We Keep Coding

Communication Wordpress inside Kubernetes and external MySQL server. - MySQL Connection Error: (2002)

In Azure cloud, I have the following infrastructure:
A Vnet with two subnets in.
Vnet: 10.0.0.0/8
aks-subnet: 10.240.0.0/16
persistence-subnet: 10.241.0.0/27
An Azure Kubernetes cluster was installed and associated to the aks-subnet.
In the persistence-subnet a managed Azure Database for MySQL paas, is deployed and associated to it.
The persistence-subnet has two service endpoints: Microsoft.Sql and Microsoft.Storage
The aks-subnet has the Microsoft.Sql service endpoint
The Azure Kubernetes cluster was deployed using the Azure CNI network profile so, every pod get an ip address belonging to the aks-subnet. Also I decided to choose Azure CNI,because I need to to communicate the pods inside aks-subnet with the MySQL managed service.
In the managed Azure Database for MySQL paas service I have whitelisted the aks-subnet ip address range, in order to allow to the pods inside aks-subnet access to the MySQL service.
"StartIpAddress": "10.240.0.0",
"EndIpAddress": "10.240.255.255"
In the AKS cluster, I am using helm3 to deploy the Wordpress helm chart, with this command
helm3 install wordpress-site-1 stable/wordpress --set image.registry=myregistry.azurecr.io,image.repository=wordpress,image.tag=5.2.4,image.pullPolicy=Always,wordpressUsername=site1,wordpressPassword=my-password,wordpressEmail=my#gmail.com,mariadb.enabled=false,externalDatabase.host=database-db.mysql.database.azure.com,externalDatabase.user=user#wdatabase-db,externalDatabase.password=my-password,externalDatabase.database=wordpress-site-1,externalDatabase.port=3306
NAME: wordpress-site-1
LAST DEPLOYED: Tue Oct 29 13:24:03 2019
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
1. Get the WordPress URL:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace default -w wordpress-site-1'
export SERVICE_IP=$(kubectl get svc --namespace default wordpress-site-1 --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
echo "WordPress URL: http://$SERVICE_IP/"
echo "WordPress Admin URL: http://$SERVICE_IP/admin"
2. Login with the following credentials to see your blog
echo Username: site1
echo Password: $(kubectl get secret --namespace default wordpress-site-1 -o jsonpath="{.data.wordpress-password}" | base64 --decode)
The deployment is running, but when I check the wordpress pod logs, I got this error message:
MySQL Connection Error: (2002) php_network_getaddresses: getaddrinfo failed: Name or service not known
[29-Oct-2019 13:01:13 UTC] PHP Warning: mysqli::__construct(): php_network_getaddresses: getaddrinfo failed: Name or service not known in Standard input code on line 22
[29-Oct-2019 13:01:13 UTC] PHP Warning: mysqli::__construct(): (HY000/2002): php_network_getaddresses: getaddrinfo failed: Name or service not known in Standard input code on line 22
MySQL Connection Error: (2002) php_network_getaddresses: getaddrinfo failed: Name or service not known
WARNING: unable to establish a database connection to 'mysql'
continuing anyways (which might have unexpected results)
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.36. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.36. Set the 'ServerName' directive globally to suppress this message
[Tue Oct 29 13:01:14.027023 2019] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.3.11 configured -- resuming normal operations
[Tue Oct 29 13:01:14.027099 2019] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.240.0.4 - - [29/Oct/2019:13:01:22 +0000] "GET /wp-login.php HTTP/1.1" 500 3003 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:13:01:32 +0000] "GET /wp-login.php HTTP/1.1" 500 3003 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:13:01:42 +0000] "GET /wp-login.php HTTP/1.1" 500 3003 "-" "kube-probe/1.14"
Looks like the wordpress pod, located inside aks-subnet is not able to reach the MySQL service, located in the persistence-subnet, despite I am providing it via helm install command the correct parameters.
It's weird, the pods has access to Internet, and also I have been checking of a careful way the rules and permissions to allow that communication.
Is there something that I am unknowing?
How can I reach the MySQL database from the Wordpress service deployed inside the Aks cluster?
UPDATE:
Before to deploy Wordpress with helm install command, I've created the docker registry secret pointing to Azure Container Registry data, of a manual way:
kubectl create secret docker-registry regcred --docker-server=my-registry.azurecr.io --docker-username=my-username --docker-password=my-password --docker-email=my-email#outlook.com
I referenced that regcred in my local helm chart in the deployment.yaml and I deployed Wordpress using the helm install command and looks like it works, or at least MySQL is not causing problems.
Just the ServerName Apache directive, because I don't have any hostname yet involved in my deploymnet process, not yet.
⟩ kubectl logs pod/wordpress-site-1-7f44b567d6-2949w -f
WordPress not found in /var/www/html - copying now...
Complete! WordPress has been successfully copied to /var/www/html
