Bug #90395 Contribution by Facebook: Add admin TCP/IP port in mysql
Submitted: 11 Apr 2018 20:24 Modified: 3 Jan 11:34
Reporter: FBContrib Admin Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Connection Handling Severity:S4 (Feature request)
Version:8.0.4 OS:Any
Assigned to: CPU Architecture:Any

[11 Apr 2018 20:24] FBContrib Admin
Description:
Background innformation provided by Facebook:
Abstract:

This diff adds admin TCP/IP port in MySQL. This admin port is a separate TCP/IP port speaks MySQL protocol. Only users have SUPER_ACL can make connections to this port. Internally this port is handled by separate thread which is not part of the main thread pool thus it can accept a connection even when the number of connections have exceeded the limit on the master port so it won't have starving issue when server is busy.

A new MySQL option is introduced to set the port number for this admin port.  e.g. --admin-port=14000, this will set the admin port at 14000.

The separate port allows us to fence the primary port to prevent data plane/application connections while still maintaining a second port for the control plane connections.

Repo: https://github.com/mysql/mysql-server
Patch on top of 8.0.4: https://github.com/mysql/mysql-server/commit/577fbcf856cd693434d554545d499559bcdd3695

How to repeat:
See description

Suggested fix:
See contribution code attached
[11 Apr 2018 20:24] FBContrib Admin
Add admin TCP/IP port in mysql 
(*) This code is contributed under the Facebook agreement

Contribution: fb_patch_39.txt (text/plain), 51.36 KiB.

[3 Jan 11:34] Ståle Deraas
Posted by developer:
 
Implemented in WL#12138
[18 Jan 13:55] Paul Dubois
Posted by developer:
 
Fixed in 8.0.14.

MySQL Server now permits a TCP/IP port to be configured specifically for
administrative connections. This provides an alternative to the single
administrative connection that is permitted on the network interfaces used
for ordinary connections even when max_connections connections are already
established. The administrative network interface has these
characteristics:

* The interface is available only if the admin_address system variable is
  set at startup to indicate the IP address for the administrative
  interface.

* The admin_port system variable specifies the interface TCP/IP port
  number (default 33062).

* There is no limit on the number of administrative connections.

* Connections are permitted only by users who have the
  SERVICE_CONNECTION_ADMIN privilege.

The create_admin_listener_thread enables DBAs to choose whether the
administrative interface is implemented using the listener thread used for
ordinary connections (this is the default), or has its own separate
thread.

Thanks to Facebook for suggesting the idea (and for contributing code,
although it was not used).