#!/usr/local/cpanel/3rdparty/bin/perl # cpanel - scripts/mysqlconnectioncheck Copyright 2022 cPanel, L.L.C. # All rights reserved. # copyright@cpanel.net http://cpanel.net # This code is subject to the cPanel license. Unauthorized copying is prohibited # package scripts::mysqlconnectioncheck; # use strict; use warnings; use Cpanel::MysqlUtils::Check (); use Cpanel::MysqlUtils::MyCnf::Basic (); use Cpanel::Hostname (); use Cpanel::Exception (); use Cpanel::MysqlUtils::RootPassword (); use Cpanel::Services::Enabled (); use Cpanel::PIDFile (); use Try::Tiny; local $| = 1; our $service = 'mysqlconnectioncheck'; our $lockfile = '/var/cpanel/mysqlconnectioncheck.pid'; exit( __PACKAGE__->script() ) unless caller; sub script { my ( $pkg, %opts ) = @_; return 0 if !Cpanel::Services::Enabled::is_provided(q{mysql}); # Restartsrv will call mysqlconnectioncheck # In order to avoid this locking forever # we have a check to see if we are calling ourselves return 0 if ( $ENV{'MYSQLCCHK'} && $ENV{'MYSQLCCHK'} eq '1' ); local $ENV{'MYSQLCCHK'} = 1; my $hostname = Cpanel::Hostname::gethostname(); my $dbhost = Cpanel::MysqlUtils::MyCnf::Basic::getmydbhost('root') || 'localhost'; my $dbpassword = Cpanel::MysqlUtils::MyCnf::Basic::getmydbpass('root'); # read from /root/.my.cnf my $is_remote_mysql = Cpanel::MysqlUtils::MyCnf::Basic::is_remote_mysql(); my $exit_status; try { $exit_status = Cpanel::PIDFile->do( $lockfile, sub { if ( !$dbpassword ) { attempt_password_set(); } my ( $connection_ok, $connection_failure_reason, $connection_failure_message ) = Cpanel::MysqlUtils::Check::check_mysql_connection(); my $notify_data = { 'hostname' => $hostname, 'is_remote_mysql' => $is_remote_mysql, 'dbhost' => $dbhost, 'dbpassword' => ( $dbpassword || '' ), 'error' => $connection_failure_message, 'root_my_cnf' => '/root/.my.cnf' # move to Cpanel::ConfigFiles after 11.42 backport }; if ( $connection_ok || $connection_failure_reason eq 'cannot_connect' ) { return $connection_ok ? 0 : 1; } # So, there's more than one reason for authentication to fail which attempt_password_reset # will fix -- The most obvious case is access_denied, but you can also have a misconfiguration # regarding the hostname component of the username. In this case, you can additionally see # errors in server handshakes due to the certificate used by the server not matching the hostname # you are using for the connection. elsif ( $connection_failure_reason eq 'access_denied' or $connection_failure_message =~ m/Error in server handshake/ ) { if ($is_remote_mysql) { _notify( 'cannot_reset_remote_pass', $notify_data ); } else { return attempt_password_reset( $notify_data, $opts{disable_integration_output} ); } } else { print "[$0] Failed to connect: $connection_failure_message\n"; _notify( 'unknown_error', $notify_data ); } # If we got here, something has gone wrong, but we're not sure what return 1; } ); } catch { print Cpanel::Exception::get_string($_) . "\n"; $exit_status = 1; }; return $exit_status; } sub attempt_password_set { print "No MySQL password set!\n"; print "Attempting to set the MySQL root user's password.\n"; eval { require Cpanel::MysqlUtils::ResetRootPassword; my $newpass = Cpanel::MysqlUtils::ResetRootPassword::get_root_password_that_meets_password_strength_requirements(); Cpanel::MysqlUtils::RootPassword::set_mysql_root_password($newpass); }; if ($@) { print "There was an error while setting the mysql root password: $@\n"; return 0; } return 1; } sub attempt_password_reset { my ( $notify_data, $disable_output ) = @_; require Cpanel::MysqlUtils::ResetRootPassword; require Cpanel::MysqlUtils::Integration; my ( $newpass, $reset_obj, $reset_ok, $reset_message ); try { $newpass = Cpanel::MysqlUtils::ResetRootPassword::get_root_password_that_meets_password_strength_requirements(); $reset_obj = Cpanel::MysqlUtils::ResetRootPassword->new( 'password' => $newpass ); } catch { $reset_message = Cpanel::Exception::get_string($_); }; if ( !$reset_message ) { ( $reset_ok, $reset_message ) = $reset_obj->reset(); if ($reset_ok) { local $@; eval { Cpanel::MysqlUtils::RootPassword::update_mysql_root_password_in_configuration($newpass) }; if ($@) { print "There was an error while updating configuration with the new mysql root password: $@\n"; } } } print "$reset_message\n" if $reset_message; my ($connect_ok_second_time) = Cpanel::MysqlUtils::Check::check_mysql_connection(); if ($connect_ok_second_time) { _notify( 'reset_pass_successful', $notify_data ); local ( *STDOUT, *STDERR ); if ($disable_output) { open( \*STDOUT, '>&', \*STDERR ) or warn $!; } Cpanel::MysqlUtils::Integration::update_apps_that_use_mysql_in_background(); return 0; } else { $notify_data->{'reset_error'} = $reset_message; _notify( 'reset_pass_failed', $notify_data ); } return 1; } sub _notify { my ( $action, $data ) = @_; require Cpanel::Notify; require Cpanel::IP::Remote; return Cpanel::Notify::notification_class( 'class' => 'Check::MysqlConnection', 'application' => $service, 'interval' => 3600, 'status' => $action, 'constructor_args' => [ %{$data}, 'origin' => $service, 'action' => $action, 'source_ip_address' => Cpanel::IP::Remote::get_current_remote_ip(), ], ); }