ER_HOST_NOT_PRIVILEGED - docker container fails to connect to mariadb

Question

I'm trying to get a docker container to work with mariadb and node.js images. The container will use an existing database in /home/mysql . However, when the container is launched, I'm getting this "failed to connect" error in node.js:

Error: ER_HOST_NOT_PRIVILEGED: 
Host '172.18.0.5' is not allowed to connect to this MariaDB server

Here's my docker-compose.yml:

version: '3'
services:
  mariadb:
    image: mariadb
    restart: always
    volumes:
     - /home/mysql:/var/lib/mysql
    user: "mysql"
    ports:
      - "3306:3306"
  watch:
    build: .
    restart: always
    links:
      - mariadb:mysql
    environment:
      - DOCKER_IP=172.18.0.2
    depends_on: ['mariadb']
    ports:
      - "3000:3000"

After reading this thread , I found that mysql is actually running, but it fails to let other services connect:

These are some of the steps I have checked. As you can see, I can log in to the mysql instance:

    $ docker exec -it 552aae9ea09c bash

    mysql@552aae9ea09c:/$ mysql -u root -p
    Enter password: *******

    MariaDB [(none)]> SELECT host, user FROM mysql.user;
    +-------------+------------------+
    | host        | user             |
    +-------------+------------------+
    | 127.0.0.1   | root             |
    | ::1         | root             |
    | someusername|                  |
    | someusername| root             |
    | localhost   |                  |
    | localhost   | dbusername       |
    | localhost   | databasename     |
    | localhost   | root             |
    +-------------+------------------+
    8 rows in set (0.00 sec)


mysql@552aae9ea09c:/$ mysqld --verbose --help | grep bind-address

2017-11-13 17:35:40 139825857279872 [Note] Plugin 'FEEDBACK' is disabled.
  --bind-address=name IP address to bind to.

bind-address                                       (No default value)

One thing to note is that even though I've explicitly set the user to mysql in the yml file, these three files in /home/mysql: ib_logfile0 , ib_logfile1 , ib_buffer_pool are still under the group of systemd-journal-remote , which I suspect has something to do with the connection failure.( reference )

Answer 1

The error you are receiving is caused by the fact that MariaDB thinks you are not authorized to connect to the server. This means that you haven't created a database user for the Node.js app or the grants for that user are incorrect.

A fool-proof way to solve this is to create a separate user for the Node.js application. You can automate this by writing the following SQL into a file and mounting the volume into /docker-entrypoint-initdb.d .

CREATE USER 'my-app-user'@'%' IDENTIFIED BY 'my-app-password';
GRANT ALL ON *.* TO 'my-app-user'@'%';

Change the username and password accordingly and reduce the given privileges from the ALL privilege. You can also change the wildcard hostname % to a specific IP address or hostname.

Answer 2

Simply run this sql query:

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password'

(assuming that you are connecting as the root user)