOURCE_NAME ENV variable to enable the TLS parameter.

For more advanced SSL use, like custom certificate verification, some additional configuration support is needed. Happy to review pull requests to add this.

[rnkhouse]

Instead of .my.cnf I exported the DATA_SOURCE_NAME variable with this value:
user:password@tcp(xxx..rds.amazonaws.com:3306)?tls=skip-verify. But, still its looking for config in .my.cnf file.

FATA[0000] no user specified under [client] in /home/vagrant/.my.cnf file=mysqld_exporter.go line=1958

Also, the value provided in DATA_SOURCE_NAME is correct to solve the main SSL issue?

I tried echo the variable in terminal:
echo $DATA_SOURCE_NAME;
Result: user:password@tcp(xxx..rds.amazonaws.com:3306)?tls=skip-verify

There is no parameter to add ssl in connection. From our server side ssl is required in order to connect with database.

[SuperQ]

If it is attempting to read the .cnf file, it means that the exporter was unable to read the DATA_SOURCE_NAME variable.

Try export DATA_SOURCE_NAME, or removing the .my.cnf file.

[rnkhouse]

I tried both things. That's why I am getting output on applying this command: echo $DATA_SOURCE_NAME; which is correct. Somehow in code os.Getenv("DATA_SOURCE_NAME") is not finding the exported variable.

It's weird!

Do you think, this is because I am using vagrant and not the real os?

[rnkhouse]

package main

import (
"fmt"
"os"
)

func main() {
fmt.Printf("hello, world\n")
dsn := os.Getenv("DATA_SOURCE_NAME")
fmt.Printf(dsn+"\n")
}

When I tried to run this sample script I got correct result. But, when I tried to build the script and run binary like ./test then I didn't get environment variable value. It was blank. Now, I don't know why is it like this?

[rnkhouse]

This issue is being solved by running command with root rather running it like sudo ./mysqld_exporter

Please provide me detail how to add ssl and I will send you pull request with that feature with .my.cnf file.

Also, I am running Azure MySQL database and the username by default contains @ character. I cannot use it here because code considers hostname after @ symbol. How can we solve this issue?

Thanks!

[SuperQ]

The mysqld_exporter requires no privileges, so running with root/sudo is unnecessary.

As for the username, sorry, I don't have a quick answer for that. I would consult the upstream go mysql driver docs.

[xmariopereira]

Hey, did you solve this issue? i am facing the same issue :/

[SuperQ]

This should now be fixed in 0.11.0. 🎉

[AlekSi]

Probably can be closed.