Blip Docs
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

MySQL Connection

Blip can connect to MySQL in every way possible, including high-security options like client authentication with private certificates. Once running, Blip tries forever to connect (or reconnect) to MySQL.

my.cnf

Blip can read the [client] section of a MySQL defaults file like /etc/my.cnf or ~/.my.cnf by specifying config.mysql.mycnf. Like MySQL, a defaults file specifies defaults that overwritten by other, more explicit configuration. For example, if the MySQL username is specified in a defaults file and config.mysql.username, the latter is used.

The following variables are read from a MySQL defaults file:

my.cnf VariableBlip Variable
hostconfig.mysql.hostname
passwordconfig.mysql.password
port(Appended to Blip DSN)
socketconfig.mysql.socket
ssl-mode(See below)
ssl-caconfig.tls.ca
ssl-certconfig.tls.cert
ssl-keyconfig.tls.key
userconfig.mysql.username

MySQL ssl-mode=DISABLED disables Blip TLS even if other TLS variables are set. ssl-mode=PREFERRED is used only if a socket is not used. To use TLS with a socket, set ssl-mode=REQUIRED as per the MySQL manual.

Authentication

Methods

Blip supports the authentication methods listed below. Although you can configure different methods, Blip uses only one method to connect to MySQL. If multiple are configured, the order of precedence is:

  1. AWS IAM authentication (config.aws.iam-auth)
  2. AWS Secrets Manager (config.aws.password-secret)
  3. Password file (config.mysql.password-file)
  4. my.cnf (config.mysql.mycnf)
  5. Password (config.mysql.password)
  6. No password

TLS Client Authentication

TLS client authentication occurs (or is required) when the MySQL user is created to require it. See CREATE USER in the MySQL manual.

Once the MySQL user is created to require TLS authentication, set config.tls in the Blip config file or a my.cnf file, and do not set any password.

Password Reloading

Blip uses go-mysql/hotswap-dsn-driver to automatically reload the password (and TLS certificates, if any) for all authentication methods. This occurs any time MySQL returns error 1045: access denied. Currently, this cannot be disabled.

Limits

Blip is limited to 3 connections per monitor. This can be changed by using the blip.ModifyDB plugin, but this is not advised.

Blip collects metrics in parallel with a limit of 2 collectors (domains) at once. This can be changed by setting the monitor.CollectParallel variable, but this is not advised.

The 3 connection limit minus 2 parallel metrics collection leaves 1 connection free that is used by the Heartbeat and Plan Changer.