MySQL参数:max_connect_errors
|
1 2 |
首先看看MySQL官方文档上对于该参数的说明: https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html |
|
1 |
After max_connect_errors successive connection requests from a host are interrupted without a successful connection, the server blocks that host from further connections. If a connection from a host is established successfully within fewer than max_connect_errors attempts after a previous connection was interrupted, the error count for the host is cleared to zero. To unblock blocked hosts, flush the host cache; see Flushing the Host Cache. |
该参数累积的是:主机请求服务器失败次数;
该参数控制的是:MySQL服务器是否阻止客户端主机进一步的连接
因为,服务器会假设出了问题(例如,有人试图闯入),并阻止客户端主机进一步连接请求。
这里有几个情况:
- 如果累积达到max_connect_errors设置的值,则MySQL服务器会阻止客户端主机的进一步连接,并且会抛出错误
- 如果还未达到max_connect_errors设置的值,但是客户端成功连接了MySQL服务器,则主机的错误计数会清零
- 如果主机被锁了,可以通过命令解锁(官方文档:https://dev.mysql.com/doc/refman/5.7/en/host-cache.html#host-cache-flushing)
主机被锁的时候,会抛出下面的错误:
|
1 2 |
Host 'host_name' is blocked because of many connection errors. Unblock with 'mysqladmin flush-hosts' |
解锁的方法:
- 提高变量host_cache_size的值 | 需要权限:SUPER
- 对performance_schema的表host_cache执行truncate table | 需要对表有权限:DROP
- MySQL命令行中执行命令:flush hosts | 需要权限:RELOAD
- mysqladmin执行flush-hosts:mysqladmin flush-hosts | 需要权限:RELOAD
下面用几个例子来看看。
先查看数据库中的变量情况:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
root@localhost/(none) [12:17:53]> show variables like 'skip_name_resolve'; +-------------------+-------+ | Variable_name | Value | +-------------------+-------+ | skip_name_resolve | OFF | +-------------------+-------+ 1 row in set (0.00 sec) root@localhost/(none) [12:18:01]> show variables like 'max_connect_errors'; +--------------------+--------+ | Variable_name | Value | +--------------------+--------+ | max_connect_errors | 100000 | +--------------------+--------+ 1 row in set (0.01 sec) root@localhost/(none) [12:18:06]> root@localhost/(none) [12:18:08]> set global max_connect_errors = 2; Query OK, 0 rows affected (0.00 sec) root@localhost/(none) [12:18:21]> root@localhost/(none) [12:18:21]> show variables like 'max_connect_errors'; +--------------------+-------+ | Variable_name | Value | +--------------------+-------+ | max_connect_errors | 2 | +--------------------+-------+ 1 row in set (0.01 sec) root@localhost/(none) [12:18:23]> |
可以看到,目前 max_connect_errors 设置为了2,也就是说,连接错误达到了2次,客户端的主机的连接就应该会被阻止。
先看看记录客户端连接次数的系统表的状态:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
root@localhost/(none) [12:20:18]> desc performance_schema.host_cache; +--------------------------------------------+------------------+------+-----+---------------------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------------------------------------+------------------+------+-----+---------------------+-------+ | IP | varchar(64) | NO | | NULL | | | HOST | varchar(255) | YES | | NULL | | | HOST_VALIDATED | enum('YES','NO') | NO | | NULL | | | SUM_CONNECT_ERRORS | bigint(20) | NO | | NULL | | | COUNT_HOST_BLOCKED_ERRORS | bigint(20) | NO | | NULL | | | COUNT_NAMEINFO_TRANSIENT_ERRORS | bigint(20) | NO | | NULL | | | COUNT_NAMEINFO_PERMANENT_ERRORS | bigint(20) | NO | | NULL | | | COUNT_FORMAT_ERRORS | bigint(20) | NO | | NULL | | | COUNT_ADDRINFO_TRANSIENT_ERRORS | bigint(20) | NO | | NULL | | | COUNT_ADDRINFO_PERMANENT_ERRORS | bigint(20) | NO | | NULL | | | COUNT_FCRDNS_ERRORS | bigint(20) | NO | | NULL | | | COUNT_HOST_ACL_ERRORS | bigint(20) | NO | | NULL | | | COUNT_NO_AUTH_PLUGIN_ERRORS | bigint(20) | NO | | NULL | | | COUNT_AUTH_PLUGIN_ERRORS | bigint(20) | NO | | NULL | | | COUNT_HANDSHAKE_ERRORS | bigint(20) | NO | | NULL | | | COUNT_PROXY_USER_ERRORS | bigint(20) | NO | | NULL | | | COUNT_PROXY_USER_ACL_ERRORS | bigint(20) | NO | | NULL | | | COUNT_AUTHENTICATION_ERRORS | bigint(20) | NO | | NULL | | | COUNT_SSL_ERRORS | bigint(20) | NO | | NULL | | | COUNT_MAX_USER_CONNECTIONS_ERRORS | bigint(20) | NO | | NULL | | | COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS | bigint(20) | NO | | NULL | | | COUNT_DEFAULT_DATABASE_ERRORS | bigint(20) | NO | | NULL | | | COUNT_INIT_CONNECT_ERRORS | bigint(20) | NO | | NULL | | | COUNT_LOCAL_ERRORS | bigint(20) | NO | | NULL | | | COUNT_UNKNOWN_ERRORS | bigint(20) | NO | | NULL | | | FIRST_SEEN | timestamp | NO | | 0000-00-00 00:00:00 | | | LAST_SEEN | timestamp | NO | | 0000-00-00 00:00:00 | | | FIRST_ERROR_SEEN | timestamp | YES | | 0000-00-00 00:00:00 | | | LAST_ERROR_SEEN | timestamp | YES | | 0000-00-00 00:00:00 | | +--------------------------------------------+------------------+------+-----+---------------------+-------+ 29 rows in set (0.00 sec) root@localhost/(none) [12:20:28]> root@localhost/(none) [12:20:29]> select * from performance_schema.host_cache\G Empty set (0.00 sec) root@localhost/(none) [12:20:31]> |
可以看到,该表目前为空。
模拟错误登陆:
|
1 2 3 4 5 |
adamhuan@DESKTOP-DKKRLU3 g:\xampp # mysql -h 192.168.232.254 -u public -poracle1 ERROR 1045 (28000): Access denied for user 'public'@'192.168.232.1' (using password: YES) adamhuan@DESKTOP-DKKRLU3 g:\xampp |
可以看到,连接错误。
这个时候,host_cache表的状态:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
root@localhost/(none) [12:21:27]> select * from performance_schema.host_cache\G *************************** 1. row *************************** IP: 192.168.232.1 HOST: NULL HOST_VALIDATED: YES SUM_CONNECT_ERRORS: 0 COUNT_HOST_BLOCKED_ERRORS: 0 COUNT_NAMEINFO_TRANSIENT_ERRORS: 0 COUNT_NAMEINFO_PERMANENT_ERRORS: 1 COUNT_FORMAT_ERRORS: 0 COUNT_ADDRINFO_TRANSIENT_ERRORS: 0 COUNT_ADDRINFO_PERMANENT_ERRORS: 0 COUNT_FCRDNS_ERRORS: 0 COUNT_HOST_ACL_ERRORS: 0 COUNT_NO_AUTH_PLUGIN_ERRORS: 0 COUNT_AUTH_PLUGIN_ERRORS: 0 COUNT_HANDSHAKE_ERRORS: 0 COUNT_PROXY_USER_ERRORS: 0 COUNT_PROXY_USER_ACL_ERRORS: 0 COUNT_AUTHENTICATION_ERRORS: 1 COUNT_SSL_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS: 0 COUNT_DEFAULT_DATABASE_ERRORS: 0 COUNT_INIT_CONNECT_ERRORS: 0 COUNT_LOCAL_ERRORS: 0 COUNT_UNKNOWN_ERRORS: 0 FIRST_SEEN: 2021-04-23 00:21:33 LAST_SEEN: 2021-04-23 00:21:33 FIRST_ERROR_SEEN: 2021-04-23 00:21:33 LAST_ERROR_SEEN: 2021-04-23 00:21:33 1 row in set (0.00 sec) root@localhost/(none) [12:21:35]> |
注意,其中COUNT_AUTHENTICATION_ERRORS已经积累了一次错误。
再次执行一次错误登陆,然后查看host_cache的状态:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
root@localhost/(none) [12:23:02]> select * from performance_schema.host_cache\G *************************** 1. row *************************** IP: 192.168.232.1 HOST: NULL HOST_VALIDATED: YES SUM_CONNECT_ERRORS: 0 COUNT_HOST_BLOCKED_ERRORS: 0 COUNT_NAMEINFO_TRANSIENT_ERRORS: 0 COUNT_NAMEINFO_PERMANENT_ERRORS: 1 COUNT_FORMAT_ERRORS: 0 COUNT_ADDRINFO_TRANSIENT_ERRORS: 0 COUNT_ADDRINFO_PERMANENT_ERRORS: 0 COUNT_FCRDNS_ERRORS: 0 COUNT_HOST_ACL_ERRORS: 0 COUNT_NO_AUTH_PLUGIN_ERRORS: 0 COUNT_AUTH_PLUGIN_ERRORS: 0 COUNT_HANDSHAKE_ERRORS: 0 COUNT_PROXY_USER_ERRORS: 0 COUNT_PROXY_USER_ACL_ERRORS: 0 COUNT_AUTHENTICATION_ERRORS: 2 COUNT_SSL_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS: 0 COUNT_DEFAULT_DATABASE_ERRORS: 0 COUNT_INIT_CONNECT_ERRORS: 0 COUNT_LOCAL_ERRORS: 0 COUNT_UNKNOWN_ERRORS: 0 FIRST_SEEN: 2021-04-23 00:21:33 LAST_SEEN: 2021-04-23 00:23:00 FIRST_ERROR_SEEN: 2021-04-23 00:21:33 LAST_ERROR_SEEN: 2021-04-23 00:23:00 1 row in set (0.00 sec) root@localhost/(none) [12:23:03]> |
可以看到,COUNT_AUTHENTICATION_ERRORS已经累积2次了。
再执行一次错误登陆:
|
1 2 3 4 5 6 |
adamhuan@DESKTOP-DKKRLU3 g:\xampp # mysql -h 192.168.232.254 -u public -poracle1 ERROR 1045 (28000): Access denied for user 'public'@'192.168.232.1' (using password: YES) adamhuan@DESKTOP-DKKRLU3 g:\xampp # |
再看看host_cache的状态:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
root@localhost/(none) [12:23:03]> select * from performance_schema.host_cache\G *************************** 1. row *************************** IP: 192.168.232.1 HOST: NULL HOST_VALIDATED: YES SUM_CONNECT_ERRORS: 0 COUNT_HOST_BLOCKED_ERRORS: 0 COUNT_NAMEINFO_TRANSIENT_ERRORS: 0 COUNT_NAMEINFO_PERMANENT_ERRORS: 1 COUNT_FORMAT_ERRORS: 0 COUNT_ADDRINFO_TRANSIENT_ERRORS: 0 COUNT_ADDRINFO_PERMANENT_ERRORS: 0 COUNT_FCRDNS_ERRORS: 0 COUNT_HOST_ACL_ERRORS: 0 COUNT_NO_AUTH_PLUGIN_ERRORS: 0 COUNT_AUTH_PLUGIN_ERRORS: 0 COUNT_HANDSHAKE_ERRORS: 0 COUNT_PROXY_USER_ERRORS: 0 COUNT_PROXY_USER_ACL_ERRORS: 0 COUNT_AUTHENTICATION_ERRORS: 3 COUNT_SSL_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS: 0 COUNT_DEFAULT_DATABASE_ERRORS: 0 COUNT_INIT_CONNECT_ERRORS: 0 COUNT_LOCAL_ERRORS: 0 COUNT_UNKNOWN_ERRORS: 0 FIRST_SEEN: 2021-04-23 00:21:33 LAST_SEEN: 2021-04-23 00:24:21 FIRST_ERROR_SEEN: 2021-04-23 00:21:33 LAST_ERROR_SEEN: 2021-04-23 00:24:21 1 row in set (0.00 sec) root@localhost/(none) [12:24:26]> |
可以看到,COUNT_AUTHENTICATION_ERRORS累积到三次了。
虽然,连接错误,但是并没有触发MySQL服务器对客户端主机的阻止错误。
因为,max_connect_errors指的是:
After max_connect_errors successive connection requests from a host are interrupted without a successful connection
连续请求max_connect_errors,请求最终中断,并且没有得到成功的连接。
因此,要模拟这个错误需要使用:telnet ip_addr 3306
在我的环境中,命令如下:
|
1 |
telnet 192.168.232.254 3306 |
该命令失败的截图:
连续执行两次,请求失败后,host_cache表中的内容如下:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
