mysql 8 comes with mysqlx plugin listening on all interfaces by default

[zeisss]

Not sure if this something you want to fix in the your defaults, but this was quite surprising to us:

Mysql 8 comes with a plugin called "mysql x" that openes a second server socket (port * 10 by default) on all interfaces (in our case: the public internet).

Given that this role sets the bind-address by default to localhost, it might also wants to set the mysqlx-bind-address to something more restrictive and/or disable it default.

Docs:

• https://dev.mysql.com/doc/refman/8.0/en/x-plugin-options-system-variables.html
• https://dev.mysql.com/doc/refman/8.0/en/x-plugin-disabling.html

[stale[bot]]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[stale[bot]]

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

[fama]

I second that. I wish there was a way to disable the mysqlx with ansible variable to add to config file mysqlx=0 as this is certainly a security risk:

ss -tulpn
Netid     State      Recv-Q     Send-Q         Local Address:Port           Peer Address:Port     Process     
...
tcp       LISTEN     0          151                127.0.0.1:3306                0.0.0.0:*                    
tcp       LISTEN     0          70                         *:33060                     *:*                    
...

[nathan-march]

This should definitely get fixed, please reopen! @geerlingguy

[stale[bot]]

This issue is no longer marked for closure.

[sebcmp]

Ubuntu/Debian defaults to localhost

> grep bind /etc/mysql/mysql.conf.d/mysqld.cnf 
bind-address		= 127.0.0.1
mysqlx-bind-address	= 127.0.0.1

This role should really default to 127.0.0.1 on both bind addresses instead of 0.0.0.0.