Cant connect to MySQL databse after upgrade to 1.18.0 #892

Closed
opened 2026-02-04 23:14:43 +03:00 by OVERLORD · 16 comments
Owner

Originally created by @EC58 on GitHub (Dec 31, 2020).

Subject of the issue

After updating my docker version from 1.17 to 1.18 I can no longer connect to the MySQL database:

Getting the following error:
[bitwarden_rs][ERROR] Error creating database pool: DieselConError.

[CAUSE] BadConnection(

"Plugin caching_sha2_password could not be loaded: /usr/lib/x86_64-linux-gnu/mariadb19/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory",

)

My mysql user is using mysql_native_password so I dont see why this error pops up. Should I be using MariaDB instead?

Originally created by @EC58 on GitHub (Dec 31, 2020). ### Subject of the issue After updating my docker version from 1.17 to 1.18 I can no longer connect to the MySQL database: Getting the following error: [bitwarden_rs][ERROR] Error creating database pool: DieselConError. [CAUSE] BadConnection( "Plugin caching_sha2_password could not be loaded: /usr/lib/x86_64-linux-gnu/mariadb19/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory", ) My mysql user is using mysql_native_password so I dont see why this error pops up. Should I be using MariaDB instead?
Author
Owner

@musover commented on GitHub (Jan 2, 2021):

I am also having this issue, running in a kubernetes cluster using CRI-O as a container runtime.

@musover commented on GitHub (Jan 2, 2021): I am also having this issue, running in a kubernetes cluster using CRI-O as a container runtime.
Author
Owner

@BlackDex commented on GitHub (Jan 2, 2021):

I suggest to use a mariadb container for the database. Or create a database user which does not use the the latest mysql password features. That error message will only appear if it needs to use that password feature. But that isn't build into. It is something we need to see if that is possible at all using the current library versions.

@BlackDex commented on GitHub (Jan 2, 2021): I suggest to use a mariadb container for the database. Or create a database user which does not use the the latest mysql password features. That error message will only appear if it needs to use that password feature. But that isn't build into. It is something we need to see if that is possible at all using the current library versions.
Author
Owner

@sbmw commented on GitHub (Jan 3, 2021):

Thanks @BlackDex but (as with @EC58) my database user is already set to not use the sha2 password features. The same db user was working fine with 1.17.0.

mysql> select User, Plugin from user;

+------------------+-----------------------+
| User             | Plugin                |
+------------------+-----------------------+
| bitwarden        | mysql_native_password |

Perhaps one of the updated dependencies in 1.18.0? Or could it be trying to run a migration with a user (eg root) other than I have set database_url in config?

"database_url": "mysql://bitwarden:PASSWORD@mysql/bitwarden",

@sbmw commented on GitHub (Jan 3, 2021): Thanks @BlackDex but (as with @EC58) my database user is already set to not use the sha2 password features. The same db user was working fine with 1.17.0. ``` mysql> select User, Plugin from user; +------------------+-----------------------+ | User | Plugin | +------------------+-----------------------+ | bitwarden | mysql_native_password | ``` Perhaps one of the updated dependencies in 1.18.0? Or could it be trying to run a migration with a user (eg root) other than I have set database_url in config? "database_url": "mysql://bitwarden:PASSWORD@mysql/bitwarden",
Author
Owner

@BlackDex commented on GitHub (Jan 3, 2021):

Which image are you using? amd64? Alpine or default?

@BlackDex commented on GitHub (Jan 3, 2021): Which image are you using? amd64? Alpine or default?
Author
Owner

@sbmw commented on GitHub (Jan 3, 2021):

Default I believe:

bitwardenrs/server-mysql:1.18.0

@sbmw commented on GitHub (Jan 3, 2021): Default I believe: bitwardenrs/server-mysql:1.18.0
Author
Owner

@BlackDex commented on GitHub (Jan 3, 2021):

I would suggest to start using the bitwardenrs/server:latest version with the next release instead of the -mysql, both are the same and we will probably remove the -mysql and -postgresql versions in the future.

