MySQL skip-name-resolve = 1 doesn't work with Virtualmin

1 post / 0 new

Topic locked

#1 Tue, 06/20/2017 - 13:25

cnasal

MySQL skip-name-resolve = 1 doesn't work with Virtualmin

I see two previous conversations regarding skip-name-resolve = 1 not working with MySQL DB creation:

https://www.virtualmin.com/node/40765

https://www.virtualmin.com/node/39322

In those instances the only solution was to set skip-name-resolve = 0. However, that won't work for us.

We're currently testing Virtualmin on Amazon AWS with Amazon Aurora as the DB (which is MySQL compatible). Amazon Aurora forces skip-name-resolve = 1. In looking at the Virtualmin code, the problem is in /usr/share/webmin/virtual-server/feature-mysql.pl (on Ubtuntu) and this code:

sub get_mysql_hosts
{
local ($d, $always) = @_;
&require_mysql();
local @hosts;
if (!$always) {
        @hosts = &get_mysql_allowed_hosts($d);
        }
if (!@hosts) {
        # Fall back to those from template
        local $tmpl = &get_template($d->{'template'});
        @hosts = $tmpl->{'mysql_hosts'} eq "none" ? ( ) :
            split(/\s+/, &substitute_domain_template(
                                $tmpl->{'mysql_hosts'}, $d));
        @hosts = ( 'localhost' ) if (!@hosts);
        if ($always == 2 ||
            $mysql::config{'host'} && $mysql::config{'host'} ne 'localhost') {
                # Add this host too, as we are talking to a remote server
                push(@hosts, &get_system_hostname());
                local $myip = &to_ipaddress(&get_system_hostname());
                push(@hosts, $myip) if ($myip);
                }
        }
return &unique(@hosts);
}

Specifically, this part of the code always adds an entry for the hostname of the web server:

        if ($always == 2 ||
            $mysql::config{'host'} && $mysql::config{'host'} ne 'localhost') {
                # Add this host too, as we are talking to a remote server
                push(@hosts, &get_system_hostname());
                local $myip = &to_ipaddress(&get_system_hostname());
                push(@hosts, $myip) if ($myip);
                }
        }

If I comment out this code, everything is working great.

Under Server Templates > Default Settings > MySQL database > Allowed MySQL client hosts, I set it to "%", because (1) host access is limited at the firewall level for the DB servers and (2) web servers come and go in our clustered set up, and the IPs will always change.

Would you consider adding an option to bypass this code if we ONLY want the allowed servers to be what's listed under Server Templates > Default Settings > MySQL database > Allowed MySQL client hosts? It would seem if I enter something in that box, that should be the only servers that are allowed, but that's not how it's working.

If you don't want to add that option, is there any suggestions you have that would allow us to "keep" our updated version of the code (with this section commented out) after upgrades, or will we just have to remember to patch it on every upgrade?

Thanks!

Carl