[MDEV-24969] skip_networking does not prevent replication Created: 2021-02-24  Updated: 2021-09-24  Resolved: 2021-09-24

Status: Closed
Project: MariaDB Server
Component/s: Documentation, Replication, Server
Affects Version/s: 10.5.8
Fix Version/s: 10.2.41, 10.3.32, 10.4.22, 10.5.13, 10.6.5

Type: Bug Priority: Major
Reporter: Petko Vasilev (Inactive) Assignee: Brandon Nesterenko
Resolution: Fixed Votes: 0
Labels: None


 Description   

For "skip_networking", the documentation says that " Enabling this option also prevents a server from functioning as a replication client."

It seems that in 10.5.8 it does not do that.
Logs for proof:

MariaDB [(none)]> show variables like 'skip_networking';
 
+-----------------+-------+
 
| Variable_name   | Value |
 
+-----------------+-------+
 
| skip_networking | ON    |
 
+-----------------+-------+
 
1 row in set (0.001 sec)
 
 
 
MariaDB [(none)]> CHANGE MASTER 'test' TO MASTER_HOST='<redacted>' , MASTER_PORT=3306 , MASTER_USER='<redacted>' , MASTER_PASSWORD='<redacted>' , MASTER_USE_GTID=slave_pos ;
 
Query OK, 0 rows affected (0.029 sec)
 
 
 
MariaDB [(none)]> start slave 'test';
 
Query OK, 0 rows affected (0.012 sec)
 
 
 
MariaDB [(none)]> show slave 'test' status \G
 
*************************** 1. row ***************************
 
                Slave_IO_State: Waiting for master to send event
 
                   Master_Host: <redacted>
 
                   Master_User: <redacted>
 
                   Master_Port: 3306
 
                 Connect_Retry: 60
 
               Master_Log_File: mariadb-bin.000003
 
           Read_Master_Log_Pos: 344
 
                Relay_Log_File: mariadb-relay-bin-test.000002
 
                 Relay_Log_Pos: 645
 
         Relay_Master_Log_File: mariadb-bin.000003
 
              Slave_IO_Running: Yes
 
             Slave_SQL_Running: Yes
 
               Replicate_Do_DB: 
           Replicate_Ignore_DB: 
            Replicate_Do_Table: 
        Replicate_Ignore_Table: 
       Replicate_Wild_Do_Table: 
   Replicate_Wild_Ignore_Table: 
                    Last_Errno: 0
 
                    Last_Error: 
                  Skip_Counter: 0
 
           Exec_Master_Log_Pos: 344
 
               Relay_Log_Space: 961
 
               Until_Condition: None
 
                Until_Log_File: 
                 Until_Log_Pos: 0
 
            Master_SSL_Allowed: No
 
            Master_SSL_CA_File: 
            Master_SSL_CA_Path: 
               Master_SSL_Cert: 
             Master_SSL_Cipher: 
                Master_SSL_Key: 
         Seconds_Behind_Master: 0
 
 Master_SSL_Verify_Server_Cert: No
 
                 Last_IO_Errno: 0
 
                 Last_IO_Error: 
                Last_SQL_Errno: 0
 
                Last_SQL_Error: 
   Replicate_Ignore_Server_Ids: 
              Master_Server_Id: 100
 
                Master_SSL_Crl: 
            Master_SSL_Crlpath: 
                    Using_Gtid: Slave_Pos
 
                   Gtid_IO_Pos: 0-100-98
 
       Replicate_Do_Domain_Ids: 
   Replicate_Ignore_Domain_Ids: 
                 Parallel_Mode: optimistic
 
                     SQL_Delay: 0
 
           SQL_Remaining_Delay: NULL
 
       Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates
 
              Slave_DDL_Groups: 0
 
Slave_Non_Transactional_Groups: 0
 
    Slave_Transactional_Groups: 0
 
1 row in set (0.000 sec)
 
 
 
#################
 
Here I create the database "test" on the master server.
 
