Kubernetes内部和外部MySQL服务器之间的通信MySQL连接错误:(2002)
在Azure云中,我拥有以下基础设施: 在网络中有两个子网的虚拟网络Kubernetes内部和外部MySQL服务器之间的通信MySQL连接错误:(2002),mysql,wordpress,azure,kubernetes-helm,vnet,Mysql,Wordpress,Azure,Kubernetes Helm,Vnet,在Azure云中,我拥有以下基础设施: 在网络中有两个子网的虚拟网络 Vnet:10.0.0.0/8 aks子网:10.240.0.0/16 持久子网:10.241.0.0/27 已安装Azure Kubernetes群集并将其关联到aks子网 在persistence子网中部署了一个托管的Azure MySQL数据库paas,并与之关联 持久化子网有两个服务端点:Microsoft.Sql和Microsoft.Storage aks子网具有Microsoft.Sql服务端点 Azure
- Vnet:10.0.0.0/8
- aks子网:10.240.0.0/16
- 持久子网:10.241.0.0/27
persistence子网中持久化子网Microsoft.SqlMicrosoft.Storageaks子网Microsoft.Sqlaks子网的ip地址。我还决定选择Azure CNI,因为我需要与MySQL托管服务通信aks子网内的POD
在托管的Azure Database for MySQLpaas服务中,我将aks子网
ip地址范围列为白名单,以便允许aks子网内的吊舱访问MySQL服务
"StartIpAddress": "10.240.0.0",
"EndIpAddress": "10.240.255.255"
在AKS集群中,我使用helm3部署Wordpress helm图表,并使用以下命令
helm3 install wordpress-site-1 stable/wordpress --set image.registry=myregistry.azurecr.io,image.repository=wordpress,image.tag=5.2.4,image.pullPolicy=Always,wordpressUsername=site1,wordpressPassword=my-password,wordpressEmail=my@gmail.com,mariadb.enabled=false,externalDatabase.host=database-db.mysql.database.azure.com,externalDatabase.user=user@wdatabase-db,externalDatabase.password=my-password,externalDatabase.database=wordpress-site-1,externalDatabase.port=3306
NAME: wordpress-site-1
LAST DEPLOYED: Tue Oct 29 13:24:03 2019
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
1. Get the WordPress URL:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace default -w wordpress-site-1'
export SERVICE_IP=$(kubectl get svc --namespace default wordpress-site-1 --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
echo "WordPress URL: http://$SERVICE_IP/"
echo "WordPress Admin URL: http://$SERVICE_IP/admin"
2. Login with the following credentials to see your blog
echo Username: site1
echo Password: $(kubectl get secret --namespace default wordpress-site-1 -o jsonpath="{.data.wordpress-password}" | base64 --decode)
部署正在运行,但当我检查wordpress pod日志时,收到以下错误消息:
MySQL Connection Error: (2002) php_network_getaddresses: getaddrinfo failed: Name or service not known
[29-Oct-2019 13:01:13 UTC] PHP Warning: mysqli::__construct(): php_network_getaddresses: getaddrinfo failed: Name or service not known in Standard input code on line 22
[29-Oct-2019 13:01:13 UTC] PHP Warning: mysqli::__construct(): (HY000/2002): php_network_getaddresses: getaddrinfo failed: Name or service not known in Standard input code on line 22
MySQL Connection Error: (2002) php_network_getaddresses: getaddrinfo failed: Name or service not known
WARNING: unable to establish a database connection to 'mysql'
continuing anyways (which might have unexpected results)
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.36. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.36. Set the 'ServerName' directive globally to suppress this message
[Tue Oct 29 13:01:14.027023 2019] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.3.11 configured -- resuming normal operations
[Tue Oct 29 13:01:14.027099 2019] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.240.0.4 - - [29/Oct/2019:13:01:22 +0000] "GET /wp-login.php HTTP/1.1" 500 3003 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:13:01:32 +0000] "GET /wp-login.php HTTP/1.1" 500 3003 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:13:01:42 +0000] "GET /wp-login.php HTTP/1.1" 500 3003 "-" "kube-probe/1.14"
看起来位于aks子网
内的wordpress pod无法访问位于persistence子网
内的MySQL服务,尽管我通过helm install命令
提供了正确的参数
奇怪的是,pods可以访问互联网,而且我一直在仔细检查允许这种交流的规则和权限
有什么我不知道的吗
如何从部署在Aks集群内的Wordpress服务访问MySQL数据库
更新:
在使用helm install
命令部署Wordpress之前,我已经手动创建了指向Azure容器注册表数据的docker注册表密码:
kubectl create secret docker-registry regcred --docker-server=my-registry.azurecr.io --docker-username=my-username --docker-password=my-password --docker-email=my-email@outlook.com
我在deployment.yaml
中的本地helm图表中引用了regcred
,并且我使用helm install
命令部署了Wordpress,看起来它运行正常,或者至少MySQL没有引起问题
只有ServerName
Apache指令,因为我的deploymnet进程中还没有任何主机名
⟩ kubectl logs pod/wordpress-site-1-7f44b567d6-2949w -f
WordPress not found in /var/www/html - copying now...
