0

I'm trying to figure out a way around this. Basically, I don't want anyone outside of our server to be able to try and connect to our DB's. As such, I have added this into my.conf:

skip-networking

Here is what I get when skip-networking is NOT enabled:

tcp6       0      0 :::3306                 :::*                    LISTEN      6957/mysqld
unix  2      [ ACC ]     STREAM     LISTENING     3911682  6957/mysqld         /var/run/mysqld/mysqld.sock

..but when I add it, it takes away the "listening" on port 3306:

sudo netstat -lnp | grep mysql
unix  2      [ ACC ]     STREAM     LISTENING     3909565  7356/mysqld         /var/run/mysqld/mysqld.sock

My monit script is pretty simple:

 check process mysqld with pidfile /var/run/mysqld/mysqld.pid
   group database
   group mysql
   start program = "/etc/init.d/mysql start"
   stop  program = "/etc/init.d/mysql stop"
   if failed host localhost port 3306 protocol mysql with timeout 15 seconds for 3 times within 4 cycles then restart
   if failed unixsocket /var/run/mysqld/mysqld.sock protocol mysql for 3 times within 4 cycles then restart
   if 5 restarts with 5 cycles then timeout
   depend mysql_bin
   depend mysql_rc

 check file mysql_bin with path /usr/sbin/mysqld
   group mysql
   include /etc/monit/templates/rootbin

 check file mysql_rc with path /etc/init.d/mysql
   group mysql
   include /etc/monit/templates/rootbin

Any suggestions? I reaLly want to keep skip-networking turned on, but if its going to stop Monit working, we may not have a choice (unless there is a work-around)

UPDATE: If I remove the following line, as suggested:

if failed host localhost port 3306 protocol mysql with timeout 15 seconds for 3 times within 4 cycles then restart

Then when I reboot Monit, I get this error:

[UTC Oct  9 13:00:45] error    : 'mysqld' process is not running
[UTC Oct  9 13:00:45] info     : 'mysqld' trying to restart
[UTC Oct  9 13:00:45] info     : 'mysqld' start: /etc/init.d/mysql
[UTC Oct  9 13:01:15] error    : 'mysqld' failed to start (exit status 127) -- /etc/init.d/mysql: Cannot execute --sync_binlog=0

UPDATE 2: Ok, so not quite the solution I was thinking of - but its had the same effect. What I have done, is closed port 3306 to anything except 127.0.0.1 , which means it will only allow incoming traffic from the server, and not outside. I then removed the skip-networking part from my.cnf, as I don't want to turn off the networking now

Thanks

Andy

Andrew Newby
  • 1,041
  • 1
  • 22
  • 48
  • 1
    Yes, when you specifically disable networking MySQL will stop listening to TCP port 3306. What is the problem, if that is how you configure MySQL? Simply remove the network connectivity test from Monit (AFAIK the line with `localhost port 3306 protocol mysql`) and you're done... – HBruijn Oct 09 '17 at 12:17
  • @HBruijn thanks - I then get this error: `Execution failed` – Andrew Newby Oct 09 '17 at 12:54
  • @HBruijn - I have added some error logs in the opening question. – Andrew Newby Oct 09 '17 at 13:03
  • Why don't you use skip-networking and remove the tcp test? You're testing if the unix socket is connected so you should be just fine with testing if mysql is reachable. – allo Oct 09 '17 at 15:01

1 Answers1

1

You can bind to 127.0.0.1, but keep in mind that interface only will have access to mysql.

Diego Velez
  • 780
  • 1
  • 6
  • 13