Could you try to install the libmariadb3 package within the docker?
It will only work untill the next restart, but at least you could test if it works.

You could add this via the start.sh feature by creating a script called bitwarden_rs.sh and volume-mount that to /etc/bitwarden_rs.sh which gets started before bitwarden itself.

Check if that works.

@BlackDex commented on GitHub (Jan 3, 2021): I would suggest to start using the `bitwardenrs/server:latest` version with the next release instead of the `-mysql`, both are the same and we will probably remove the -mysql and -postgresql versions in the future. Could you try to install the libmariadb3 package within the docker? It will only work untill the next restart, but at least you could test if it works. You could add this via the start.sh feature by creating a script called bitwarden_rs.sh and volume-mount that to /etc/bitwarden_rs.sh which gets started before bitwarden itself. Check if that works.
Author
Owner

@sbmw commented on GitHub (Jan 4, 2021):

Hey, so I switched to bitwardenrs/server:latest and volume mounted the startup file with contents:

apt-get update
apt-get install libmariadb3

The container log now shows:

Get:1 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:2 http://security.debian.org/debian-security buster/updates/main amd64 Packages [260 kB]
Get:3 http://deb.debian.org/debian buster InRelease [121 kB]
Get:4 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:5 http://deb.debian.org/debian buster/main amd64 Packages [7907 kB]
Get:6 http://deb.debian.org/debian buster-updates/main amd64 Packages [7860 B]
Fetched 8414 kB in 2s (4910 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
libmariadb3 is already the newest version (1:10.3.27-0+deb10u1).
libmariadb3 set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
/--------------------------------------------------------------------\
|                       Starting Bitwarden_RS                        |
|                           Version 1.18.0                           |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the   |
| official channels to report bugs/features, regardless of client.   |
| Send usage/configuration questions or feature requests to:         |
|   https://bitwardenrs.discourse.group/                             |
| Report suspected bugs/issues in the software itself at:            |
|   https://github.com/dani-garcia/bitwarden_rs/issues/new           |
\--------------------------------------------------------------------/

[INFO] No .env file found.

[2021-01-04 12:41:31.018][bitwarden_rs::util][WARN] Can't connect to database, retrying: DieselConError.
[CAUSE] BadConnection(
    "Plugin caching_sha2_password could not be loaded: /usr/lib/x86_64-linux-gnu/mariadb19/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory",
)

...

So, already installed?

@sbmw commented on GitHub (Jan 4, 2021): Hey, so I switched to bitwardenrs/server:latest and volume mounted the startup file with contents: ``` apt-get update apt-get install libmariadb3 ``` The container log now shows: ``` Get:1 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB] Get:2 http://security.debian.org/debian-security buster/updates/main amd64 Packages [260 kB] Get:3 http://deb.debian.org/debian buster InRelease [121 kB] Get:4 http://deb.debian.org/debian buster-updates InRelease [51.9 kB] Get:5 http://deb.debian.org/debian buster/main amd64 Packages [7907 kB] Get:6 http://deb.debian.org/debian buster-updates/main amd64 Packages [7860 B] Fetched 8414 kB in 2s (4910 kB/s) Reading package lists... Reading package lists... Building dependency tree... Reading state information... libmariadb3 is already the newest version (1:10.3.27-0+deb10u1). libmariadb3 set to manually installed. 0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded. /--------------------------------------------------------------------\ | Starting Bitwarden_RS | | Version 1.18.0 | |--------------------------------------------------------------------| | This is an *unofficial* Bitwarden implementation, DO NOT use the | | official channels to report bugs/features, regardless of client. | | Send usage/configuration questions or feature requests to: | | https://bitwardenrs.discourse.group/ | | Report suspected bugs/issues in the software itself at: | | https://github.com/dani-garcia/bitwarden_rs/issues/new | \--------------------------------------------------------------------/ [INFO] No .env file found. [2021-01-04 12:41:31.018][bitwarden_rs::util][WARN] Can't connect to database, retrying: DieselConError. [CAUSE] BadConnection( "Plugin caching_sha2_password could not be loaded: /usr/lib/x86_64-linux-gnu/mariadb19/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory", ) ... ``` So, already installed?
Author
Owner

@sbmw commented on GitHub (Jan 4, 2021):

Is "[INFO] No .env file found." the issue?

