18

I am using docker-compose to create mysql container. I get host IP 172.21.0.2. But when I connect mysql. I get error:

  1. My docker-compose.yml:

    version: '2'
    services:
    
    ### Mysql container
        mysql:
          image: mysql:latest
          ports:
           - "3306:3306"
          volumes:
           - /var/lib/mysql:/var/lib/mysql
         environment:
           MYSQL_ROOT_PASSWORD: root
           MYSQL_DATABASE: test_db
           MYSQL_USER: test
           MYSQL_PASSWORD: test_pass
    
  2. Get my host IP docker inspect db_mysql_1 | grep IPAddress

    "IPAddress": "172.21.0.2",

  3. Access mysql: mysql -h 172.21.0.2 -P 3306 -u root -proot.

    ERROR 1130 (HY000): Host '172.21.0.1' is not allowed to connect to this MySQL server

How can I connect to mysql container?

David Makogon
  • 2,767
  • 1
  • 19
  • 29
Quoc Dat
  • 183
  • 1
  • 1
  • 6

5 Answers5

32

You can pass an extra environment variable when starting the MySQL container MYSQL_ROOT_HOST=<ip> this will create a root user with permission to login from given IP address. In case where you want to allow login from any IP you can specify MYSQL_ROOT_HOST=%.

This will work only for a newly created containers.

When spinning new container:

docker run --name some-mysql -e MYSQL_ROOT_HOST=% -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql:latest

In compose file it would be:

version: '2'
services:

  ### Mysql container
  mysql:
    image: mysql:latest
    ports:
      - "3306:3306"
    volumes:
      - /var/lib/mysql:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: root
      MYSQL_DATABASE: test_db
      MYSQL_USER: test
      MYSQL_PASSWORD: test_pass
      MYSQL_ROOT_HOST: '%'  # needs to be enclosed with quotes
Taylor
  • 115
  • 1
  • 7
Mr.Coffee
  • 436
  • 4
  • 4
  • 2
    Should this still work for Docker version 18.09.1 and "mysql:5.7"? I have just tried it, confirmed that the container has the ENV_VAR correctly set, but I get the same error. – Nigini Jan 15 '19 at 04:49
  • dark ninja magic – satnhak Jan 24 '19 at 20:41
  • 5
    Hi, when I use the enviroment "MYSQL_ROOT_HOST: %", I receive the message: "ERROR: yaml.scanner.ScannerError: while scanning for the next token found character '%' that cannot start any token in "./docker-compose.yml", line 16, column 24", could you help me? – Allan Andrade Dec 03 '19 at 16:21
  • 1
    MYSQL_ROOT_HOST: '%' - The % needs be string enclosed – Ste Dec 14 '20 at 10:28
  • If you have a "broken" or misconfigured grant tables in the host `/var/lib/mysql` location, setting `MYSQL_ROOT_HOST=%` is not going to work because that "broken" grant tables is already exists on host. Create another mysql container using docker-compose that mounted to the host data location, enter the container terminal, start mysql with `mysqld_safe --skip-grant-tables`, and fix the grant tables using root (without password). In my case, I need to drop the problematic users, re-create and re-grant the privileges. This happened to me when I want to change the authentication method of a user. – Aryo Mar 26 '22 at 23:28
  • the command line doesn't work. – Artanis Zeratul Jul 17 '22 at 00:03
3

This way it worked for me:

MYSQL_ROOT_HOST: '%'
Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
Andrés
  • 31
  • 1
3

In my case. I deleted the volumes configuration and it worked.

ikenas
  • 131
  • 3
2

This is what worked for me:

docker exec -it mysql1 mysql -u root -p
update mysql.user set host='%' where user='root' and host = 'localhost';
flush privileges;

change mysql1 to your container name.

P.S: I'm not using docker-compose.

amrezzd
  • 131
  • 1
  • 2
2

When you connect to a MySQL server, it checks it’s GRANT table (the "user" table in the "mysql| database on the MySQL server) against the IP address of the connecting MySQL client machine. If there are NO MATCHING ENTRIES in the "host" column in the "user" table in the "mysql" database, MySQL will IMMEDIATELY CLOSE THE CONNECTION with ERROR 1130.

Check if the client is able to get to port 3306 (the MySQL port) on the database server:

telnet 172.21.0.2 3306
Trying ::1...
Connected to 172.21.0.2.
Escape character is '^]'.

You should log in to the MySQL server, and run "mysql" to check the grants table:

# mysql mysql

mysql> SELECT host,user FROM user;
+-----------------+-----------+
| host            | user      |
+-----------------+-----------+
| 172.21.0.5      | root      |
| 172.21.0.4      | root      |
| 127.0.0.1       | root      |
| ::1             | root      |
| localhost       | root      |

"root" is authorized to connect from several IP addresses, but not from the client IP 172.21.0.1. So, just add GRANT access from that IP:

mysql> GRANT ALL PRIVILEGES ON root.* TO 'your_db'@'172.21.0.1' IDENTIFIED BY 'Password';
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

Then, check your connection.

malyy
  • 131
  • 2