Can the service bound to the tcp6 any address be specified to bind to the local IPv4 internal network address when deploying a TiDB cluster with tiup?

Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: tiup部署TiDB集群时候的服务绑定的tcp6任意地址,可以指定绑定本地ipv4内网地址吗?

| username: TiDBer_oqrCNpbV

The current situation is that we do not want the TiDB cluster’s ports to be accessible from the external network, but when the cluster is actually started, the service is bound to any address:


Question 1: Can the IPv4 address be specified when the service starts?
Question 2: If it is possible to specify the local IPv4 address for listening and the cluster has already started and is bound to any address, how can it be switched to bind and listen to the local IPv4 internal network address?

| username: xfworld | Original post link

The first requirement for deploying TiDB is that all node IP addresses must be fixed. If the IP keeps changing, how can the cluster update expired information? The basic cluster would become invalid.

If you need to switch the listening address after the cluster is deployed, you can configure the relevant parameters.

--host

  • The host that the TiDB service listens on
  • Default: “0.0.0.0”
  • 0.0.0.0 will listen on all network interface addresses by default. If there are multiple network interfaces, you can specify the one that provides external services, such as 192.168.100.113.

--advertise-address

  • The IP address for logging into TiDB
  • Default: “”
  • You must ensure that both the user and other machines in the cluster can access this IP address.

Reference documentation:

| username: TiDBer_oqrCNpbV | Original post link

–host specifies what seems to be the IP of the deployed machine, but it is not the listening address. I checked the documentation, and TiDB, PD, and TiKV can specify listen_host, but I did not find the configuration for specifying the listening binding address for monitoring_servers, grafana_servers, and alertmanager_servers. Additionally, for an already deployed cluster, it does not support using tiup cluster edit-config to modify the listen_host configuration. Is there any way to do this?

| username: xfworld | Original post link

You can use tiup to modify them one by one, which is quite troublesome, but whether it can meet your scenario is hard to say. You can take a look first.

Basically, it’s like rebuilding the cluster, but the metadata, tables, and data are still there…

| username: Christophe | Original post link

In this regard, I feel that TiDB can indeed be improved. Some environments have external IPs, and security can only be handled through firewalls. It would be much better if it could be simply configured to bind to an internal IP.