root@localhost/(none) [12:29:20]> select * from performance_schema.host_cache\G *************************** 1. row *************************** IP: 192.168.232.1 HOST: NULL HOST_VALIDATED: YES SUM_CONNECT_ERRORS: 2 COUNT_HOST_BLOCKED_ERRORS: 0 COUNT_NAMEINFO_TRANSIENT_ERRORS: 0 COUNT_NAMEINFO_PERMANENT_ERRORS: 1 COUNT_FORMAT_ERRORS: 0 COUNT_ADDRINFO_TRANSIENT_ERRORS: 0 COUNT_ADDRINFO_PERMANENT_ERRORS: 0 COUNT_FCRDNS_ERRORS: 0 COUNT_HOST_ACL_ERRORS: 0 COUNT_NO_AUTH_PLUGIN_ERRORS: 0 COUNT_AUTH_PLUGIN_ERRORS: 0 COUNT_HANDSHAKE_ERRORS: 2 COUNT_PROXY_USER_ERRORS: 0 COUNT_PROXY_USER_ACL_ERRORS: 0 COUNT_AUTHENTICATION_ERRORS: 4 COUNT_SSL_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS: 0 COUNT_DEFAULT_DATABASE_ERRORS: 0 COUNT_INIT_CONNECT_ERRORS: 0 COUNT_LOCAL_ERRORS: 0 COUNT_UNKNOWN_ERRORS: 0 FIRST_SEEN: 2021-04-23 00:21:33 LAST_SEEN: 2021-04-23 00:29:38 FIRST_ERROR_SEEN: 2021-04-23 00:21:33 LAST_ERROR_SEEN: 2021-04-23 00:29:48 1 row in set (0.00 sec) root@localhost/(none) [12:29:55]> |
在上面的查询结果中,注意:SUM_CONNECT_ERRORS,当前已经是2了。
这时候,再用用户名与密码去连接服务器就会被阻止:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
adamhuan@DESKTOP-DKKRLU3 g:\xampp # mysql -h 192.168.232.254 -u public -poracle1 ERROR 1129 (HY000): Host '192.168.232.1' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts' adamhuan@DESKTOP-DKKRLU3 g:\xampp # adamhuan@DESKTOP-DKKRLU3 g:\xampp # mysql -h 192.168.232.254 -u public -poracle ERROR 1129 (HY000): Host '192.168.232.1' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts' adamhuan@DESKTOP-DKKRLU3 g:\xampp # |
这个时候,不论你的密码填写的是正确还是错误,都会被 blocked。
接下来的处理有几种方案。
一、
先从治标不治本的提升 max_connect_errors 参数,开始说:
我们先将 该参数的值 从 2 提升为 5:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
root@localhost/(none) [12:39:47]> show variables like 'max_connect_errors'; +--------------------+-------+ | Variable_name | Value | +--------------------+-------+ | max_connect_errors | 2 | +--------------------+-------+ 1 row in set (0.01 sec) root@localhost/(none) [12:39:51]> root@localhost/(none) [12:39:52]> set global max_connect_errors = 5; Query OK, 0 rows affected (0.00 sec) root@localhost/(none) [12:40:02]> show variables like 'max_connect_errors'; +--------------------+-------+ | Variable_name | Value | +--------------------+-------+ | max_connect_errors | 5 | +--------------------+-------+ 1 row in set (0.00 sec) root@localhost/(none) [12:40:05]> |
测试用错误的用户名与密码连接:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
连接前查看host_cache表的状态: root@localhost/(none) [12:40:05]> select * from performance_schema.host_cache\G *************************** 1. row *************************** IP: 192.168.232.1 HOST: NULL HOST_VALIDATED: YES SUM_CONNECT_ERRORS: 2 COUNT_HOST_BLOCKED_ERRORS: 3 COUNT_NAMEINFO_TRANSIENT_ERRORS: 0 COUNT_NAMEINFO_PERMANENT_ERRORS: 1 COUNT_FORMAT_ERRORS: 0 COUNT_ADDRINFO_TRANSIENT_ERRORS: 0 COUNT_ADDRINFO_PERMANENT_ERRORS: 0 COUNT_FCRDNS_ERRORS: 0 COUNT_HOST_ACL_ERRORS: 0 COUNT_NO_AUTH_PLUGIN_ERRORS: 0 COUNT_AUTH_PLUGIN_ERRORS: 0 COUNT_HANDSHAKE_ERRORS: 2 COUNT_PROXY_USER_ERRORS: 0 COUNT_PROXY_USER_ACL_ERRORS: 0 COUNT_AUTHENTICATION_ERRORS: 4 COUNT_SSL_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS: 0 COUNT_DEFAULT_DATABASE_ERRORS: 0 COUNT_INIT_CONNECT_ERRORS: 0 COUNT_LOCAL_ERRORS: 0 COUNT_UNKNOWN_ERRORS: 0 FIRST_SEEN: 2021-04-23 00:21:33 LAST_SEEN: 2021-04-23 00:37:30 