Mariadb Galera Cluster - IPTable firewall

65 views
Skip to first unread message

trupti mali

unread,
Aug 13, 2015, 6:59:12 AM8/13/15
to codership
Hi ,
I have been implementing Mariadb Galera Cluster of two nodes. When I had not secured these two nodes, it worked fine. But when I did some security measures e.g.
1) disable passwordAuthentication
2) disable rootlogin
3) firewall setting using IPTables (I took care of opening required ports referring official documentation of galera - http://galeracluster.com/documentation-webpages/firewallsettings.html

But still I am unable to get my mysql service up. I get the error 

Aug 13 10:04:19 (none) mysqld: 150813 10:04:19 [Warning] WSREP: last inactive check more than PT1.5S ago (PT3.50224S), skipping check

Aug 13 10:04:45 (none) /etc/init.d/mysql[22224]: 0 processes alive and '/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf ping' resulted in

Aug 13 10:04:45 (none) /etc/init.d/mysql[22224]: #007/usr/bin/mysqladmin: connect to server at 'localhost' failed

Aug 13 10:04:45 (none) /etc/init.d/mysql[22224]: error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (111 "Connection refused")'

Aug 13 10:04:45 (none) /etc/init.d/mysql[22224]: Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists!

Aug 13 10:04:45 (none) /etc/init.d/mysql[22224]:

Aug 13 10:04:48 (none) mysqld: 150813 10:04:48 [Note] WSREP: view((empty))

Aug 13 10:04:48 (none) mysqld: 150813 10:04:48 [ERROR] WSREP: failed to open gcomm backend connection: 110: failed to reach primary view: 110 (Connection timed out)

Aug 13 10:04:48 (none) mysqld: #011 at gcomm/src/pc.cpp:connect():161

Aug 13 10:04:48 (none) mysqld: 150813 10:04:48 [ERROR] WSREP: gcs/src/gcs_core.cpp:long int gcs_core_open(gcs_core_t*, const char*, const char*, bool)():206: Failed to open backend connection: -110 (Connection timed out)

Aug 13 10:04:48 (none) mysqld: 150813 10:04:48 [ERROR] WSREP: gcs/src/gcs.cpp:long int gcs_open(gcs_conn_t*, const char*, const char*, bool)():1379: Failed to open channel 'galera_cluster' at 'gcomm://xx.xx.xx.xx,xx.xx.xx.xx': -110 (Connection timed out)

Aug 13 10:04:48 (none) mysqld: 150813 10:04:48 [ERROR] WSREP: gcs connect failed: Connection timed out

Aug 13 10:04:48 (none) mysqld: 150813 10:04:48 [ERROR] WSREP: wsrep::connect() failed: 7

Aug 13 10:04:48 (none) mysqld: 150813 10:04:48 [ERROR] Aborting


Philip Stoev

unread,
Aug 13, 2015, 7:19:59 AM8/13/15
to trupti mali, codersh...@googlegroups.com
Hello,

This looks like a misconfigured firewall problem. Please check manually that
all the ports mentioned in the documentation are open for incoming
connections on all machines and that all machines are allowed to make
outgoing connections to those ports. There are two ways to do this:

1. When mysql is stopped, use the netcat utility to listen to a port (the -l
option) and then attempt to connect to it from the other machine.

https://www.digitalocean.com/community/tutorials/how-to-use-netcat-to-establish-and-test-tcp-and-udp-connections-on-a-vps

2. Use the tcpdump utility to capture the packets being sent while mysqld is
starting up and check that response packets arrive in return.

Thank you.

Philip Stoev
--
You received this message because you are subscribed to the Google Groups
"codership" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to codership-tea...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

trupti mali

unread,
Aug 13, 2015, 7:29:07 AM8/13/15
to codership, trupt...@gmail.com
Thanks for the pointers Philip. Will check !!
Reply all
Reply to author
Forward
0 new messages