Aptible PaaS logoDocs

MySQL

Available Versions

The following versions of MySQL are available:

  • MySQL 5.6, 5.7
  • MySQL 8.0

Connecting to MySQL

Aptible MySQL Databases require authentication and SSL to connect.

Connecting with SSL

If you get the following error, you're probably not connecting over SSL:

ERROR 1045 (28000): Access denied for user 'aptible'@'ip-[IP_ADDRESS].ec2.internal' (using password: YES)

Some tools may require additional configuration to connect with SSL to MySQL:

  • When connecting via the mysql command line client, add this option: --ssl-cipher=DHE-RSA-AES256-SHA.
  • When connecting via JetBrains DataGrip (through aptible db:tunnel), you'll need to set useSSL to true and verifyServerCertificate to false in the Advanced settings tab for the data source.

Most MySQL clients will not attempt verification of the server certificate by default; please consult your client's documentation to enable verify-identity, or your client's equivalent option. The relevant documentation for the MySQL command line utility is here.

By default, MySQL Databases on Aptible use a server certificate signed by Aptible for SSL / TLS termination. Databases that have been running since prior to Jan 15th, 2021, will only have a self-signed certificate. See Database Encryption in Transit for more details.

Connecting without SSL

❗️Never transmit sensitive or regulated information without SSL. Connecting without SSL should only be done for troubleshooting or debugging.

For debugging purposes, you can connect to MySQL without SSL using the aptible-nossl user. As the name implies, this user does not require SSL to connect.

Connecting as root

If needed, you can connect as root to your MySQL database. The password for root is the same as that of the aptible user.

Creating More Databases

Aptible provides you with full access to a MySQL instance. If you'd like to add more databases, you can do so by Connecting as root, then using SQL to create the database:

/* Substitute NAME for the actual name you'd like to use */
CREATE DATABASE NAME;
GRANT ALL ON NAME.* to 'aptible'@'%';

Replication

Source-replica replication is available for MySQL. Replicas can be created using the aptible db:replicate command.

Failover

MySQL replicas can accept writes without being promoted. However, it should still be promoted to stop following the source Database so that it doesn't encounter issues when the source Database becomes available again. To do so, run the following commands on the Database:

  1. STOP REPLICA IO_THREAD
  2. Run SHOW PROCESSLIST until you see Has read all relay log in the output.
  3. STOP REPLICA
  4. RESET MASTER

After the replica has been promoted, you should update your Apps to use the promoted replica as the primary Database. Once you start using the replica, you should not go back to using the original primary Database. Instead, continue using the promoted replica and create a new replica off it it.

Databases with replicas cannot be deleted so in order to deprovision an old Database once you've failed over to a promoted replica, you'll need to contact Aptible Support to unlink the Databases. See the Deprovisioning a Database documentation for considerations when deprovisioning a Database.

Data Integrity and Durability

On Aptible, binary logging is enabled (i.e., MySQL is configured with sync-binlog = 1). Committed transactions are therefore guaranteed to be written to disk.

Configuration

We strongly recommend against relying only on SET GLOBAL with Aptible MySQL Databases.

Any configuration parameters added using SET GLOBAL will be discarded if your Database is restarted (e.g. as a result of exceeding Memory Limits, the underlying hardware crashing, or simply as a result of a Database Scaling operation). In this scenario, unless your App automatically detects this condition and uses SET GLOBAL again, your custom configuration will no longer be present.

However, Aptible Support can accommodate reasonable configuration changes so that they can be persisted across restarts (by adding them to a configuration file). If you're contemplating using SET GLOBAL, please get in touch with Aptible Support to apply the setting persistently.

MySQL Databases on Aptible autotune their buffer pool and chunk size based on the size of their container to improve performance. See the image's public git repo for details.

Connection Security

Aptible MySQL Databases support connections via the following protocols:

  • For MySQL version 5.6 and 5.7: TLSv1.0, TLSv1.1, TLSv1.2
  • For MySQL version 8.0: TLSv1.2, TLSv1.3