Cannot configure group replication

jevgeni · January 11, 2023, 6:37pm

this is the guide, I am using.
mysql version is Persona 8.0.30

But when I start START GROUP_REPLICATION on secondary node, this secondary node remains in RECOVERING state for a minute and the it is in ERROR state.

I checked the error log of this secondary node and:
2023-01-11T18:14:54.843518Z 67 [ERROR] [MY-010584] [Repl] Slave I/O for channel ‘group_replication_recovery’: error connecting to master ‘replica@dev8-db01:3306’ - retry-time: 60 retries: 1 message: Authentication plugin ‘caching_sha2_password’ reported error: Authentication requires secure connection. Error_code: MY-002061
2023-01-11T18:14:54.845546Z 24 [ERROR] [MY-011582] [Repl] Plugin group_replication reported: ‘There was an error when connecting to the donor server. Please check that group_replication_recovery channel credentials and all MEMBER_HOST column values of performance_schema.replication_group_members table are correct and DNS resolvable.’
2023-01-11T18:14:54.845587Z 24 [ERROR] [MY-011583] [Repl] Plugin group_replication reported: ‘For details please check performance_schema.replication_connection_status table and error log messages of Slave I/O for channel group_replication_recovery.’
2023-01-11T18:15:54.894429Z 24 [System] [MY-010597] [Repl] ‘CHANGE MASTER TO FOR CHANNEL ‘group_replication_recovery’ executed’. Previous state master_host=‘dev8-db01’, master_port= 3306, master_log_file=‘’, master_log_pos= 4, master_bind=‘’. New state master_host=‘dev8-db01’, master_port= 3306, master_log_file=‘’, master_log_pos= 4, master_bind=‘’.
2023-01-11T18:15:54.937927Z 73 [Warning] [MY-010897] [Repl] Storing MySQL user name or password information in the master info repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START SLAVE; see the ‘START SLAVE Syntax’ in the MySQL Manual for more information.
2023-01-11T18:15:54.945115Z 73 [ERROR] [MY-010584] [Repl] Slave I/O for channel ‘group_replication_recovery’: error connecting to master ‘replica@dev8-db01:3306’ - retry-time: 60 retries: 1 message: Authentication plugin ‘caching_sha2_password’ reported error: Authentication requires secure connection. Error_code: MY-002061
2023-01-11T18:15:54.948648Z 24 [ERROR] [MY-011582] [Repl] Plugin group_replication reported: ‘There was an error when connecting to the donor server. Please check that group_replication_recovery channel credentials and all MEMBER_HOST column values of performance_schema.replication_group_members table are correct and DNS resolvable.’
2023-01-11T18:15:54.948720Z 24 [ERROR] [MY-011583] [Repl] Plugin group_replication reported: ‘For details please check performance_schema.replication_connection_status table and error log messages of Slave I/O for channel group_replication_recovery.’

matthewb · January 12, 2023, 2:33pm

It says in the log that you pasted above: “Authentication requires secure connection.”

Do you have SSL configured correctly on all members?

devdewboy · February 24, 2023, 12:33am

Hello,
I too am having this exact same issue and error messages. I am literally chasing my tail on this. Yes it says, “Authentication requires secure connection.” but setting SSL up is not straight forward following the MySQL docs. Do you have a process or article that explains how to enable SSL for the server as well group replication (group_replication_ssl_mode= REQUIRED) geared towards setting up Group Replication?

The nodes I have are using the mysql generated self signed certs. I copied them from the Primary to the the secondary node. The Primarty bootstraps fine and has started as the Primary, I can connect with users using the --SSL_MODE=REQUIRED. I don’t yet have require_secure_transport = ON enabled since this effectively breaks replication too

When using non SSL required Replication User, GROUP_REPLICATION is all good for the other node. Now I attempt to do the following 2 commands on the secondary node and then I get the errors above:

change replication source to source_user='rpl_user_ssl', source_password='password' for channel 'group_replication_recovery';
START GROUP_REPLICATION user='rpl_user_ssl', password='password

';
The node is always in a RECOVERING status.

Any assistance would be great!
Thanks,
DD

PS Using MySql 8.0.32

matthewb · March 7, 2023, 3:55pm

The following parameters are taking directly from our Group Replication 101 training class:

[mysqld]
group_replication_recovery_get_public_key = on

ssl_ca = /etc/ssl/mysql/ca.pem
ssl_cert = /etc/ssl/mysql/server-cert.pem
ssl_key = /etc/ssl/mysql/server-key.pem

group_replication_ssl_mode = REQUIRED
group_replication_recovery_use_ssl = ON;

You must bootstrap your cluster in secure mode. Either restart the cluster or here’s how you can transition to SSL:

mysql3/2/1> STOP GROUP_REPLICATION;

mysql3/2/1> SET PERSIST group_replication_ssl_mode = REQUIRED;

mysql1> SET GLOBAL group_replication_bootstrap_group = ON;

mysql1> START GROUP_REPLICATION;

mysql1> SET GLOBAL group_replication_bootstrap_group = OFF;

mysql2/3> START GROUP_REPLICATION;

Topic		Replies	Views
Group Replication / Worker failed executing transaction Percona Server for MySQL 8.0	1	3250	March 9, 2023
MySQL Group Replication ->Error on opening a connection to 192.168.2.1:33061 on local port: 33061.' Percona Distribution for MySQL mysql	1	8158	October 29, 2020
Replication fails from percona cluster Percona XtraBackup percona	4	984	December 26, 2023
Group replication failures and recovery MySQL & MariaDB	3	707	October 18, 2023
Replication 5.7.37 to 8.0.28 failing because of Replication Privilege Check Percona Server for MySQL 8.0 mysql	5	1589	April 1, 2022

Cannot configure group replication

Related topics