Skip to content

Add MySQL health check#31

Draft
mpeltekis wants to merge 1 commit into
masterfrom
m_mysqlhealtcheck
Draft

Add MySQL health check#31
mpeltekis wants to merge 1 commit into
masterfrom
m_mysqlhealtcheck

Conversation

@mpeltekis

Copy link
Copy Markdown

Adds a mysql health check for MySQL / MariaDB / Percona, modeled on the existing Postgres check.

What it does

A fully asynchronous, libevent-driven state machine on the MariaDB Connector/C non-blocking API (mysql_real_connect / mysql_real_query / mysql_store_result *_start/*_cont), so it never blocks the event loop. Passes when the query returns a single row / single column equal to 1.

Config

hc_port, hc_user, hc_password, hc_dbname, hc_query, hc_tls. To run password-free (like the Postgres check): omit hc_password, set hc_tls, and use a REQUIRE SSL empty-password account — the equivalent of a Postgres hostssl ... trust rule.

Testing

  • Builds clean (-Wextra -pedantic, release); 20/20 existing tests pass; clang-format clean.
  • Exercised end-to-end against Percona Server 8.4: happy path, all result/error paths (falsy, multi-row, multi-column, invalid SQL), auth failure, connection refused, and the timeout path.
  • Works with caching_sha2_password (8.4 default) and with the passwordless REQUIRE SSL + hc_tls setup.

Notes

  • MariaDB Connector/C is used because it's the only mainstream client exposing the non-blocking API this architecture needs; it speaks the classic protocol, so it works against MySQL/MariaDB/Percona alike.
  • hc_tls encrypts the channel but does not verify the server certificate (matches libpq's default); hc_ssl_ca-based verification can be added later.
  • Draft pending review + CI on the FreeBSD build target.

🤖 Generated with Claude Code

New "mysql" hc_type that connects to a MySQL, MariaDB or Percona
database and runs a query, modeled on the Postgres check.  It is a
fully asynchronous, libevent-driven state machine built on the MariaDB
Connector/C non-blocking API (mysql_real_connect / mysql_real_query /
mysql_store_result *_start/*_cont), so it never blocks the event loop.

A check passes when the query returns a single row with a single column
equal to "1".

Details:
- Registered in the healthcheck factory; libmariadb wired into CMake.
- MySQL client library initialised/finalised in main() alongside
  OpenSSL (init_libmysql / finish_libmysql).
- Optional hc_tls enforces an encrypted connection, which allows a
  password-free "REQUIRE SSL" monitoring account, mirroring a Postgres
  "hostssl ... trust" rule.
- README documents the check and its attributes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@mpeltekis
mpeltekis force-pushed the m_mysqlhealtcheck branch from c86f5b2 to 9b62c7f Compare July 14, 2026 14:38
Comment thread src/healthcheck_mysql.cpp
this->user = safe_get<string>(config, "hc_user", "");
this->password = safe_get<string>(config, "hc_password", "");
this->query = safe_get<string>(config, "hc_query", "");
this->use_tls = safe_get<bool>(config, "hc_tls", false);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm thinking to remove this config option and always force TLS.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would you rather remove it entirely or maybe set the default to true and we keep it as an option?
tbh i dont think we do use non tls anywhere at inno

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with having only TLS operation in the code. No need for parameters, just always force it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants