Timeout when configuring mysql-plugin

Vault
1

I’m researching Vault to use it for MySQL auth. I’ve started a docker container with the following config

{
  "backend": {
    "file": {
      "path": "/vault/file"
    }
  },
  "listener": {
    "tcp":{
      "address": "0.0.0.0:8200",
      "tls_disable": 1
    }
  },
  "ui": true
}

After unseal, i’ve enabled the database secret:

$ vault secrets enable database
Success! Enabled the database secrets engine at: database/

Then tried to config the database credentials as follows:

vault write database/config/mysql-database \
plugin_name=mysql-database-plugin \
connection_url="{{username}}:{{password}}@tcp(myserver.example.com:3306)/" \
allowed_roles="vault-mysql-role" \
username="vault" \
password="vault"

After a while, i get:

Error writing data to database/config/mysql-database: context deadline exceeded

No errors shown in the Logs.
I’ve recreated the container, but the same happens. Do i need to configure something else before i can use this? I’ve found some examples on the web but some are out of date and others aren’t very clear about the procedure.

2

The database is up and running and a connection from the container through tcp is possible to establish?

3

DB is up and running. I’ve tested ping and name resolution from within the container and works fine. Now I realize i’m not getting to the 3306 port.
I didn’t know vault tries to connect to the db, i thought it was just a push to the registry. I’ll check fw and try again. Thanks.

4

The parameter verify_connection is buried in the depths of the documentation. The default is true. If set to false you could go further. Until a real connection should be established. :wink:

1 Like
5

Excelent! Thank you!

6

FWIW, I do also notice that you posted a config with “myserver.example.com” - just want to make sure that that’s either your real server location or intentionally redacted for the web.

7

I modified it for this post. :slight_smile:

1 Like