FIRST_ERROR_SEEN: 2021-04-23 00:21:33 LAST_ERROR_SEEN: 2021-04-23 00:37:30 1 row in set (0.00 sec) root@localhost/(none) [12:41:17]> 连接错误: adamhuan@DESKTOP-DKKRLU3 g:\xampp # mysql -h 192.168.232.254 -u public -poracle1 ERROR 1045 (28000): Access denied for user 'public'@'192.168.232.1' (using password: YES) adamhuan@DESKTOP-DKKRLU3 g:\xampp # 再次查看 host_cache的状态: root@localhost/(none) [12:42:02]> select * from performance_schema.host_cache\G *************************** 1. row *************************** IP: 192.168.232.1 HOST: NULL HOST_VALIDATED: YES SUM_CONNECT_ERRORS: 2 COUNT_HOST_BLOCKED_ERRORS: 3 COUNT_NAMEINFO_TRANSIENT_ERRORS: 0 COUNT_NAMEINFO_PERMANENT_ERRORS: 1 COUNT_FORMAT_ERRORS: 0 COUNT_ADDRINFO_TRANSIENT_ERRORS: 0 COUNT_ADDRINFO_PERMANENT_ERRORS: 0 COUNT_FCRDNS_ERRORS: 0 COUNT_HOST_ACL_ERRORS: 0 COUNT_NO_AUTH_PLUGIN_ERRORS: 0 COUNT_AUTH_PLUGIN_ERRORS: 0 COUNT_HANDSHAKE_ERRORS: 2 COUNT_PROXY_USER_ERRORS: 0 COUNT_PROXY_USER_ACL_ERRORS: 0 COUNT_AUTHENTICATION_ERRORS: 5 COUNT_SSL_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS: 0 COUNT_DEFAULT_DATABASE_ERRORS: 0 COUNT_INIT_CONNECT_ERRORS: 0 COUNT_LOCAL_ERRORS: 0 COUNT_UNKNOWN_ERRORS: 0 FIRST_SEEN: 2021-04-23 00:21:33 LAST_SEEN: 2021-04-23 00:41:33 FIRST_ERROR_SEEN: 2021-04-23 00:21:33 LAST_ERROR_SEEN: 2021-04-23 00:41:33 1 row in set (0.00 sec) root@localhost/(none) [12:42:03]> |
可以看到,虽然连接的时候报用户名与口令错误,但终究是没有继续被服务器block了。
然后,用正确的用户名与口令登陆,看看host_cache中的计数是否会清零:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
登陆前,host_cache的状态: root@localhost/(none) [12:43:52]> select * from performance_schema.host_cache\G *************************** 1. row *************************** IP: 192.168.232.1 HOST: NULL HOST_VALIDATED: YES SUM_CONNECT_ERRORS: 2 COUNT_HOST_BLOCKED_ERRORS: 3 COUNT_NAMEINFO_TRANSIENT_ERRORS: 0 COUNT_NAMEINFO_PERMANENT_ERRORS: 1 COUNT_FORMAT_ERRORS: 0 COUNT_ADDRINFO_TRANSIENT_ERRORS: 0 COUNT_ADDRINFO_PERMANENT_ERRORS: 0 COUNT_FCRDNS_ERRORS: 0 COUNT_HOST_ACL_ERRORS: 0 COUNT_NO_AUTH_PLUGIN_ERRORS: 0 COUNT_AUTH_PLUGIN_ERRORS: 0 COUNT_HANDSHAKE_ERRORS: 2 COUNT_PROXY_USER_ERRORS: 0 COUNT_PROXY_USER_ACL_ERRORS: 0 COUNT_AUTHENTICATION_ERRORS: 5 COUNT_SSL_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS: 0 COUNT_DEFAULT_DATABASE_ERRORS: 0 COUNT_INIT_CONNECT_ERRORS: 0 COUNT_LOCAL_ERRORS: 0 COUNT_UNKNOWN_ERRORS: 0 FIRST_SEEN: 2021-04-23 00:21:33 LAST_SEEN: 2021-04-23 00:41:33 FIRST_ERROR_SEEN: 2021-04-23 00:21:33 LAST_ERROR_SEEN: 2021-04-23 00:41:33 1 row in set (0.00 sec) root@localhost/(none) [12:43:53]> 正确登陆: adamhuan@DESKTOP-DKKRLU3 g:\xampp # mysql -h 192.168.232.254 -u public -poracle Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 13 Server version: 5.7.32-log MySQL Community Server (GPL) Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MySQL [(none)]> 再次查看 host_cache状态: root@localhost/(none) [12:44:28]> select * from performance_schema.host_cache\G *************************** 1. row *************************** IP: 192.168.232.1 HOST: NULL HOST_VALIDATED: YES SUM_CONNECT_ERRORS: 0 COUNT_HOST_BLOCKED_ERRORS: 3 COUNT_NAMEINFO_TRANSIENT_ERRORS: 