Bug #101769 Provide more flexible port binding for MySQL
Submitted: 26 Nov 2020 9:03 Modified: 26 Nov 2020 9:16
Reporter: Simon Mudd (OCA) Email Updates:
Status: Verified Impact on me:
Category:MySQL Server: Options Severity:S4 (Feature request)
Version:all, 8.0 OS:Any
Assigned to: CPU Architecture:Any
Tags: admin, BIND, infrastructure, multiple, port

[26 Nov 2020 9:03] Simon Mudd
This is related to: https://bugs.mysql.com/bug.php?id=101729.

Why limit the ports that mysqld can listen on to 2?

For some maintenance type usage it would be good to be able to have another dedicated port used by replication clients to reach their master. (The specific port being configured on the master.) This allows me to block access for applications without affecting replication behaviour.

In a similar vein I think the admin port is not intended for "general use". I have multiple systems monitoring mysqld behaviour and it would be convenient to be able to give them a dedicated port to use (as this is for "infrastructure usage") rather than use the port dedicated to normal "app usage".  Think of general monitoring or something like orchestrator in this case.

So the admin port is good, it is intended for limited use for "special admin use" but I'm not sure that you expect it to be used by a lot of monitoring applications. That probably does not make sense.

Extending the current infrastructure to allow mysqld to listen on multiple ports would be convenient, and maybe replacing the single "bind" and "port" settings to a list of ports would be a good move forward.

You already have 4 types of ports configured: standard port / a unix socket / the mysqlx port / admin port, each with their own specific settings. This is probably more complex than necessary as the changes have been added incrementally.

How to repeat:
Consider how to control access to multiple types of "users":

* admins
* replication clients (talking to their master)
* apps
* infrastructure monitoring

In theory much of this can be done via firewall filters but as the infrastructure becomes more dynamic and complex this also becomes harder to manage. So more explicit help from MySQL here would hopefully simplify the management of such types of user access.

Suggested fix:
- Provide a bind/port parameter which can take a list of address/ports to bind to for listening on for "client" connections.
- don't forget to make these settings dynamic

Secondary but related (as I have seen a need for this in the past):
- consider adding a max_connections limit for each bind/port parameter
- consider a mechanism to limit users to using one or more of these specific bind/ports.

Suggested names/format but clearly whatever makes sense would be good:

# a list of ports to use
# - port type admin/standard/mysqlx
# - max_connections value, if empty use max_connections or the admin_port limit
# - connection type: tcp/socket
# - bind address: * means anything
# - bind port/path to use, if empty use default port
listen_bind_ports = admin:10:tcp:, standard:10:socket:/var/lib/mysql/mysql.sock, standard::tcp:*:3306, standard:10:tcp:[::1]:3306, standard:10:tcp:, mysqlx:10000:*:33060
[26 Nov 2020 9:16] MySQL Verification Team
Hello Simon,

Thank you for the reasonable feature request!