### APACHE SERVERNAME WARNING
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.103. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.103. Set the 'ServerName' directive globally to suppress this message
#####
[Tue Oct 29 16:13:16.327549 2019] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.3.11 configured -- resuming normal operations
[Tue Oct 29 16:13:16.327630 2019] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.240.0.4 - - [29/Oct/2019:16:13:18 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:18 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:28 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:28 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:38 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:40 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:40 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:38 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:48 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:50 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:50 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
I understand that at this point nothing should happens with the database because we need to access to the Wordpress site via web and deploy the site, so is at that moment when the database tables will be created right?
So I did a port-forward operation from kubernetes:
⟩ kubectl port-forward pod/wordpress-site-1-7f44b567d6-2949w 8002:80
Forwarding from 127.0.0.1:8002 -> 80
Forwarding from [::1]:8002 -> 80
Handling connection for 8002
Handling connection for 8002
Handling connection for 8002
Handling connection for 8002
Handling connection for 8002
And when I go to http://localhost:8002/, the browser redirect to me to
http://localhost:8002/wp-admin/setup-config.php and I can see the wordpress wizard.
So I fill the data with my db name previously created in the database server
And when I submit the data in the wizard UI I got the following:
The message reference problems with the data connection
This either means that the username and password information in your wp-config.php file is incorrect or we can’t contact the database server at wordpresssentiaassessment-db.mysql.database.azure.com. This could mean your host’s database server is down.
Are you sure you have the correct username and password?
Are you sure that you have typed the correct hostname?
Are you sure that the database server is running?
But maybe because from port-forward operation we cannot contact to the database from my local machine?
I mean, the process is not in able to do a reverse port forward to contact the database?
Do I need to expose the Wordpress service application to some domain and Ip public address in order to contact to the db and install Wordpresss?
So, I enter to the pod wordpress container to check wp-config.php
⟩ kubectl exec -it pod/wordpress-site-1-7f44b567d6-2949w /bin/sh
But the wp-config.php file does not exist,
# ls
index.php wp-activate.php wp-comments-post.php wp-cron.php wp-load.php wp-settings.php xmlrpc.php
license.txt wp-admin wp-config-sample.php wp-includes wp-login.php wp-signup.php
readme.html wp-blog-header.php wp-content wp-links-opml.php wp-mail.php wp-trackback.php
# cat wp-config.php
cat: wp-config.php: No such file or directory
I have a wp-config-sample.php and this is their content, but I cannot see anything about FQDN.
Or maybe do I need to do something in the wp-config.php, maybe rename the wp-config-sample.php to wp-config.php and add the variables injected in the pod in that file?
# nano wp-config-sample.php
<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the
* installation. You don't have to use the web site, you can
* copy this file to "wp-config.php" and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* #link https://codex.wordpress.org/Editing_wp-config.php
*
* #package WordPress
*/
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'database_name_here' );
/** MySQL database username */
define( 'DB_USER', 'username_here' );
/** MySQL database password */
define( 'DB_PASSWORD', 'password_here' );
/** MySQL hostname */
define( 'DB_HOST', 'localhost' );
/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
/**##+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {#link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* #since 2.6.0
*/
define( 'AUTH_KEY', 'put your unique phrase here' );
define( 'SECURE_AUTH_KEY', 'put your unique phrase here' );
define( 'LOGGED_IN_KEY', 'put your unique phrase here' );
define( 'NONCE_KEY', 'put your unique phrase here' );
define( 'AUTH_SALT', 'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT', 'put your unique phrase here' );
define( 'NONCE_SALT', 'put your unique phrase here' );
/**##-*/
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the Codex.
*
* #link https://codex.wordpress.org/Debugging_in_WordPress
*/
define( 'WP_DEBUG', false );
/* That's all, stop editing! Happy publishing. */
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', dirname( __FILE__ ) . '/' );
}
/** Sets up WordPress vars and included files. */
require_once( ABSPATH . 'wp-settings.php' );

