Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th October 2012, 18:20
KoS KoS is offline
Member
 
Join Date: Aug 2012
Posts: 52
Thanks: 4
Thanked 3 Times in 3 Posts
Default Monitor - Status of Services - How are the checks performed?

Hi

i have a multiserver installation. on the mysql-server the monitoring always shows that the mysql service is not running. how is the test performed? checking if the localhost socket exists? making a network connection? including actual login on the mysql server?

greets
KoS
Reply With Quote
Sponsored Links
  #2  
Old 19th October 2012, 18:49
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,504
Thanks: 813
Thanked 5,266 Times in 4,129 Posts
Default

Ensure that mysql listens on localhost tcp socket as described in the installation guides.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 21st October 2012, 11:36
KoS KoS is offline
Member
 
Join Date: Aug 2012
Posts: 52
Thanks: 4
Thanked 3 Times in 3 Posts
Default

is there a reason that it has to listen on TCP localhost? as the checks are made on the local machine, it would be fine to use the unix socket?

in my situation (and i suppose others that use the multiserver setup have the same) the mysql server listents only on the network interface of the "internal network". e.g. eth0 has a public ip, and eth1 is the internal network. the firewall rules permit only access over eth1, so yes i could let the mysql daemon listens on all interfaces, but its "cleaner" to have it explicitly listen only on the interface that is needed. and the problem with mysql is that you cannot have it listen on multiple interfaces (e.g. loopback and eth1), but only on a single interface or on ALL interfaces.

would a patch be welcome to change the check behaviour to unix socket?
Reply With Quote
  #4  
Old 21st October 2012, 11:43
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

According to the Perfect Server guides, you must set up MySQL to listen on TCP on all interfaces because otherwise ISPConfig will not be able to configure remote access to MySQL databases if desired.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 21st October 2012, 21:09
KoS KoS is offline
Member
 
Join Date: Aug 2012
Posts: 52
Thanks: 4
Thanked 3 Times in 3 Posts
Default

until now i hadn't had any problems to create databases that have remote access. as already written it is mandatory for all my users to have remote access to the database, so i would have noticed if that didn't work.

so i will loosen my firewall rules to have the monitoring right ;-)
Reply With Quote
  #6  
Old 22nd October 2012, 08:42
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,504
Thanks: 813
Thanked 5,266 Times in 4,129 Posts
Default

Quote:
so i will loosen my firewall rules to have the monitoring right ;-)
No, the monitoring is done on localhost and not the external eth0 network card, you normally never block requests on localhost by a firewall as it would not maky any sense to block IP 127.0.0.1. The ispconfig firewall does not block it, if you added manual firewall rules, then open localhost.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 22nd October 2012, 10:10
KoS KoS is offline
Member
 
Join Date: Aug 2012
Posts: 52
Thanks: 4
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by till View Post
No, the monitoring is done on localhost and not the external eth0 network card, you normally never block requests on localhost by a firewall as it would not maky any sense to block IP 127.0.0.1. The ispconfig firewall does not block it, if you added manual firewall rules, then open localhost.
sorry i didn't mean loosen the firewall rules, but loosen the overall security. no i don't block anything on localhost and as you said that wouldn't make any sense. but as i already wrote, i have two network interfaces (eth0 and eth1, and obviously loopback) and with mysql it is not possible to listen on multiple network interfaces. only on ONE or ALL, so if i would like to have the mysql daemon listen on loopback too (and not only eth1) i would have to make it listen on eth0 too, which is the public interfaces.
Reply With Quote
  #8  
Old 22nd October 2012, 10:14
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,504
Thanks: 813
Thanked 5,266 Times in 4,129 Posts
Default

You can e.g. enable mysql to listen on all interfaces and then close the mysql port in the firewall for the external network card.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 22nd October 2012, 10:40
KoS KoS is offline
Member
 
Join Date: Aug 2012
Posts: 52
Thanks: 4
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by till View Post
You can e.g. enable mysql to listen on all interfaces and then close the mysql port in the firewall for the external network card.
sure, but the "cleaner" way is to only make daemons listen on the interfaces that are needed, and not to have the firewall to close the wholes in the system :-)
Reply With Quote
  #10  
Old 22nd October 2012, 10:53
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,504
Thanks: 813
Thanked 5,266 Times in 4,129 Posts
 
Default

Then you might have to make a feature request to Oracle that the allow binding to multiple interfaces e.g. by allowing comma separated values in my.cnf file for bind address. Mysql is a bit limited in this config option.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter warnings esezako General 7 27th September 2011 07:28
Please review RKHUNTER Log jmh_fl General 1 27th April 2010 16:44
Our mailserver hacked ??? - a lot of SPAM is being send out mazgit Installation/Configuration 9 14th February 2010 14:12
Debian 5.0 'hangs' GHz Installation/Configuration 5 1st October 2009 12:57
domains not accessible gillesdevals Installation/Configuration 3 17th June 2009 09:12


All times are GMT +2. The time now is 16:14.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.