无法使用其服务名称到达在不同节点运行的mysql容器,但可以使用其容器名称
我有2个节点在docker群模式,并在一个节点上部署了一个mysql服务,在另一个节点上部署了一个mysql客户端,使用'docker stack deploy -c composeYaml stackName'。 但事实certificate,mysql客户端无法通过其服务名称“mysql”到达mysql,但可以使用其容器名称“aqi_mysql.1.yv9t12wm3z4s9klw1gl3bnz53”
在客户端容器内部,我可以ping和nslookup'mysql'容器,但无法使用3306端口访问它
root@ced2d59027e8:/opt/docker# ping mysql PING mysql (10.0.2.2) 56(84) bytes of data. 64 bytes from 10.0.2.2: icmp_seq=1 ttl=64 time=0.030 ms 64 bytes from 10.0.2.2: icmp_seq=2 ttl=64 time=0.052 ms 64 bytes from 10.0.2.2: icmp_seq=3 ttl=64 time=0.044 ms 64 bytes from 10.0.2.2: icmp_seq=4 ttl=64 time=0.042 ms ^C --- mysql ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.030/0.042/0.052/0.007 ms root@ced2d59027e8:/opt/docker# nslookup mysql Server: 127.0.0.11 Address: 127.0.0.11#53 Non-authoritative answer: Name: mysql Address: 10.0.2.2 root@ced2d59027e8:/opt/docker# nmap -p 3306 mysql Starting Nmap 6.47 ( http://nmap.org ) at 2017-07-19 09:34 UTC Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 0.49 seconds root@ced2d59027e8:/opt/docker# nmap -p 3306 10.0.2.2 Starting Nmap 6.47 ( http://nmap.org ) at 2017-07-19 09:41 UTC Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 0.48 seconds 但是,如果我尝试使用“docker ps”获取的'mysql'容器名称,它正在工作,其虚拟IP也正常工作
在mysql容器运行的节点上:
docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ebe25854c5b0 nysql:latest "docker-entrypoint..." 4 minutes ago Up 4 minutes 3306/tcp aqi_mysql.1.yv9t12wm3z4s9klw1gl3bnz53
回到客户端容器中:
root@ced2d59027e8:/opt/docker# nmap -p 3306 aqi_mysql.1.yv9t12wm3z4s9klw1gl3bnz53 Starting Nmap 6.47 ( http://nmap.org ) at 2017-07-19 09:43 UTC Nmap scan report for aqi_mysql.1.yv9t12wm3z4s9klw1gl3bnz53 (10.0.2.3) Host is up (0.000077s latency). rDNS record for 10.0.2.3: aqi_mysql.1.yv9t12wm3z4s9klw1gl3bnz53.aqi_backend PORT STATE SERVICE 3306/tcp open mysql MAC Address: 02:42:0A:00:02:03 (Unknown) Nmap done: 1 IP address (1 host root@ced2d59027e8:/opt/docker# nmap -p 3306 10.0.2.3 Starting Nmap 6.47 ( http://nmap.org ) at 2017-07-19 09:37 UTC Nmap scan report for aqi_mysql.1.yv9t12wm3z4s9klw1gl3bnz53.aqi_backend (10.0.2.3) Host is up (0.000098s latency). PORT STATE SERVICE 3306/tcp open mysql MAC Address: 02:42:0A:00:02:03 (Unknown) Nmap done: 1
我的撰写文件如下所示:
version: '3.2' services: mysql: image: mysql ports: - target: 3306 published: 3306 protocol: tcp mode: ingress environment: MYSQL_ROOT_PASSWORD: 1234 MYSQL_DATABASE: aqitradetest MYSQL_USER: aqidbmaster MYSQL_PASSWORD: aqidbmaster deploy: restart_policy: condition: on-failure placement: constraints: [node.hostname == prod-03] networks: - backend mysql_client: image: mysql_client ports: - "9000:9000" deploy: restart_policy: condition: on-failure delay: 10s max_attempts: 3 window: 30s placement: constraints: [node.hostname == production-01] networks: - backend depends_on: - mysql networks: frontend: backend:
我认为你混淆了一些概念。
在swarm中,当你发布一个端口时,它将被发布到所有节点上,并且可以从外部使用你的任何节点的IP和那个端口(或者使用你的任何节点上的应用程序的0.0.0.0:port)访问。 使用这些端口将不会帮助您通过servicename访问其他服务。
当两个服务在同一个networking中时(如果您没有定义同一个撰写文件中的所有服务都join同一个默认networking),他们应该能够通过servicename:port访问其他服务的所有内部端口。
可能是您的撰写文件有问题。 我会尝试做一个最小的撰写文件,你不发布任何端口上的MySQL,你不定义任何networking,因为它更容易find一个最小的撰写文件中的问题。
最可能
ports: - target: 3306 published: 3306 protocol: tcp mode: ingress
导致问题。