It looks as though the application is trying to perform a reverse lookup of the IP address you have specified, probably because it intends on using SSL to authenticate the remote server. PTR records to assist in reverse lookup will not be available with a standard configuration for an internal IP address.
Try using the FQDN for your MySQL instance instead of the IP address.
It should look something like this:
{yourservername}.mysql.database.azure.com
This way your application will not need to perform reverse lookup, and Azure will cater for the routing appropriately.
EDIT:
The following line indicated your application is trying to connect to host 'mysql':
WARNING: unable to establish a database connection to 'mysql'
Check the FQDN has populated properly in wp-config.php

AWS Elastic Beanstalk Notification - Environment health has transitioned from Ok to Warning

I keep getting the following messages. But there is nothing in my nginx logs which indicates that requests were returned with status 5xx. Also, app seems to working as expected. Any pointers why I might be getting these?
Message:
Environment health has transitioned from Ok to Warning. 50.0 % of the requests are failing with HTTP 5xx. Insufficient request rate (12.0 requests/min) to determine application health. 1 out of 2 instances are impacted. See instance health for details.
eb logs show the following events around the same time. And they look like a hack attempt. My guess is that these POST requests failure are making EB think that instances are unhealthy. Any advise, how can we prevent this ? Thanks.
2019/02/10 23:49:37 [error] 3263#0: *23308 upstream prematurely closed connection while reading response header from upstream, client: 172.31.35.221, server: , request: "POST /51314.php HTTP/1.1", upstream: "http://172.17.0.2:80/51314.php", host: "xxx.xxx.xxx.xxx"
2019/02/10 23:49:37 [error] 3263#0: *23308 upstream prematurely closed connection while reading response header from upstream, client: 172.31.35.221, server: , request: "POST /fusheng.php HTTP/1.1", upstream: "http://172.17.0.2:80/fusheng.php", host: "xxx.xxx.xxx.xxx"
2019/02/10 23:49:38 [error] 3263#0: *23308 upstream prematurely closed connection while reading response header from upstream, client: 172.31.35.221, server: , request: "POST /repeat.php HTTP/1.1", upstream: "http://172.17.0.2:80/repeat.php", host: "xxx.xxx.xxx.xxx"
2019/02/10 23:49:39 [error] 3263#0: *23308 upstream prematurely closed connection while reading response header from upstream, client: 172.31.35.221, server: , request: "POST /api.php HTTP/1.1", upstream: "http://172.17.0.2:80/api.php", host: "xxx.xxx.xxx.xxx"
2019/02/10 23:49:40 [error] 3263#0: *23308 upstream prematurely closed connection while reading response header from upstream, client: 172.31.35.221, server: , request: "POST /xiaodai.php HTTP/1.1", upstream: "http://172.17.0.2:80/xiaodai.php", host: "xxx.xxx.xxx.xxx"
2019/02/10 23:49:40 [error] 3263#0: *23308 upstream prematurely closed connection while reading response header from upstream, client: 172.31.35.221, server: , request: "POST /xiaodai.php HTTP/1.1", upstream: "http://172.17.0.2:80/xiaodai.php", host: "xxx.xxx.xxx.xxx"
Thanks.

