This little upgrade caught me by surprise. In a MaxScale 2.0 to 2.1 upgrade, MaxScale changes the default bind address from IPv4 to IPv6. It’s mentioned in the release notes as this;
MaxScale 2.1.2 added support for IPv6 addresses. The default interface that listeners bind to was changed from the IPv4 address 0.0.0.0 to the IPv6 address ::. To bind to the old IPv4 address, add address=0.0.0.0 to the listener definition.
The result is pretty significant though, because authentication in MySQL is often host or IP based, with permissions being granted like this.
$ SET PASSWORD FOR 'xxx'@'10.0.0.1' = PASSWORD('your_password');
Notice the explicit use of IP address there.
Now, after a MariaDB 2.1 upgrade, it’ll default to an IPv6 address for authentication, which gives you the following error message;
$ mysql -h127.0.0.1 -P 3306 -uxxx -pyour_password ERROR 1045 (28000): Access denied for user 'xxx'@'::ffff:127.0.0.1' (using password: YES)
Notice how 127.0.0.1 turned into ::ffff:127.0.0.1? That’s an IPv4 address being encapsulated in an IPv6 address. And it’ll cause MySQL authentication to potentially fail, depending on how you assigned your users & permissions.
To fix, you can either;
- Downgrade MaxScale from 2.1 back to 2.0 (add the 2.0.6 repositories for your OS and downgrade MaxScale)
- Add the
address=0.0.0.0 config the your listener configuration in /etc/maxscale.cnf
In case of your MaxScale listeners, this should be enough to resolve the problem.
$ cat maxscale.cnf [listener_1] type=listener service=... protocol=... address=0.0.0.0 port=...
Hope this helps!