I'm volume mounting a directory containing a config.json to /data, this contains my mysql user details.

Should we be using a .env file?

@sbmw commented on GitHub (Jan 4, 2021): Is "[INFO] No .env file found." the issue? I'm volume mounting a directory containing a config.json to /data, this contains my mysql user details. Should we be using a .env file?
Author
Owner

@BlackDex commented on GitHub (Jan 4, 2021):

No, that is just to notice that your environment isn't using a .env file.
Docker loads all the environment variables into the environment. So nothing to worry about.

The strange thing is.
Debian (Buster) doesn't have that library file at all, it's no where in there repo's.
It only is on Ubuntu, and that is not what we are using to build these container images.
All is using the same Debian version.

@BlackDex commented on GitHub (Jan 4, 2021): No, that is just to notice that your environment isn't using a .env file. Docker loads all the environment variables into the environment. So nothing to worry about. The strange thing is. Debian (Buster) doesn't have that library file at all, it's no where in there repo's. It only is on Ubuntu, and that is not what we are using to build these container images. All is using the same Debian version.
Author
Owner

@jjlin commented on GitHub (Jan 11, 2021):

This seems unlikely to have anything to do with the bitwarden_rs upgrade per se, as I don't think there have been any related changes between 1.17.0 and 1.18.0. So there's probably been a MySQL server or configuration change on your side, perhaps without your knowledge. If you do a web search for Plugin caching_sha2_password could not be loaded, there are various things you can try.

Debian will be including this plugin in the next release (Bullseye), but that probably won't be out until mid-late 2021:

@jjlin commented on GitHub (Jan 11, 2021): This seems unlikely to have anything to do with the bitwarden_rs upgrade per se, as I don't think there have been any related changes between 1.17.0 and 1.18.0. So there's probably been a MySQL server or configuration change on your side, perhaps without your knowledge. If you do a web search for `Plugin caching_sha2_password could not be loaded`, there are various things you can try. Debian will be including this plugin in the next release (Bullseye), but that probably won't be out until mid-late 2021: * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962597 * https://packages.debian.org/bullseye/amd64/libmariadb3/filelist
Author
Owner

@EC58 commented on GitHub (Jan 13, 2021):

Could this be the issue:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962597

@EC58 commented on GitHub (Jan 13, 2021): Could this be the issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962597
Author
Owner

@musover commented on GitHub (Jan 13, 2021):

While attempting to migrate from MySQL to PostgreSQL, I have found out that despite being configured to use mysql_native_password as an authentication backend, the user bitwarden_rs uses to connect was still using caching_sha2_password regardless, and this is due to a missing setting on /etc/my.cnf on the MySQL server itself.

As a stopgap solution, you can try adding/uncommenting default-authentication-plugin=mysql_native_password on the [mysqld] section, which will enforce mysql_native_password.

@musover commented on GitHub (Jan 13, 2021): While attempting to migrate from MySQL to PostgreSQL, I have found out that despite being configured to use mysql_native_password as an authentication backend, the user bitwarden_rs uses to connect was still using caching_sha2_password regardless, and this is due to a missing setting on /etc/my.cnf on the MySQL server itself. As a stopgap solution, you can try adding/uncommenting `default-authentication-plugin=mysql_native_password` on the [mysqld] section, which will enforce mysql_native_password.
Author
Owner

@everyx commented on GitHub (Jan 14, 2021):

While attempting to migrate from MySQL to PostgreSQL, I have found out that despite being configured to use mysql_native_password as an authentication backend, the user bitwarden_rs uses to connect was still using caching_sha2_password regardless, and this is due to a missing setting on /etc/my.cnf on the MySQL server itself.

As a stopgap solution, you can try adding/uncommenting default-authentication-plugin=mysql_native_password on the [mysqld] section, which will enforce mysql_native_password.

I have already changed the user's auth type to mysql_native_password, but not change the global default auth type to mysql_native_password, and this error is still be reported when upgrade to v1.18.

@everyx commented on GitHub (Jan 14, 2021): > While attempting to migrate from MySQL to PostgreSQL, I have found out that despite being configured to use mysql_native_password as an authentication backend, the user bitwarden_rs uses to connect was still using caching_sha2_password regardless, and this is due to a missing setting on /etc/my.cnf on the MySQL server itself. > > As a stopgap solution, you can try adding/uncommenting `default-authentication-plugin=mysql_native_password` on the [mysqld] section, which will enforce mysql_native_password. I have already changed the user's auth type to `mysql_native_password`, but not change the global default auth type to `mysql_native_password`, and this error is still be reported when upgrade to v1.18.
Author
Owner

@rouben commented on GitHub (Jan 21, 2021):

Thank you, @musover, this fixes the issue.
I am running MySQL server version: 8.0.22-0ubuntu0.20.04.3 - (Ubuntu). This is not MariaDB.

@everyx, try the suggestion. This option needs to be added to the appropriate section of your MySQL server, not the Bitwarden docker image.

@rouben commented on GitHub (Jan 21, 2021): Thank you, @musover, this fixes the issue. I am running MySQL server version: 8.0.22-0ubuntu0.20.04.3 - (Ubuntu). This is not MariaDB. @everyx, try the suggestion. This option needs to be added to the appropriate section of your MySQL server, not the Bitwarden docker image.
Author
Owner

@everyx commented on GitHub (Jan 21, 2021):

Thank you, @musover, this fixes the issue.
I am running MySQL server version: 8.0.22-0ubuntu0.20.04.3 - (Ubuntu). This is not MariaDB.

@everyx, try the suggestion. This option needs to be added to the appropriate section of your MySQL server, not the Bitwarden docker image.

@rouben I use MySQL 8 instance offered by DigitalOcean Management Database servcie, so I couldn't change the global auth type, but I can changed this for a single user, and I did it, but the error still happens, the v1.17 is worked for this user-specified workaround.

@everyx commented on GitHub (Jan 21, 2021): > Thank you, @musover, this fixes the issue. > I am running MySQL server version: 8.0.22-0ubuntu0.20.04.3 - (Ubuntu). This is not MariaDB. > > @everyx, try the suggestion. This option needs to be added to the appropriate section of your MySQL server, not the Bitwarden docker image. @rouben I use MySQL 8 instance offered by DigitalOcean Management Database servcie, so I couldn't change the global auth type, but I can changed this for a single user, and I did it, but the error still happens, the v1.17 is worked for this user-specified workaround.
Author
Owner

@rouben commented on GitHub (Jan 21, 2021):

@rouben I use MySQL 8 instance offered by DigitalOcean Management Database servcie, so I couldn't change the global auth type, but I can changed this for a single user, and I did it, but the error still happens, the v1.17 is worked for this user-specified workaround.

@everyx I tried the per-user override as well with no success. The only thing that worked for me is the server-level setting. Unfortunately with a managed MySQL instance you may not have the ability to change that setting. Having said this, I don't know why the previous release of BitWarden-RS MySQL docker build did work with the per-user override. There is speculation that it may have something to do with the build image for the MySQL enabled BitWatden-RS binary within this docker image...

@rouben commented on GitHub (Jan 21, 2021): > @rouben I use MySQL 8 instance offered by DigitalOcean Management Database servcie, so I couldn't change the global auth type, but I can changed this for a single user, and I did it, but the error still happens, the v1.17 is worked for this user-specified workaround. @everyx I tried the per-user override as well with no success. The only thing that worked for me is the server-level setting. Unfortunately with a managed MySQL instance you may not have the ability to change that setting. Having said this, I don't know why the previous release of BitWarden-RS MySQL docker build did work with the per-user override. There is speculation that it may have something to do with the build image for the MySQL enabled BitWatden-RS binary within this docker image...
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#892