MySQL Connection
Blip can connect to MySQL in every way possible, including high-security options like client authentication with private certificates. Once running, Blip tries forever to connect (or reconnect) to MySQL.
Blip can read the [client]
section of a MySQL defaults file like /etc/my.cnf
or ~/.my.cnf
by specifying config.mysql.mycnf
.
Like MySQL, a defaults file specifies defaults that overwritten by other, more explicit configuration.
For example, if the MySQL username is specified in a defaults file and config.mysql.username
, the latter is used.
The following variables are read from a MySQL defaults file:
my.cnf Variable | Blip Variable |
---|---|
host | config.mysql.hostname |
password | config.mysql.password |
port | (Appended to Blip DSN) |
socket | config.mysql.socket |
ssl-mode | (See below) |
ssl-ca | config.tls.ca |
ssl-cert | config.tls.cert |
ssl-key | config.tls.key |
user | config.mysql.username |
MySQL ssl-mode=DISABLED
disables Blip TLS even if other TLS variables are set.
ssl-mode=PREFERRED
is used only if a socket is not used.
To use TLS with a socket, set ssl-mode=REQUIRED
as per the MySQL manual.
Blip supports the authentication methods listed below. Although you can configure different methods, Blip uses only one method to connect to MySQL. If multiple are configured, the order of precedence is:
- AWS IAM authentication (
config.aws.iam-auth
) - AWS Secrets Manager (
config.aws.password-secret
) - Password file (
config.mysql.password-file
) - my.cnf (
config.mysql.mycnf
) - Password (
config.mysql.password
) - No password
TLS client authentication occurs (or is required) when the MySQL user is created to require it.
See CREATE USER
in the MySQL manual.
Once the MySQL user is created to require TLS authentication, set config.tls
in the Blip config file or a my.cnf file, and do not set any password.
Blip uses go-mysql/hotswap-dsn-driver to automatically reload the password (and TLS certificates, if any) for all authentication methods. This occurs any time MySQL returns error 1045: access denied. Currently, this cannot be disabled.
Blip is limited to 3 connections per monitor.
This can be changed by using the blip.ModifyDB
plugin, but this is not advised.
Blip collects metrics in parallel with a limit of 2 collectors (domains) at once.
This can be changed by setting the monitor.CollectParallel
variable, but this is not advised.
The 3 connection limit minus 2 parallel metrics collection leaves 1 connection free that is used by the Heartbeat and Plan Changer.