0 COUNT_NAMEINFO_PERMANENT_ERRORS: 1 COUNT_FORMAT_ERRORS: 0 COUNT_ADDRINFO_TRANSIENT_ERRORS: 0 COUNT_ADDRINFO_PERMANENT_ERRORS: 0 COUNT_FCRDNS_ERRORS: 0 COUNT_HOST_ACL_ERRORS: 0 COUNT_NO_AUTH_PLUGIN_ERRORS: 0 COUNT_AUTH_PLUGIN_ERRORS: 0 COUNT_HANDSHAKE_ERRORS: 2 COUNT_PROXY_USER_ERRORS: 0 COUNT_PROXY_USER_ACL_ERRORS: 0 COUNT_AUTHENTICATION_ERRORS: 5 COUNT_SSL_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS: 0 COUNT_DEFAULT_DATABASE_ERRORS: 0 COUNT_INIT_CONNECT_ERRORS: 0 COUNT_LOCAL_ERRORS: 0 COUNT_UNKNOWN_ERRORS: 0 FIRST_SEEN: 2021-04-23 00:21:33 LAST_SEEN: 2021-04-23 00:44:05 FIRST_ERROR_SEEN: 2021-04-23 00:21:33 LAST_ERROR_SEEN: 2021-04-23 00:41:33 1 row in set (0.00 sec) root@localhost/(none) [12:44:30]> |
可以看到,SUM_CONNECT_ERRORS的值确实被清零了。
因此,验证了官方文档上关于该参数的描述。
二、
为了继续说第二种解决方案,先按照上述的telnet的方法,复现错误:
|
1 2 3 4 5 6 |
adamhuan@DESKTOP-DKKRLU3 g:\xampp # mysql -h 192.168.232.254 -u public -poracle ERROR 1129 (HY000): Host '192.168.232.1' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts' adamhuan@DESKTOP-DKKRLU3 g:\xampp # |
提升 host_cache_size:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
root@localhost/(none) [12:48:04]> show variables like 'host_cache_size'; +-----------------+-------+ | Variable_name | Value | +-----------------+-------+ | host_cache_size | 1203 | +-----------------+-------+ 1 row in set (0.00 sec) root@localhost/(none) [12:48:58]> set global host_cache_size = 2000; Query OK, 0 rows affected (0.00 sec) root@localhost/(none) [12:49:30]> root@localhost/(none) [12:49:31]> show variables like 'host_cache_size'; +-----------------+-------+ | Variable_name | Value | +-----------------+-------+ | host_cache_size | 2000 | +-----------------+-------+ 1 row in set (0.00 sec) root@localhost/(none) [12:49:33]> root@localhost/(none) [12:52:47]> select * from performance_schema.host_cache\G Empty set (0.00 sec) root@localhost/(none) [12:52:49]> |
可以看到,每次重设 host_cache_size 其实都会清空 host_cache表。
再次尝试连接:
|
1 2 3 4 5 6 7 8 9 10 11 |
adamhuan@DESKTOP-DKKRLU3 g:\xampp # mysql -h 192.168.232.254 -u public -poracle Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 20 Server version: 5.7.32-log MySQL Community Server (GPL) Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MySQL [(none)]> |
可以看到,确实解除了 服务器 对客户端主机的 block。
三、
为了演示第三种方式,依旧首先复现问题:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
参数的状态: root@localhost/(none) [12:56:39]> show variables like 'max_connect_errors'; +--------------------+-------+ | Variable_name | Value | +--------------------+-------+ | max_connect_errors | 5 | +--------------------+-------+ 1 row in set (0.00 sec) root@localhost/(none) [12:57:37]> host_cache表的状态: root@localhost/(none) [12:56:38]> select * from performance_schema.host_cache\G *************************** 1. row *************************** IP: 192.168.232.1 HOST: NULL HOST_VALIDATED: YES SUM_CONNECT_ERRORS: 5 COUNT_HOST_BLOCKED_ERRORS: 1 COUNT_NAMEINFO_TRANSIENT_ERRORS: 0 COUNT_NAMEINFO_PERMANENT_ERRORS: 1 COUNT_FORMAT_ERRORS: 0 COUNT_ADDRINFO_TRANSIENT_ERRORS: 0 COUNT_ADDRINFO_PERMANENT_ERRORS: 0 COUNT_FCRDNS_ERRORS: 0 