Aptible MySQL Databases require authentication and SSL to connect.
If you get the following error, you're probably not connecting over SSL:
ERROR 1045 (28000): Access denied for user 'aptible'@'ip-[IP_ADDRESS].ec2.internal' (using password: YES)
Some tools may require additional configuration to connect with SSL to MySQL:
- When connecting via the
mysqlcommand line client, add this option:
- When connecting via JetBrains DataGrip (through
aptible db:tunnel), you'll need to set
falsein the Advanced settings tab for the data source.
Most MySQL clients will not attempt verification of the server certificate by default, please consult your client's documentation to enable
verify-identity, or your client's equivalent option. The relevant documentation for the MySQL command line utility is here.
By default, MySQL Databases on Aptible use a server certificate signed by Aptible for SSL / TLS termination. Databases that have been running since prior to Jan 15th, 2021 will only have a self-signed certificate. See Database Encryption in Transit for more details.
Never transmit sensitive or regulated information without SSL. Connecting without SSL should only be done for troubleshooting or debugging.
For debugging purposes, you can connect to MySQL without SSL using the
aptible-nossl user. As the name implies, this user does not require SSL to connect.
If needed, you can connect as
root to your MySQL database. The password for
root is the same as that of the
Aptible provides you with full access to a MySQL instance. If you'd like to add more databases, you can do so by Connecting as
root, then using SQL to create the database:
/* Substitute NAME for the actual name you'd like to use */ CREATE DATABASE NAME; GRANT ALL ON NAME.* to 'aptible'@'%';
MySQL replicas can accept writes without being promoted. However, it should still be promoted to stop following the source Database so that it doesn't encounter issues when the source Database becomes available again. To do so, run the following commands on the Database:
STOP REPLICA IO_THREAD
SHOW PROCESSLISTuntil you see
Has read all relay login the output.
After the replica has been promoted, you should update your Apps to use the promoted replica as the primary Database. Once you start using the replica, you should not go back to using the original primary Database. Instead, continue using the promoted replica and create a new replica off of it.
Databases with replicas cannot be deleted so, in order to deprovision and old Database once you've failed over to a promoted replica, you'll need to contact Aptible Support to unlink the Databases. See the Deprovisioning a Database documentation for considerations when deprovisioning a Database.
On Aptible, binary logging is enabled (i.e. MySQL is configured with
sync-binlog = 1). Committed transactions are therefore guaranteed to be written to disk.
We very strongly recommend against relying only on
SET GLOBAL with Aptible MySQL Databases.
Indeed, any configuration parameters added using
SET GLOBAL will be discarded if your Database is restarted (e.g. as a result of exceeding Memory Limits, the underlying hardware crashing, or simply as a result of a Database Scaling operation). In this scenario, unless your app automatically detects this condition and uses
SET GLOBAL again, your custom configuration will no longer be present.
However, our support team is happy to accommodate reasonable configuration changes so that they can be persisted across restarts (by adding them to a configuration file). So, if you're contemplating using
SET GLOBAL, please get in touch with Aptible Support to apply the setting persistently, as well.
MySQL Databases on Aptible autotune their buffer pool and chunk size based on the size of their container in order to improve performance. See the image's public git repo for details.
Aptible MySQL Databases support connections via the following protocols:
- For MySQL versions 5.6, 5.7, and 8.0:
Updated 9 months ago