Example reasons can be
nginx proxy crashed on the instance
high CPU usage on the instance
high memory usage on the instance
deployment failure on the instance

SiegeTest:socket error unable to connect

Really need help to figure out what is going wrong.
Application Background: It is a nodejs with socket.io application.
I am testing my site load using siege windows 3.0.5 tool.
70 concurrent users with 10 seconds
siege -c70 -t10s http://localhost:8082
and getting below error messages.
[error] socket: unable to connect sock.c:230: Address family not supported by protocol [error] socket: unable to connect sock.c:230: No such file or directory [error] socket: unable to connect sock.c:230: No such file or directory [error] socket: unable to connect sock.c:230: No such file or directory [error] socket: unable to connect sock.c:230: No such file or directory [error] socket: unable to connect sock.c:230: No such file or directory [error] socket: unable to connect sock.c:230: No such file or directory HTTP/1.1 200 8.96 secs: 3415 bytes ==> GET / HTTP/1.1 200 8.96 secs: 3415 bytes ==> GET / HTTP/1.1 200 8.96 secs: 3415 bytes ==> GET / HTTP/1.1 200 8.96 secs: 3415 bytes ==> GET / HTTP/1.1 200 8.96 secs: 3415 bytes ==> GET / HTTP/1.1 200 8.98 secs: 3415 bytes ==> GET / HTTP/1.1 200 8.98 secs: 3415 bytes ==> GET / HTTP/1.1 200 8.98 secs: 3415 bytes ==> GET /
it works fine, if I use
siege -c60 -t50s http://localhost:8082
Does this means I can only serve 60 concurrent users. What are above errors messages and how to resolve them.
I am already using connectionPool concept for mysql module and releasing connection after using it.
db.getConnection(function(err,connection)
{
if(!err)
{
connection.query(query,function(err,rows){
connection.release();
if(err) {
throw err;
} else {
callback("null",{rows : rows,tablename : ticker});
}
});
}
});

502 bad gateway error

When I browse the Magento web site multiple times, I usually get 502 bad gateway error at Nginx.
Please help me on fixing this issue.
Note:- php5-fpm is not running some of the time. After restarting the php5-fpm, everything is working fine but after some time I am getting the same(php5-fpm is not running) error again .
Ngnix Error Logs: -
2014/06/30 12:24:17 [error] 13359#0: *297122 connect() failed (111: Connection refused) while connecting to upstream, client: xxxxxxxx, server: www.xxxxxxxx.com, request: "GET /ultimate-comics-x-men-1967641 HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "www.xxxxxxxx.com"
2014/06/30 12:24:28 [error] 13359#0: *297124 connect() failed (111: Connection refused) while connecting to upstream, client: xxxxxxxx, server: www.xxxxxxxx.com, request: "GET /virtual-engineering-simulation-and-optimization HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "www.xxxxxxxx.com"