COUNT_HOST_ACL_ERRORS: 0 COUNT_NO_AUTH_PLUGIN_ERRORS: 0 COUNT_AUTH_PLUGIN_ERRORS: 0 COUNT_HANDSHAKE_ERRORS: 5 COUNT_PROXY_USER_ERRORS: 0 COUNT_PROXY_USER_ACL_ERRORS: 0 COUNT_AUTHENTICATION_ERRORS: 0 COUNT_SSL_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS: 0 COUNT_DEFAULT_DATABASE_ERRORS: 0 COUNT_INIT_CONNECT_ERRORS: 0 COUNT_LOCAL_ERRORS: 0 COUNT_UNKNOWN_ERRORS: 0 FIRST_SEEN: 2021-04-23 00:55:20 LAST_SEEN: 2021-04-23 00:56:31 FIRST_ERROR_SEEN: 2021-04-23 00:55:20 LAST_ERROR_SEEN: 2021-04-23 00:56:31 1 row in set (0.00 sec) root@localhost/(none) [12:56:39]> 连接被阻断: adamhuan@DESKTOP-DKKRLU3 g:\xampp # mysql -h 192.168.232.254 -u public -poracle ERROR 1129 (HY000): Host '192.168.232.1' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts' adamhuan@DESKTOP-DKKRLU3 g:\xampp # |
执行:flush hosts
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
root@localhost/(none) [12:58:17]> select * from performance_schema.host_cache\G *************************** 1. row *************************** IP: 192.168.232.1 HOST: NULL HOST_VALIDATED: YES SUM_CONNECT_ERRORS: 5 COUNT_HOST_BLOCKED_ERRORS: 2 COUNT_NAMEINFO_TRANSIENT_ERRORS: 0 COUNT_NAMEINFO_PERMANENT_ERRORS: 1 COUNT_FORMAT_ERRORS: 0 COUNT_ADDRINFO_TRANSIENT_ERRORS: 0 COUNT_ADDRINFO_PERMANENT_ERRORS: 0 COUNT_FCRDNS_ERRORS: 0 COUNT_HOST_ACL_ERRORS: 0 COUNT_NO_AUTH_PLUGIN_ERRORS: 0 COUNT_AUTH_PLUGIN_ERRORS: 0 COUNT_HANDSHAKE_ERRORS: 5 COUNT_PROXY_USER_ERRORS: 0 COUNT_PROXY_USER_ACL_ERRORS: 0 COUNT_AUTHENTICATION_ERRORS: 0 COUNT_SSL_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_ERRORS: 0 COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS: 0 COUNT_DEFAULT_DATABASE_ERRORS: 0 COUNT_INIT_CONNECT_ERRORS: 0 COUNT_LOCAL_ERRORS: 0 COUNT_UNKNOWN_ERRORS: 0 FIRST_SEEN: 2021-04-23 00:55:20 LAST_SEEN: 2021-04-23 00:57:02 FIRST_ERROR_SEEN: 2021-04-23 00:55:20 LAST_ERROR_SEEN: 2021-04-23 00:57:02 1 row in set (0.00 sec) root@localhost/(none) [12:58:17]> root@localhost/(none) [12:58:18]> flush hosts; Query OK, 0 rows affected (0.00 sec) root@localhost/(none) [12:58:22]> root@localhost/(none) [12:58:23]> select * from performance_schema.host_cache\G Empty set (0.00 sec) root@localhost/(none) [12:58:26]> |
可以看到,flush hosts 其实是清空 host_cache表。
再次连接试试:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
adamhuan@DESKTOP-DKKRLU3 g:\xampp # mysql -h 192.168.232.254 -u public -poracle Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 35 Server version: 5.7.32-log MySQL Community Server (GPL) Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MySQL [(none)]> exit Bye adamhuan@DESKTOP-DKKRLU3 g:\xampp # |
可以看到,连接没有问题。
至此,已经可以明白参数 max_connect_errors 参数的工作方式。
这里,还需要说明的是:
在以上所有的步骤中,参数skip_name_resolve的状态都是OFF的:
|
1 2 3 4 5 6 7 8 9 |
root@localhost/(none) [13:01:21]> show variables like 'skip_name_resolve'; +-------------------+-------+ | Variable_name | Value | +-------------------+-------+ | skip_name_resolve | OFF | +-------------------+-------+ 1 row in set (0.01 sec) root@localhost/(none) [13:01:31]> |
如果该参数打开,那么不论发生多少次连接请求未成功的中断,host_cache表都不会被更新,永远都处于Empty set的状态。
