Monitor - Status of Services - How are the checks performed?

[KoS]

Hi

i have a multiserver installation. on the mysql-server the monitoring always shows that the mysql service is not running. how is the test performed? checking if the localhost socket exists? making a network connection? including actual login on the mysql server?

greets
KoS

[till]

Ensure that mysql listens on localhost tcp socket as described in the installation guides.

[KoS]

is there a reason that it has to listen on TCP localhost? as the checks are made on the local machine, it would be fine to use the unix socket?

in my situation (and i suppose others that use the multiserver setup have the same) the mysql server listents only on the network interface of the "internal network". e.g. eth0 has a public ip, and eth1 is the internal network. the firewall rules permit only access over eth1, so yes i could let the mysql daemon listens on all interfaces, but its "cleaner" to have it explicitly listen only on the interface that is needed. and the problem with mysql is that you cannot have it listen on multiple interfaces (e.g. loopback and eth1), but only on a single interface or on ALL interfaces.

would a patch be welcome to change the check behaviour to unix socket?

[falko]

According to the Perfect Server guides, you must set up MySQL to listen on TCP on all interfaces because otherwise ISPConfig will not be able to configure remote access to MySQL databases if desired.

[KoS]

until now i hadn't had any problems to create databases that have remote access. as already written it is mandatory for all my users to have remote access to the database, so i would have noticed if that didn't work.

so i will loosen my firewall rules to have the monitoring right ;-)

[till]

Quote:

so i will loosen my firewall rules to have the monitoring right ;-)

No, the monitoring is done on localhost and not the external eth0 network card, you normally never block requests on localhost by a firewall as it would not maky any sense to block IP 127.0.0.1. The ispconfig firewall does not block it, if you added manual firewall rules, then open localhost.

[KoS]

Quote:

Originally Posted by till

No, the monitoring is done on localhost and not the external eth0 network card, you normally never block requests on localhost by a firewall as it would not maky any sense to block IP 127.0.0.1. The ispconfig firewall does not block it, if you added manual firewall rules, then open localhost.

sorry i didn't mean loosen the firewall rules, but loosen the overall security. no i don't block anything on localhost and as you said that wouldn't make any sense. but as i already wrote, i have two network interfaces (eth0 and eth1, and obviously loopback) and with mysql it is not possible to listen on multiple network interfaces. only on ONE or ALL, so if i would like to have the mysql daemon listen on loopback too (and not only eth1) i would have to make it listen on eth0 too, which is the public interfaces.

[till]

You can e.g. enable mysql to listen on all interfaces and then close the mysql port in the firewall for the external network card.

[KoS]

Quote:

Originally Posted by till

You can e.g. enable mysql to listen on all interfaces and then close the mysql port in the firewall for the external network card.

sure, but the "cleaner" way is to only make daemons listen on the interfaces that are needed, and not to have the firewall to close the wholes in the system :-)

[till]

Then you might have to make a feature request to Oracle that the allow binding to multiple interfaces e.g. by allowing comma separated values in my.cnf file for bind address. Mysql is a bit limited in this config option.