我无法从 10.0.0.4 连接到在 10.0.0.5 上运行的 mysql。这是在 Hetzner 接口中创建的虚拟网络。我认为根据文档,mysql 的配置是正确的。
后端 10.0.0.4
root@backend:~# mysql -u root --host=10.0.0.5 --protocol=tcp --port=3306
ERROR 2002 (HY000): Can't connect to MySQL server on '10.0.0.5' (115)
root@backend:~# mysql -u literakl --host=10.0.0.5 --protocol=tcp --port=3306 -p
Enter password:
ERROR 2002 (HY000): Can't connect to MySQL server on '10.0.0.5' (115)
root@backend:~# telnet 10.0.0.5 3306
Trying 10.0.0.5...
telnet: Unable to connect to remote host: No route to host
root@backend:~# ssh [email protected]
The authenticity of host '10.0.0.5 (10.0.0.5)' can't be established.
ECDSA key fingerprint is SHA256:iDrbbDdMK1XKRrb0O3lZ899K/oQmTFtu4ju75h+te0Y.
10.0.0.5
root@backend:~# ping 10.0.0.5
PING 10.0.0.5 (10.0.0.5) 56(84) bytes of data.
64 bytes from 10.0.0.5: icmp_seq=1 ttl=63 time=1.75 ms
root@backend:~# nmap 10.0.0.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2021-06-30 20:35 CEST
Nmap scan report for 10.0.0.5
Host is up (0.0011s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 256 IP addresses (5 hosts up) scanned in 150.32 seconds
次要 10.0.0.5
root@secondary:~# less /etc/mysql/mariadb.conf.d/50-server.cnf
bind-address = 0.0.0.0
#skip-networking=1
#skip-bind-address
root@secondary:~# ufw status
Status: active
33060 ALLOW 10.0.0.4
33061 ALLOW 10.0.0.4
3306 ALLOW 10.0.0.4
3306/tcp ALLOW Anywhere
3306/tcp (v6) ALLOW Anywhere (v6)
root@secondary:~# netstat -ln | grep mysql
unix 2 [ ACC ] STREAM LISTENING 9927594 /run/mysqld/mysqld.sock
root@secondary:~# lsof -i -P -n | grep LISTEN
mysqld 6749 mysql 21u IPv4 9927593 0t0 TCP *:3306 (LISTEN)
root@secondary:~# telnet 10.0.0.5 3306
Trying 10.0.0.5...
Connected to 10.0.0.5.
5.5.5-10.3.29-MariaDB-0+deb10u1$(u:]H1mysql_native_password
root@secondary:~# ip address
3: ens10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000
link/ether 86:00:00:b8:0d:95 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.5/32 brd 10.0.0.5 scope global dynamic ens10
valid_lft 54105sec preferred_lft 54105sec
inet6 fe80::8400:ff:feb8:d95/64 scope link
valid_lft forever preferred_lft forever
root@secondary:~# mysql -u literakl --host=10.0.0.5 --protocol=tcp --port=3306 -p
Your MariaDB connection id is 37
Server version: 10.3.29-MariaDB-0+deb10u1 Debian 10
MariaDB [(none)]> SELECT User, Host FROM mysql.user;
| User | Host |
| literakl | % |
| literakl | localhost |
我想知道,到底出了什么问题?辅助服务上的端口 3306 是开放的。我甚至尝试关闭两台服务器上的防火墙,但仍然没有成功。很奇怪。
更新 1:
root@secondary:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.1.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 10.0.0.1 255.255.0.0 UG 0 0 0 ens10
10.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ens10
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker_gwbridge
172.31.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
root@secondary:~# ip route list
default via 172.31.1.1 dev eth0
10.0.0.0/16 via 10.0.0.1 dev ens10
10.0.0.1 dev ens10 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev docker_gwbridge proto kernel scope link src 172.18.0.1
172.31.1.1 dev eth0 scope link
root@secondary:~# arp -a
? (10.0.0.1) at d2:74:7f:6e:37:e3 [ether] on ens10
? (172.18.0.3) at 02:42:ac:12:00:03 [ether] on docker_gwbridge
? (172.31.1.1) at d2:74:7f:6e:37:e3 [ether] on eth0
11214.your-cloud.host (195.201.66.70) at 2e:bb:61:a6:0f:84 [ether] on eth0
更新 2:
我创建了名为 ternary 的新 VPS,开发人员只安装了 MySQL,Docker 中没有运行 Mongo(就像在辅助节点中一样),我可以从后端连接它。两台机器上的原始路由似乎相同。我们怀疑 Docker/Swarm 可能会影响辅助节点。
root@secondary:~# ip route
default via 172.31.1.1 dev eth0
10.0.0.0/16 via 10.0.0.1 dev ens10
10.0.0.1 dev ens10 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.31.1.1 dev eth0 scope link
新型三元VPS
root@ternary:~# ip route
default via 172.31.1.1 dev eth0
10.0.0.0/16 via 10.0.0.1 dev ens10
10.0.0.1 dev ens10 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.31.1.1 dev eth0 scope link
root@backend:~# mysql --host=10.0.0.6 -u matomo -p matomo
Enter password:
ERROR 1045 (28000): Access denied for user 'matomo'@'10.0.0.4' (using password: YES)