Okay so schoolboy error here, at least I spotted my own mistake, some saving grace in that at least...
When I sent in my last reply showing the environment variables inside the guacamole container I noted the variables I was passing were encased in ' marks whereas the variables docker passed resulting from the --link parameters were not...removing my ' marks solved the problem. Sorry for wasting your time. Kelvin On Fri, 3 Jan 2020 at 10:28, Kelvin Middleton <[email protected]> wrote: > Thanks for the help Nick. > > I rechecked the username/password config between the guacamole and mysql > containers and they both matched but to be double sure I changed the > password for the guacamole_user account to be very simple but still I get > the same error. > > I believe the below shows a correctly configured mysql account which is > not limited to subnet, host or otherwise? > > bash-4.2# mysql -u root -p > Enter password: > Welcome to the MySQL monitor. Commands end with ; or \g. > Your MySQL connection id is 17 > Server version: 8.0.18 MySQL Community Server - GPL > > Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights > reserved. > > Oracle is a registered trademark of Oracle Corporation and/or its > affiliates. Other names may be trademarks of their respective > owners. > > Type 'help;' or '\h' for help. Type '\c' to clear the current input > statement. > > mysql> select user,host from mysql.user; > +------------------+-----------+ > | user | host | > +------------------+-----------+ > | guacamole_user | % | > | healthchecker | localhost | > | mysql.infoschema | localhost | > | mysql.session | localhost | > | mysql.sys | localhost | > | root | localhost | > +------------------+-----------+ > 6 rows in set (0.00 sec) > > mysql> show grants for guacamole_user > -> ; > > +----------------------------------------------------------------------------------+ > | Grants for guacamole_user@% > | > > +----------------------------------------------------------------------------------+ > | GRANT USAGE ON *.* TO `guacamole_user`@`%` > | > | GRANT SELECT, INSERT, UPDATE, DELETE ON `guacamole_db`.* TO > `guacamole_user`@`%` | > > +----------------------------------------------------------------------------------+ > 2 rows in set (0.01 sec) > > Okay so this last part is the bit I'm getting a little confused over, your > reference to a guacamole.properties file...I have done a lot of reading as > best I could locate documentation and articles other than @ > https://guacamole.apache.org/doc/gug/ and my current understanding is > that when using docker containers best practice is to avoid directly > editing configuration files via a shell and instead pass environment > variables in the 'docker run' command to supply the necessary credentials, > at least to get this part of the build working. Am I mistaken? > > My comment to creating the guacamole container is as follows.. > > docker run --name guacamole --link guacd:guacd --link mysql:mysql -e > MYSQL_DATABASE='guacamole_db' -e MYSQL_USER='guacamole_user' -e > MYSQL_PASSWORD='password' -d -p 8080:8080 guacamole/guacamole > > The below is from a shell on the guacamole container showing the > environment variables present, I'm leaving the IP's visible as I'm just > using internal networking for now whilst I get this working... > > root@4ad292480b37:/etc# printenv | grep -i mysql > MYSQL_PASSWORD='password' > MYSQL_ENV_MYSQL_ROOT_PASSWORD=xxxxxxxxx > MYSQL_PORT_3306_TCP_PROTO=tcp > MYSQL_PORT_33060_TCP_PORT=33060 > MYSQL_DATABASE='guacamole_db' > MYSQL_NAME=/guacamole/mysql > MYSQL_PORT=tcp://172.17.0.2:3306 > MYSQL_PORT_3306_TCP=tcp://172.17.0.2:3306 > MYSQL_USER='guacamole_user' > MYSQL_PORT_3306_TCP_PORT=3306 > MYSQL_PORT_3306_TCP_ADDR=172.17.0.2 > MYSQL_PORT_33060_TCP_ADDR=172.17.0.2 > MYSQL_PORT_33060_TCP_PROTO=tcp > MYSQL_PORT_33060_TCP=tcp://172.17.0.2:33060 > > Thanks, > > Kelvin > > On Thu, 2 Jan 2020 at 19:15, Nick Couchman <[email protected]> wrote: > >> On Thu, Jan 2, 2020 at 11:30 AM Kelvin Middleton < >> [email protected]> wrote: >> >>> Hi, I'm new to gaucamole so trying to setup my first working conf to >>> test and am having new user *issues*. >>> >>> I'm using docker with linux containers on a Windows host and have guacd, >>> mysql and guacamole all up and running. However when I attempt to load the >>> web interface at http://localhost/guacamole/ I get a blank webpage and >>> the docker logs on the guacamole server show... >>> >>> 13:55:54.844 [http-nio-8080-exec-9] ERROR o.a.g.rest.RESTExceptionMapper >>> - Unexpected internal error: >>> ### Error querying database. Cause: java.sql.SQLException: Access >>> denied for user 'guacamole_user'@'xxx.xx.x.x' (using password: YES) >>> ### The error may exist in >>> org/apache/guacamole/auth/jdbc/user/UserMapper.xml >>> ### The error may involve >>> org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne >>> ### The error occurred while executing a query >>> ### Cause: java.sql.SQLException: Access denied for user >>> 'guacamole_user'@'xxx.xx.x.x' (using password: YES) >>> >>> I've validated the guacamole_user account is working and accepting both >>> local and remote connections and the grants on the database match all >>> documentation I've seen. >>> >> >> This indicates the following items: >> 1) The MySQL extension is correctly installed within the Docker image. >> 2) The MySQL server is up and running and responding. >> 3) The username or password is incorrectly configured. Since it looks >> like the account name is correct, I suspect that the password is >> misconfigured somewhere - either mis-matched between the server and the >> Guacamole configuration, or not being correctly passed through to the >> Docker container. >> >> I'd suggest that you get a shell going in the Guacamole Client Docker >> container and look at the guacamole.properties file and make sure that the >> password for the MySQL extension is present in the file, and the value is >> what you expect. It's also possible, depending on how you've configured >> that user account in MySQL, that the IP address being used to access it is >> not the same as the one you configured when you issued the GRANT statement >> for the guacamole_user account. Make sure that matches up. >> >> -Nick >> >>>
