I have a mysql cluster on ubuntu 16.04 and want to split read/write with haproxy.
All connections will be done through port 80.
If someone connects to the server with X.X.X.X/write I want him to be redirected to 1 specific server.
So far this is my config which works for the default (anything but /write) but when trying to connect with /write I get "unknown MySql server host".
My config is as follows:
global
log 127.0.0.1 local0 notice
maxconn 2000
user haproxy
group haproxy
defaults
mode tcp
log global
retries 2
timeout connect 3000
timeout server 5000
timeout client 5000
backend read
balance roundrobin
server mysql1 192.168.0.4:3306
server mysql2 192.168.0.5:3306
server mysql3 192.168.0.6:3306
backend write
server mysql1 192.168.0.4:3306
frontend local
bind *:80
acl write url_beg /write
use_backend write if write
default_backend read
Thanks for the help!
There is no "URL" in a MySQL connection, so url_beg can't possibly match anything. Connecting to a MySQL server (or proxy) is done by IP address or hostname only -- not hostname and path, because there is no path. Detecting the hostname the client used is impossible, because it is not passed when the connection is established.
To accomplish what you want, you need two different hostnames, pointing to two different IP addresses on the HAProxy server, and each of these two IPs in its own individual frontend with bind statement.
frontend read
mode tcp
bind 203.0.113.1:3306
default_backend read
frontend write
mode tcp
bind 203.0.113.2:3306
default_backend write
Related
As the title implies, I'm looking to connect from my windows laptop, to a GCP VM instance, in which mysql is running there. The database works fine, and if I go into an ssh client from their cloud connection, I can directly use mysql client and interrogate the DB.
I would like to use my local windows MySQL Workbench app, and be able to perform queries, just like I did in my localhost version I built before porting it up to GCP.
How to do this, (without subscribing to GCP Cloud SQL) and attach to my VM instance's sql?
///////////////////////////////////////////////
from John's comment, here's my net stat output:
netstat -tlnp | grep 3306
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 17007/mysqld
and the 3306 is indeed in the port list in mysql:
mysql> SHOW GLOBAL VARIABLES LIKE 'PORT';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| port | 3306 |
+---------------+-------+
1 row in set (0.01 sec)
so my conclusion is that I need to open the port?
#john:
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1669/mysqld
NAME NETWORK DIRECTION PRIORITY ALLOW DENY DISABLED
mysqlaccess default INGRESS 1000 tcp:3306 False
Telnet test of the port from my laptop:
C:\Users\fumanchu>telnet x.x.x.x 3306
[ 5.7.33-0ubuntu0.16.04.1zzzzzzzz}<[:X'mysql_native_password
Connection to host lost.
attempt to use GUI from MySQL Workbench:
ADDED console GCP log showing my VPC entry is there:
mysqlaccess
Ingress
Apply to all
IP ranges: 0.0.0.0/0
tcp:3306
Allow
1000
Off — —
if you can connect via ssh.
change the connection method
There you can enter the same data as in your previous ssh connction
Per #JohnHanley here is a summary of my issues and steps:
Get a working setup of mysql workbench with a local pc database. This ensures you have the DB, and the connection to a local machine working correctly.
export the database to a remote system, in my case it was GCE linux VM (ubuntu I used) There are many easy steps to follow on exporting the db (mysqldump based)
ensure linux vm has mysql server and client setup, and import the db
now to setup the ssh connection:
ensure the port 3306 is open on the linux vm, by going to the VPC service for your vm/project, and insuring the port is open, or adding a rule to expose port 3306 ingress.
connect to the vm (you should have already done this before step 3), by using the GCE console and connecting to the instance. This also ensures you have the local files on the pc for ssh created. (~/.ssh/google_compute_*)
connect to the VM from your pc. use gcloud console tools to check the next step. if you haven't been using gcloud console tools yet, get them installed open a command / powershell window.
type "gcloud compute ssh "name of instance". if this connects, you now know you have the server properly configured for ssh, and accept external requests.
then setting up mysql workbench is same setup of gcloud ssh request...it can use the same credentials and script, which the helper files exist in the above /.ssh/ folder I referenced.
I am trying to connect to a database using an SSH connection. However, when I try to add a connection, I do not see fields that allow me to set up an SSH connection. I am aware that one can pass extra parameters, but am not sure what key values does Airflow accept for my use case.
Airflow currently (itself) does not allow SSH connection. With airflow's Extra params you can only encrypt your connection (which btw. is a good idea).
So if you're interested in encrypted connection, in Extra fields you need to specify parameters like that:
"cert":"/path/to/certs/client-cert.pem", "key":"/path/to/certs/client-key.pem", "ca":"/path/to/certs/server-ca.pem"}
In details, if you "dig" MySqlOperator you will see following chain:
MySqlOperator uses MySqlHook
MySqlHook uses python's mysql library MySQLdb
MySQLdb is an interface to C version which has function mysql_ssl_set() described here in details:
https://dev.mysql.com/doc/refman/8.0/en/mysql-ssl-set.html
This link nicely explains what cert, key and ca are and what should be put in there.