Complete! WordPress has been successfully copied to /var/www/html
### APACHE SERVERNAME WARNING
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.103. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.103. Set the 'ServerName' directive globally to suppress this message
#####
[Tue Oct 29 16:13:16.327549 2019] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.3.11 configured -- resuming normal operations
[Tue Oct 29 16:13:16.327630 2019] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.240.0.4 - - [29/Oct/2019:16:13:18 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:18 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:28 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:28 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:38 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:40 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:40 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:38 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:48 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:50 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:50 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
我理解,在这一点上,数据库不应该发生任何事情,因为我们需要通过web访问Wordpress站点并部署该站点,那么在创建数据库表的那一刻是否正确呢
所以我从kubernetes那里做了一个端口转发操作:
⟩ kubectl port-forward pod/wordpress-site-1-7f44b567d6-2949w 8002:80
Forwarding from 127.0.0.1:8002 -> 80
Forwarding from [::1]:8002 -> 80
Handling connection for 8002
Handling connection for 8002
Handling connection for 8002
Handling connection for 8002
Handling connection for 8002
当我转到时,浏览器会重定向到
我可以看到wordpress向导
因此,我用以前在数据库服务器中创建的数据库名填充数据
当我在向导UI中提交数据时,我得到以下信息:
消息引用与数据连接有关
This either means that the username and password information in your wp-config.php file is incorrect or we can’t contact the database server at wordpresssentiaassessment-db.mysql.database.azure.com. This could mean your host’s database server is down.
Are you sure you have the correct username and password?
Are you sure that you have typed the correct hostname?
Are you sure that the database server is running?
但可能是因为从端口转发操作中,我们无法从本地计算机联系到数据库
我的意思是,进程中是否能做一个反向端口来联系数据库
我是否需要将Wordpress服务应用程序公开到某个域和Ip公共地址,以便与db联系并安装Wordpress
因此,我进入pod wordpress容器来检查wp config.php
⟩ kubectl exec -it pod/wordpress-site-1-7f44b567d6-2949w /bin/sh
但是wp config.php
文件不存在
# ls
index.php wp-activate.php wp-comments-post.php wp-cron.php wp-load.php wp-settings.php xmlrpc.php
license.txt wp-admin wp-config-sample.php wp-includes wp-login.php wp-signup.php
readme.html wp-blog-header.php wp-content wp-links-opml.php wp-mail.php wp-trackback.php
# cat wp-config.php
cat: wp-config.php: No such file or directory
我有一个wp config sample.php
,这是它们的内容,但我看不到任何关于FQDN的内容
或者我需要在wp-config.php中做些什么,或者将wp-config-sample.php
重命名为wp-config.php
,并在该文件中添加pod中注入的变量
# nano wp-config-sample.php
<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the
* installation. You don't have to use the web site, you can
* copy this file to "wp-config.php" and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* @link https://codex.wordpress.org/Editing_wp-config.php
*
* @package WordPress
*/
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'database_name_here' );
/** MySQL database username */
define( 'DB_USER', 'username_here' );
/** MySQL database password */
define( 'DB_PASSWORD', 'password_here' );
/** MySQL hostname */
define( 'DB_HOST', 'localhost' );
/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define( 'AUTH_KEY', 'put your unique phrase here' );
define( 'SECURE_AUTH_KEY', 'put your unique phrase here' );
define( 'LOGGED_IN_KEY', 'put your unique phrase here' );
define( 'NONCE_KEY', 'put your unique phrase here' );
define( 'AUTH_SALT', 'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT', 'put your unique phrase here' );
define( 'NONCE_SALT', 'put your unique phrase here' );
/**#@-*/
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the Codex.
*
* @link https://codex.wordpress.org/Debugging_in_WordPress
*/
define( 'WP_DEBUG', false );
/* That's all, stop editing! Happy publishing. */
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', dirname( __FILE__ ) . '/' );
}
/** Sets up WordPress vars and included files. */
require_once( ABSPATH . 'wp-settings.php' );
#nano wp-config-sample.php
应用程序似乎正在尝试对您指定的IP地址执行反向查找,可能是因为它打算使用SSL对远程服务器进行身份验证。用于协助反向查找的PTR记录在内部IP地址的标准配置中不可用
尝试对MySQL实例使用FQDN,而不是IP地址
它应该是这样的:
{yourservername}.mysql.database.azure.com
这样,您的应用程序将不需要执行反向查找,Azure将适当地满足路由要求
编辑:
以下行表示您的应用程序正在尝试连接到主机“mysql”:
警告:无法建立到“mysql”的数据库连接
检查wp config.php中的FQDN是否已正确填充是否引用此FQDN?我没有使用IP地址,我是在上面的helm install…
命令中提供服务器名称FQDN。但是我忽略了wordpress公共图表库(不在我的控制下)是否将此参数作为FQDN发送…您能检查wp-config.php是否引用了数据库的正确FQDN吗?如果您无法使用浏览器访问它,请在节点上的shell中尝试cat
。请阅读我原始问题中的“更新”部分,好吗?我可以从helm install
命令部署,之前创建注册表密码以提取映像,但现在,我连接到数据库时出错,这让我回到您关于wp config.php
的建议,因为我启用了SSL强制,也因为我在指挥舵中提供了一种错误的方式数据库密码
。所以,谢谢你的提示。这里有一个连接问题。你能检查一下你是否有网络安全吗