You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Plugin: validate_password is enabled and cannot be disabled (security policy requirement)
OS: CentOS 7
Architecture: x86_64
Startup method: running binary directly
🧵 Description
I’m using mysqld_exporter to monitor a MySQL 8.0.30 instance that has the validate_password plugin enabled (mandatory in production due to security compliance). While the exporter starts up normally and listens on port 9104, accessing the /metrics endpoint immediately fails with the following error:
An error has occurred while serving metrics:
7 error(s) occurred:
[from Gatherer Added docker file #2] collected metric "mysql_global_variables_validate_password_check_user_name" { gauge:{value:1}} was collected before with the same name and label values
[from Gatherer Added docker file #2] collected metric "mysql_global_variables_validate_password_length" { gauge:{value:8}} was collected before with the same name and label values
[from Gatherer Added docker file #2] collected metric "mysql_global_variables_validate_password_mixed_case_count" { gauge:{value:1}} was collected before with the same name and label values
[from Gatherer Added docker file #2] collected metric "mysql_global_variables_validate_password_number_count" { gauge:{value:1}} was collected before with the same name and label values
[from Gatherer Added docker file #2] collected metric "mysql_global_variables_validate_password_special_char_count" { gauge:{value:1}} was collected before with the same name and label values
[from Gatherer Added docker file #2] collected metric "mysql_global_status_validate_password_dictionary_file_last_parsed" { untyped:{value:1.744627442e+09}} was collected before with the same name and label values
[from Gatherer Added docker file #2] collected metric "mysql_global_status_validate_password_dictionary_file_words_count" { untyped:{value:0}} was collected before with the same name and label values
This completely breaks Prometheus integration as no metrics can be scraped.
🔍 What I’ve Tried
Tried minimal --collect.* flags to avoid metric overlap (e.g. only global_status, global_variables)
Ensured exporter MySQL user has appropriate permissions (PROCESS, REPLICATION CLIENT, SELECT, and SELECT on performance_schema)
Verified exporter can connect to MySQL (no password issues)
Confirmed validate_password variables appear in SHOW GLOBAL VARIABLES
Cannot disable the plugin in our environment (production restriction)
❗ Critical Problem
This is not just a duplicate-metric warning — once the validate_password plugin is enabled, the exporter completely fails to serve /metrics, meaning the service becomes unusable for monitoring.
❓ Questions
Is this a known issue in mysqld_exporter 0.15.0?
Has this been fixed in 0.15.1 or a newer version?
Is there a way to exclude or skip certain MySQL variables like those from validate_password?
Are there any recommended workarounds or best practices for this case?
Environment
mysqld_exporter version: 0.15.0
MySQL version: 8.0.30
Plugin: validate_password is enabled and cannot be disabled (security policy requirement)
OS: CentOS 7
Architecture: x86_64
Startup method: running binary directly
🧵 Description
I’m using mysqld_exporter to monitor a MySQL 8.0.30 instance that has the validate_password plugin enabled (mandatory in production due to security compliance). While the exporter starts up normally and listens on port 9104, accessing the /metrics endpoint immediately fails with the following error:
An error has occurred while serving metrics:
7 error(s) occurred:
This completely breaks Prometheus integration as no metrics can be scraped.
🔍 What I’ve Tried
Tried minimal --collect.* flags to avoid metric overlap (e.g. only global_status, global_variables)
Ensured exporter MySQL user has appropriate permissions (PROCESS, REPLICATION CLIENT, SELECT, and SELECT on performance_schema)
Verified exporter can connect to MySQL (no password issues)
Confirmed validate_password variables appear in SHOW GLOBAL VARIABLES
Cannot disable the plugin in our environment (production restriction)
❗ Critical Problem
This is not just a duplicate-metric warning — once the validate_password plugin is enabled, the exporter completely fails to serve /metrics, meaning the service becomes unusable for monitoring.
❓ Questions
Is this a known issue in mysqld_exporter 0.15.0?
Has this been fixed in 0.15.1 or a newer version?
Is there a way to exclude or skip certain MySQL variables like those from validate_password?
Are there any recommended workarounds or best practices for this case?