Now, if that's still not what you want then you need to "step out" of the Airflow. Assuming that you can already ssh to your server (ssh username#your-host) then, in separate terminal window (or background) you should launch forwarding using command: ssh -L <bind_address>:127.0.0.1:<host_port> username#your-host where:
<bind_address> is port on which you will locally connect your Airflow
<host_port> is port on which your remote host's database listens on (so for mysql it's 3306)
When your forwarding is in place, you can use Airflow's Connections settings and specify connection that will use localhost as your Host and <bind_address> as Port.
Example: Let's say your remote database listens on port 3306 and working ssh connection is ssh me#my-host. Your forwarding command should be e.g. ssh -L 9876:127.0.0.1:3306 and Airflow's settings:
Host: localhost
Port: 9876
all other connection settings are similar to connecting to mysql database on your localhost
Keep in mind that your forwarding session has to be "ON" all the time, otherwise the connection will break. Just put it in background.
I am trying to access my rds mySql db via 443 only instead of 3306.
After enabling the ssl option on workbench and entering the path to the mysql-ssl-ca-cert.pem I tried to disable tcp 3306 on my security group to insure it connects using 443 but it doesn't.
I can connect using the mysql command line below but yet again it fails once i disable tcp 443 on the security group
mysql -h myinstance.c9akciq32.rds-us-east-1.amazonaws.com --ssl_ca=rds-ssl-ca-cert.pem
Amazon documentation states:
The SSL support in Amazon RDS is strictly for encrypting the connection between your client and your DB instance; it should not be relied on for authenticating the server.
Does this mean that I can only ever authenticate to mysql db over 3306 and not 443, but the data will be encrypted in transit?
My issue is that my customer won't open 3306 outbound on their firewall but 443 is of course opened. Any help appreciated.
You are confusing SSL and HTTPS. Port 443 is the default port for HTTPS connections. MySQL uses 3306 instead (and can use SSL over this port or any other to encrypt the connection). So, setting up SSL encryption for a MySQL connection doesn't affect the used port.
In order to use a different than the standard port you have to reconfigure the MySQL server, which you probably cannot do with an RDS instance.
It is possible to use tunneling to avoid the default port. In this scenario you have to open an SSH tunnel (MySQL Workbench can do that for you or you use an external program like putty on Windows or ssh on *nix like OSes). With that tunnel in place (which uses port 22 by default but can be configured for any other port if that matters for you) you can then forward access from a local port (here 3306, but can be any) to a remote port (can be any as well). This requires an SSH server on the remote end however.
I'd like to connect to MySQL (deamon is running on my VPS) via HeidiSQL. I've created new user, commented bind-adress option and when I try to connect with it via HeidiSQL, I've got an error 2003: Can't connect to MySQL server on 'xxx.xxx.xxx.xxx' (10061).
What should I do?
It could be a number of factors.
See if a firewall is blocking your traffic to the other host
Can you simply ping the host from the client machine?
Can you also open a simple telnet session to the host on port 3306 ?
(If the telnet is accepted, you will probably see some characters appear and you will remain in the telnet session for a few seconds before the connection is closed. If not accepted, you will see the message Connection refused.)
There's a simple checklist for this:
Is your MySQL server bound to "localhost" only? It might be listening for connections only on 127.0.0.1 or ::1 instead of any which is usually 0.0.0.0. Try connecting on your server to your server with mysql --host=host_ip where host_ip is your network IP address. I think the default is localhost-only.
Is port 3306 firewalled? Many distributions allow only SSH by default, so you may need to open this up to your client machine. Try not to open this up to everyone on the internet as having an open MySQL port is asking for trouble. It's always best to limit access to a set of specific IPs if possible.
Can you connect via an SSH tunnel instead? This is far more secure as it means your 3306 port is properly firewalled. There are many tools for creating SSH tunnels, but the basic principle is to forward a local port of your choosing to the remote server's port 3306.
I am setting up CakePHP for the first time in order to develop the server side of the website I'm building. I already have a database set up on a remote server. So I want CakePHP to connect to that server. That's not working. I get a notice "Cake is NOT able to connect to the database."
I've tried changing the settings in cake\app\database.php:
persistent: true or false
host: with or without prefix 'http://'
But none of that helps. All the examples I've seen have server set to 'localhost'.
Can anyone tell me if cakePHP can connect to a remote db? Or am I completely missing the point and should I be using the mysql server included in my WAMP set?
You have 2 options
Option 1
Your webhost needs to allow connections to the mysql instance from outside the local network.
Check the manuals for the webhost if you're allowed to change the mysql configuration yourself you may be allowed to accept incoming connections.
Your method only works when the host accepts incoming connections on for example port 3306 which is the default mysql port.
Option 2
If you have SSH access to the remote host, you're able to set up a tunnel.
Which would make you connect to the Mysql Instance though your SSH connection on a local port.
One way you could do this is by using PuTTY.
How to set up a MySQL tunnel in PuTTY
Initiate the connection and keep it alive.
Use the host 127.0.0.1 and port 3306 in your CakePHP Database config.
Username & Password would be your MySQL User Credentials