I am using Grafana v8.3.3 in a docker container within a kubernetes cluster.
I am trying to use the mysql database, which is a mariadb within a galera cluster, together with LDAP authentication.
I set up a local kubernetes cluster with kind, deployed an openldap server and the galera cluster. The openldap server has the uid with password set up and the mariadb has a user who can log be authenticated via LDAP and has full access to the grafana database. Both is tested manually. When I try to deploy the grafana instance with the database setting
# Either "mysql", "postgres" or "sqlite3", it's your choice
type = mysql
host = galera-mariadb-galera:3306
name = grafana
user = grafanauser
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
password = """password"""
the status switches to error and crashloopbackoff. The error log shows:
t=2022-01-19T08:30:51+0000 lvl=info msg="Connecting to DB" logger=sqlstore dbtype=mysql
t=2022-01-19T08:30:51+0000 lvl=eror msg=ShowSQL logger=sqlstore.xorm show=show
[mysql] 2022/01/19 08:30:51 auth.go:293: unknown auth plugin:dialog
t=2022-01-19T08:30:51+0000 lvl=info msg="[SQL] SELECT `TABLE_NAME` from `INFORMATION_SCHEMA`.`TABLES` WHERE `TABLE_SCHEMA`=? and `TABLE_NAME`=? []interface {}{\"galera\", \"migration_log\"} - took: 4.299ms" logger=sqlstore.xorm
t=2022-01-19T08:30:51+0000 lvl=eror msg="alert migration failure: could not get migration log" logger=migrator error="failed to check table existence: this authentication plugin is not supported"
As soon as I set database type to sqlite3 I can deploy the grafana instance. When I log in then as admin I can see the LDAP plugin working and I can connect as grafanauser as well showing sucessfull connection in the LDAP log. Therefore I am concluding LDAP connection works for grafana and for galera on their own.
Before moving to kubernetes I used grafana and mariadb in a docker environment where I could use the mariadb as database with LDAP authentication. Therefore I expected it to work with a galera cluster in a kubernetes environment.
A comparable error message report in stackoverflow suggests to check the authorization plugin. This does not seem to be the problem in my case as the auth plugins look fine to me:
MariaDB [(none)]> select user, plugin from mysql.user;
+-------------+-----------------------+
| User | plugin |
+-------------+-----------------------+
| mariadb.sys | mysql_native_password |
| root | mysql_native_password |
| galera | pam |
| mariabackup | mysql_native_password |
| monitor | mysql_native_password |
| monitor | mysql_native_password |
| grafanauser | pam |
+-------------+-----------------------+
7 rows in set (0.002 sec)
Any help is appreciated.