web:/home/web/install/tomcat8_sm1/logs> mysql -h10.0.29.205 -u loan -p loan Enter password: ERROR 1045 (28000): Access denied for user 'loan'@'kfcsdb1' (using password: YES)
問題:最近項目中遇到個奇怪問題,同事搭建的web服務中的JDBC連接,只要用主機IP地址,就無法連接,只能通過localhost連接。而同樣的IP地址形式的JDBC連接從遠程主機卻能正常連接。JDBC也正常
原因:因為遠程主機能連接,說明mysql的遠程連接已經打開. 最后排查發現,服務器本機配置了/etc/hosts, 在該文件中,10.0.29.205被DNS系統解釋成主機名kfcsdb1.
而在mysql的權限管理中, kfcsdb1被配置成只能用root登錄。所以導致WEB應用中的loan用戶無法連接。而遠程主機本身沒有配置kfcsdb1主機名, 所以能通過mysql的權限檢查。
解決: 從本地登錄mysql, 將kfcsdb1和10.0.29.205授權給loan用戶, 解決問題
web:/home/web/install/tomcat8_sm1/logs> mysql -hlocalhost -uloan -ploan Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 7667 Server version: 5.4.3-beta-log MySQL Community Server (GPL) Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> use mysql; Database changed mysql> select host,user from user; +-----------+------+ | host | user | +-----------+------+ | % | loan | | 127.0.0.1 | root | | kfcsdb1 | | | kfcsdb1 | root | | localhost | | | localhost | loan | | localhost | root | +-----------+------+ 7 rows in set (0.00 sec)
以上紅色就是無法本地通過IP登錄的原因,而localhost是可以的
mysql> GRANT ALL PRIVILEGES ON *.* TO 'loan'@'kfcsdb1' IDENTIFIED BY 'loan' WITH GRANT OPTION; Query OK, 0 rows affected (0.01 sec) mysql> select host,user from user; +-----------+------+ | host | user | +-----------+------+ | % | loan | | 127.0.0.1 | root | | kfcsdb1 | loan | | localhost | | | localhost | loan | | localhost | root | +-----------+------+ 6 rows in set (0.00 sec) mysql> GRANT ALL PRIVILEGES ON *.* TO 'loan'@'10.0.29.205' IDENTIFIED BY 'loan' WITH GRANT OPTION; Query OK, 0 rows affected (0.00 sec) mysql> select host,user from user; +-------------+------+ | host | user | +-------------+------+ | % | loan | | 10.0.29.205 | loan | | 127.0.0.1 | root | | kfcsdb1 | loan | | localhost | | | localhost | loan | | localhost | root | +-------------+------+ 7 rows in set (0.00 sec)
授權后,loan用戶也能通過IP從本地連接, WEB應用JDBC連接也能正常了