apache2: configuration of mod_dav, mod_dav_fs

On a mountpoint (specifically: /var/data/) I have mounted a 3tb raid partition that stores all kind of data and I would like to share it through WebDAV. So I installed davfs2 on my client and set up the server site by adding:
ScriptAlias "/var/www/webdav" "/var/data"
<Directory "/var/www/webdav">
Dav On
</Directory>
Finally I added the www-data user to the media group, which is the group that has read/write access to all the /var/data stuff (file mode for all contents is 660, chown is "some_owner_which_is_part_of_media:media").
Then a a2enmod mod_dav and a restart of the apache should arise it to life. Ok, fine until here. I mounted the davfs on my client pc and it worked like a glance. At least it looked like that. The contents were listed and I was happy. Later I tried to open some file on my client, but sadly it failed with an IO error. And here the problems begin.
==> /var/log/apache2/access.log <==
jin.local - - [26/Jun/2010:14:04:45 +0200] "PROPFIND /webdav/ HTTP/1.1" 207 25152 "-" "davfs2/1.4.5 neon/0.29.0"
jin.local - - [26/Jun/2010:14:04:46 +0200] "GET /webdav/test HTTP/1.1" 500 823 "-" "davfs2/1.4.5 neon/0.29.0"
==> /var/log/apache2/error.log <==
[Sat Jun 26 14:04:46 2010] [error] [client 192.168.2.50] (13)Permission denied: exec of '/var/data/test' failed
[Sat Jun 26 14:04:46 2010] [error] [client 192.168.2.50] Premature end of script headers: test
In the assumption it might be a problem with the permissions that apache2 has no right to access this stuff I swiftly chowned the files and therefore I am quite sure it must be fine like this:
# ls -la /var/data
-rw-r--r-- 1 www-data www-data 22 2010-06-27 10:07 anotherTest
-rw-r--r-- 1 www-data www-data 5 2010-06-26 19:28 test
# cat anotherTest
this is another test
# cat test
test
Lately I also added authentication, in case WebDAV could need that to allow me the GET request. The authentication works but the rest just stays the same.
At this point I don't know what I could change. Anyone got an idea what I could try?
Greetings,
D.
-- EDIT --
some more log stuff and the current configuration. i just dont get what is wrong with it. as you can see in the log i can create (PUT) and delete (DELETE) files. but get just doesnt work.
ScriptAlias /webdav/ /test/
<Location /webdav/>
DAV On
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile /var/www/passwords
AuthGroupFile /var/www/groups
<LimitExcept PROPFIND>
require group webdav
</LimitExcept>
</Location>
This is so odd?!
192.168.2.158 - - [02/Jul/2010:21:11:38 +0200] "GET /webdav/test HTTP/1.1" 500 823 "-" "-"
192.168.2.158 - - [02/Jul/2010:21:11:38 +0200] "GET /webdav/test HTTP/1.1" 500 823 "-" "-"
192.168.2.158 - dominik [02/Jul/2010:21:11:39 +0200] "PROPFIND /webdav/ HTTP/1.1" 207 1882 "-" "-"
192.168.2.158 - - [02/Jul/2010:21:11:39 +0200] "GET /webdav/test HTTP/1.1" 500 823 "-" "-"
192.168.2.158 - - [02/Jul/2010:21:11:39 +0200] "GET /webdav/test HTTP/1.1" 500 823 "-" "-"
192.168.2.158 - - [02/Jul/2010:21:11:39 +0200] "GET /webdav/test HTTP/1.1" 500 823 "-" "-"
192.168.2.158 - dominik [02/Jul/2010:21:11:42 +0200] "PROPFIND /webdav/.test.swp HTTP/1.1" 404 467 "-" "-"
192.168.2.158 - dominik [02/Jul/2010:21:11:42 +0200] "PUT /webdav/.test.swp HTTP/1.1" 201 481 "-" "-"
192.168.2.158 - dominik [02/Jul/2010:21:11:42 +0200] "DELETE /webdav/.test.swp HTTP/1.1" 204 141 "-" "-"
192.168.2.158 - dominik [02/Jul/2010:21:11:45 +0200] "PROPFIND /webdav/ HTTP/1.1" 207 497 "-" "-"
==> /var/log/apache2/private-error.log <==
[Fri Jul 02 21:11:38 2010] [error] [client 192.168.2.158] (13)Permission denied: exec of '/test/test' failed
[Fri Jul 02 21:11:38 2010] [error] [client 192.168.2.158] Premature end of script headers: test
[Fri Jul 02 21:11:38 2010] [error] [client 192.168.2.158] (13)Permission denied: exec of '/test/test' failed
[Fri Jul 02 21:11:38 2010] [error] [client 192.168.2.158] Premature end of script headers: test
[Fri Jul 02 21:11:39 2010] [error] [client 192.168.2.158] (13)Permission denied: exec of '/test/test' failed
[Fri Jul 02 21:11:39 2010] [error] [client 192.168.2.158] Premature end of script headers: test
[Fri Jul 02 21:11:39 2010] [error] [client 192.168.2.158] (13)Permission denied: exec of '/test/test' failed
[Fri Jul 02 21:11:39 2010] [error] [client 192.168.2.158] Premature end of script headers: test
[Fri Jul 02 21:11:39 2010] [error] [client 192.168.2.158] (13)Permission denied: exec of '/test/test' failed
[Fri Jul 02 21:11:39 2010] [error] [client 192.168.2.158] Premature end of script headers: test

I could bang my head. The solution was simple:
Alias /webdav/ /var/data/
<Location /webdav/>
DAV On
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile /etc/passwords
AuthGroupFile /etc/groups
<LimitExcept PROPFIND>
require group webdav
</LimitExcept>
</Location>
Note the "Alias" in the place of "ScriptAlias". The reason why this works can be found here.