此外,顺便说一下,在上面验证过程中,MySQL的错误日志如下所示:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
2021-04-22T12:21:32.723641-05:00 3 [Warning] IP address '192.168.232.1' could not be resolved: Name or service not known 2021-04-22T12:21:32.724180-05:00 3 [Note] Access denied for user 'public'@'192.168.232.1' (using password: YES) 2021-04-22T12:22:59.768782-05:00 4 [Note] Access denied for user 'public'@'192.168.232.1' (using password: YES) 2021-04-22T12:24:21.344537-05:00 5 [Note] Access denied for user 'public'@'192.168.232.1' (using password: YES) 2021-04-22T12:24:33.087956-05:00 6 [Note] Access denied for user 'public'@'192.168.232.1' (using password: YES) 2021-04-22T12:29:20.569457-05:00 7 [Note] Got timeout reading communication packets 2021-04-22T12:29:47.890470-05:00 8 [Note] Got timeout reading communication packets 2021-04-22T12:41:33.028122-05:00 12 [Note] Access denied for user 'public'@'192.168.232.1' (using password: YES) 2021-04-22T12:47:05.584846-05:00 14 [Note] Got timeout reading communication packets 2021-04-22T12:47:21.156801-05:00 15 [Note] Got timeout reading communication packets 2021-04-22T12:47:35.205244-05:00 16 [Note] Got timeout reading communication packets 2021-04-22T12:47:47.555399-05:00 17 [Note] Got timeout reading communication packets 2021-04-22T12:48:02.484623-05:00 18 [Note] Got timeout reading communication packets 2021-04-22T12:49:41.035072-05:00 20 [Warning] IP address '192.168.232.1' could not be resolved: Name or service not known 2021-04-22T12:52:13.126340-05:00 21 [Warning] IP address '192.168.232.1' could not be resolved: Name or service not known 2021-04-22T12:52:39.292772-05:00 22 [Note] Got timeout reading communication packets 2021-04-22T12:52:52.764497-05:00 23 [Note] Got timeout reading communication packets 2021-04-22T12:52:59.124327-05:00 24 [Warning] IP address '192.168.232.1' could not be resolved: Name or service not known 2021-04-22T12:53:09.134859-05:00 24 [Note] Got timeout reading communication packets 2021-04-22T12:54:35.165308-05:00 25 [Note] Got timeout reading communication packets 2021-04-22T12:54:56.376950-05:00 26 [Note] Got timeout reading communication packets 2021-04-22T12:55:09.910990-05:00 27 [Note] Got timeout reading communication packets 2021-04-22T12:55:20.123187-05:00 28 [Warning] IP address '192.168.232.1' could not be resolved: Name or service not known 2021-04-22T12:55:30.128386-05:00 28 [Note] Got timeout reading communication packets 2021-04-22T12:55:42.128033-05:00 29 [Note] Got timeout reading communication packets 2021-04-22T12:55:53.704601-05:00 30 [Note] Got timeout reading communication packets 2021-04-22T12:56:05.355166-05:00 31 [Note] Got timeout reading communication packets 2021-04-22T12:56:22.704733-05:00 32 [Note] Got timeout reading communication packets 2021-04-22T12:59:18.322244-05:00 35 [Warning] IP address '192.168.232.1' could not be resolved: Name or service not known |
其中:
[Note] Got timeout reading communication packets
就是在执行telnet模拟错误的时候的日志报错;
可以看到,从这个错误日志的报错信息上是无法判断到底错误来自哪个主机的,只能看到max_connect_errors相关的错误被触发了。
而想要看具体哪些主机正在触发该参数,需要监控performance_schema.host_cache表。