It is successfully replicated despite the "skip_networking" being set to "ON"
 
#################
 
 
 
MariaDB [(none)]> show databases;
 
+--------------------+
 
| Database           |
 
+--------------------+
 
| information_schema |
 
| mysql              |
 
| performance_schema |
 
| test               |
 
+--------------------+
 
4 rows in set (0.002 sec)
 
 
 
MariaDB [(none)]> show slave 'test' status \G
 
*************************** 1. row ***************************
 
                Slave_IO_State: Waiting for master to send event
 
                   Master_Host: <redacted>
 
                   Master_User: <redacted>
 
                   Master_Port: 3306
 
                 Connect_Retry: 60
 
               Master_Log_File: mariadb-bin.000003
 
           Read_Master_Log_Pos: 473
 
                Relay_Log_File: mariadb-relay-bin-test.000002
 
                 Relay_Log_Pos: 774
 
         Relay_Master_Log_File: mariadb-bin.000003
 
              Slave_IO_Running: Yes
 
             Slave_SQL_Running: Yes
 
               Replicate_Do_DB: 
           Replicate_Ignore_DB: 
            Replicate_Do_Table: 
        Replicate_Ignore_Table: 
       Replicate_Wild_Do_Table: 
   Replicate_Wild_Ignore_Table: 
                    Last_Errno: 0
 
                    Last_Error: 
                  Skip_Counter: 0
 
           Exec_Master_Log_Pos: 473
 
               Relay_Log_Space: 1090
 
               Until_Condition: None
 
                Until_Log_File: 
                 Until_Log_Pos: 0
 
            Master_SSL_Allowed: No
 
            Master_SSL_CA_File: 
            Master_SSL_CA_Path: 
               Master_SSL_Cert: 
             Master_SSL_Cipher: 
                Master_SSL_Key: 
         Seconds_Behind_Master: 0
 
 Master_SSL_Verify_Server_Cert: No
 
                 Last_IO_Errno: 0
 
                 Last_IO_Error: 
                Last_SQL_Errno: 0
 
                Last_SQL_Error: 
   Replicate_Ignore_Server_Ids: 
              Master_Server_Id: 100
 
                Master_SSL_Crl: 
            Master_SSL_Crlpath: 
                    Using_Gtid: Slave_Pos
 
                   Gtid_IO_Pos: 0-100-99
 
       Replicate_Do_Domain_Ids: 
   Replicate_Ignore_Domain_Ids: 
                 Parallel_Mode: optimistic
 
                     SQL_Delay: 0
 
           SQL_Remaining_Delay: NULL
 
       Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates
 
              Slave_DDL_Groups: 1
 
Slave_Non_Transactional_Groups: 0
 
    Slave_Transactional_Groups: 0
 
1 row in set (0.000 sec)
 
 
 
MariaDB [(none)]> show variables like 'skip_networking';
 
+-----------------+-------+
 
| Variable_name   | Value |
 
+-----------------+-------+
 
| skip_networking | ON    |
 
+-----------------+-------+
 
1 row in set (0.001 sec)

This has been tested with the 10.5.8-5 Enterprise Docker image in SkySQL (CentOS 7 based)

I'm pretty sure this worked correctly in older versions of the server.

 Comments   
Comment by Elena Stepanova [ 2021-03-28 ]

Replication seems to be working with skip_networking all way down to 10.2.6 at least (I didn't check lower versions). I am not sure whether it should. MySQL manual doesn't say anything specific about replication in connection to skip_networking, the note only exists in MariaDB KB.

Assigning to Elkin to find out whether it is something to fix in the server or in the documentation.

Comment by Brandon Nesterenko [ 2021-09-24 ]

After discussion with Elkin we decided this should be a documentation change, as --skip-networking is intended to be more of a security-related option for restricting access to a server. The updated documentation revision is 110200.

Generated at Thu Feb 08 09:34:05 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.