我在docker swarm模式下有2个节点,并在一个节点上部署了一个mysql服务,在另一个节点上部署了一个mysql客户端,并使用了#docker stack deploy -c composeYaml stackName'。但事实证明,mysql客户端无法通过其服务名称' mysql'来访问mysql,但可以使用其容器名称' aqi_mysql.1.yv9t12wm3z4s9klw1gl3bnz53'
在客户端容器中,我可以ping和nslookup' mysql'容器,但用3306端口无法到达
root@ced2d59027e8:/opt/docker# ping mysql
PING mysql (10.0.2.2) 56(84) bytes of data.
64 bytes from 10.0.2.2: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 10.0.2.2: icmp_seq=2 ttl=64 time=0.052 ms
64 bytes from 10.0.2.2: icmp_seq=3 ttl=64 time=0.044 ms
64 bytes from 10.0.2.2: icmp_seq=4 ttl=64 time=0.042 ms
^C
--- mysql ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.030/0.042/0.052/0.007 ms
root@ced2d59027e8:/opt/docker# nslookup mysql
Server: 127.0.0.11
Address: 127.0.0.11#53
Non-authoritative answer:
Name: mysql
Address: 10.0.2.2
root@ced2d59027e8:/opt/docker# nmap -p 3306 mysql
Starting Nmap 6.47 ( http://nmap.org ) at 2017-07-19 09:34 UTC
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.49 seconds
root@ced2d59027e8:/opt/docker# nmap -p 3306 10.0.2.2
Starting Nmap 6.47 ( http://nmap.org ) at 2017-07-19 09:41 UTC
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.48 seconds
但是,如果我尝试使用' mysql'的容器名称得到了#docker ps',它正在工作,它的VirtualIP也在工作
在运行mysql容器的节点上:
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ebe25854c5b0 nysql:latest "docker-entrypoint..." 4 minutes ago Up 4 minutes 3306/tcp aqi_mysql.1.yv9t12wm3z4s9klw1gl3bnz53
回到客户端容器内部:
root@ced2d59027e8:/opt/docker# nmap -p 3306 aqi_mysql.1.yv9t12wm3z4s9klw1gl3bnz53
Starting Nmap 6.47 ( http://nmap.org ) at 2017-07-19 09:43 UTC
Nmap scan report for aqi_mysql.1.yv9t12wm3z4s9klw1gl3bnz53 (10.0.2.3)
Host is up (0.000077s latency).
rDNS record for 10.0.2.3: aqi_mysql.1.yv9t12wm3z4s9klw1gl3bnz53.aqi_backend
PORT STATE SERVICE
3306/tcp open mysql
MAC Address: 02:42:0A:00:02:03 (Unknown)
Nmap done: 1 IP address (1 host
root@ced2d59027e8:/opt/docker# nmap -p 3306 10.0.2.3
Starting Nmap 6.47 ( http://nmap.org ) at 2017-07-19 09:37 UTC
Nmap scan report for aqi_mysql.1.yv9t12wm3z4s9klw1gl3bnz53.aqi_backend (10.0.2.3)
Host is up (0.000098s latency).
PORT STATE SERVICE
3306/tcp open mysql
MAC Address: 02:42:0A:00:02:03 (Unknown)
Nmap done: 1
我的撰写文件如下所示:
version: '3.2'
services:
mysql:
image: mysql
ports:
- target: 3306
published: 3306
protocol: tcp
mode: ingress
environment:
MYSQL_ROOT_PASSWORD: 1234
MYSQL_DATABASE: aqitradetest
MYSQL_USER: aqidbmaster
MYSQL_PASSWORD: aqidbmaster
deploy:
restart_policy:
condition: on-failure
placement:
constraints: [node.hostname == prod-03]
networks:
- backend
mysql_client:
image: mysql_client
ports:
- "9000:9000"
deploy:
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 3
window: 30s
placement:
constraints: [node.hostname == production-01]
networks:
- backend
depends_on:
- mysql
networks:
frontend:
backend:
答案 0 :(得分:0)
我认为你混淆了一些概念。
在发布端口时,它将在所有节点上发布,并且可以使用任何节点和该端口的IP(或使用来自任何节点上的应用程序的0.0.0.0:port)从外部访问。使用这些端口无法帮助您通过servicename访问其他服务。
当两个服务在同一网络上时(如果您没有定义任何网络,同一个撰写文件中的所有服务都加入相同的默认网络),它们应该能够通过servicename:port到达其他服务的所有内部端口。
您的撰写文件可能存在问题。我会尝试制作一个最小的撰写文件,你不在mysql上发布任何端口,你没有定义任何网络,因为它更容易在最小的撰写文件中找到问题。
最有可能
ports:
- target: 3306
published: 3306
protocol: tcp
mode: ingress
导致问题。