Connecting to a MySQL® cluster
How do I connect to a cluster?
View the connection examples in this guide or on the cluster page in the management console (click Connect in the top panel).
MySQL® hosts with public access only support connections with an SSL certificate.
There are also special FQDNs pointing to the current master and most recent replica of the cluster.
Why cannot I connect from the internet?
Check whether your host is publicly accessible. To do this, in the management console:
- Navigate to the folder dashboard and select Managed Service for MySQL.
- Click the name of your cluster and open the Hosts tab.
- Check the Public access column value for your host.
MySQL® hosts with public access only support connections with an SSL certificate.
Additionally, consider the following:
- If public access in your cluster is only enabled for certain hosts, automatic master failover can make the master unreachable from the internet.
- If you are using special FQDNs, check the host list to make sure the current master or replica have public access.
- If you are using Security groups, check their settings.
Why cannot I connect from Yandex Cloud?
Make sure the Yandex Cloud VM you are connecting from is in the same virtual network as the MySQL® cluster.
To do this, in the management console:
- Navigate to the folder dashboard, select Managed Service for MySQL, and click the name of your cluster.
- Check the Cloud network value and click the network’s name to see its subnets.
- Make sure your VM is in one of the network’s subnets.
Additionally, consider the following:
- If you are connecting to a publicly accessible host, make sure to use an SSL certificate.
- If you are using special FQDNs, check the host list to make sure the current master or replica have public access.
- If you are using Security groups, check their settings.
Why cannot I connect to a multi-host cluster?
If public access in your cluster is only enabled for certain hosts, automatic master failover can make the master unreachable from the internet.
Check whether your host is publicly accessible. To do this, in the management console:
- Navigate to the folder dashboard and select Managed Service for MySQL.
- Click the name of your cluster and open the Hosts tab.
- Check the Public access column value for your host.
Additionally, consider the following:
-
If you are using special FQDNs, check the host list to make sure the current master or replica have public access.
-
If you cannot connect to the host you added, check that the cluster security group is properly configured for the subnet containing your host.
Can I connect to cluster hosts over SSH or get superuser privileges on hosts?
You cannot connect to hosts via SSH. This is done for the sake of security and user cluster fault tolerance because direct changes inside a host can render it completely inoperable.
What should I do if I get a revocation check error when using PowerShell to obtain an SSL certificate?
Here is the full text of the error message:
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012)
The revocation function was unable to check revocation for the certificate
This means that the service was unable to verify the site’s certificate against the revocation list during the connection attempt.
To fix this error:
-
Make sure your corporate network policies are not blocking the verification.
-
Run the following command with the
--ssl-no-revokeflag:mkdir $HOME\.mysql; curl.exe --ssl-no-revoke -o $HOME\.mysql\root.crt https://storage.yandexcloud.net/cloud-certs/CA.pem
Why would the connection limit be exceeded?
The maximum number of concurrent connections to a Managed Service for MySQL® cluster host is defined by the max_connections setting, which defaults to <MB_of_RAM_per_host> ÷ 32 and cannot be lower than 100.
For example, for a s1.micro (2 vCPU, 8 GB) host, the default max_connections value is 8,192 ÷ 32 = 256.
You can change the Max connections value in the cluster settings.