Hello everyone,
I’m working on integrating MySQL (Percona XtraDB Cluster 8.4.4-4.1) with HashiCorp Vault using the keyring_vault component. I’ve successfully used other keyring components in the cluster previously.
I’ve followed these steps to configure keyring_vault:
-
Manifest File (
mysqld.my):
I created themysqld.myfile and placed it in the directory where themysqldexecutable is located (i.e.,/usr/sbin/).
mysqld.mycontent:{ "components": "file://component_keyring_vault" } -
Component Configuration File (
component_keyring_vault.cnf):
I created this file in the MySQL plugin directory (e.g.,/usr/lib/mysql/plugin/).
component_keyring_vault.cnfcontent:{ "read_local_config": false, "vault_url": "http://10.169.100.127:8200", "secret_mount_point": "secrets/mysql_vault", "token": "hvs.mytokenhere", // Replaced with my actual token "secret_mount_point_version": "AUTO", "timeout": 15 }Note: I’m intentionally using HTTP (no TLS) for initial debugging.
-
Vault Setup:
On the HashiCorp Vault side, I’ve successfully created a KV Secrets Engine version 2 (kv-v2) at the pathsecrets/mysql_vaultand ensured the token has all necessary permissions (create,read,update,delete,list) for that path.
The Problem:
When I try to start the MySQL service (sudo systemctl start mysql), it fails to start. The most concerning part is that the MySQL error log (/var/log/mysql/error.log) remains completely empty, with no new entries whatsoever after the startup attempt. I can’t seem to figure out why MySQL isn’t even attempting to log errors.
It appears MySQL is crashing at a very early stage, before it even begins its logging process. Could I have misplaced the manifest file, or is there another extremely early point of failure that prevents log writing?
Any thoughts or guidance on how to debug this situation would be greatly appreciated!
Thanks in advance.