2

AWS RDS で 1 つのマスターと 2 つのレプリケーションを作成し、haproxy で 1 つの EC2 を作成します

listen rds-cluster
    bind 172.30.0.xxx:3306
    mode tcp
    option mysql-check user ha_check
    balance roundrobin
    server mysql-1 replica1.xxxx.ap-southeast-1.rds.amazonaws.com:3306 check weight 1 fall 2 fastinter 1000
    server mysql-2 replica2.xxxx.ap-southeast-1.rds.amazonaws.com:3306 check weight 1 fall 2 fastinter 1000

エンドポイントを使用してレプリカ サーバーに直接接続できる場合でも、haproxy を使用する場合

$ mysql -h172.30.0.xxx -uha_read -ppassword -e "show variables like 'server_id'"
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0

私はそのエラーを得ました

すでに connect_timeout を増やしています

私がチェックすれば

SHOW GLOBAL STATUS LIKE 'Aborted_connects';

増え続けている

===============

この記事は私の問題を解決し ます Amazon RDS インスタンスのカスタム構成

4

1 に答える 1

1

by default if you did not change the security group settings when launch RDS, only your IP will be authorized to reach your databases. In your case you need to authorize your haproxy node to reach your databases as well.

Go to RDS, select your instance, then security group, edit, add a new rule to enable either the security group of your HAproxy (best practice) or HAproxy IP (still good enough if this is an elastic IP) to access the database on port 3306.

Hope this is clear enough :)

EDIT: I understand that you solved your issue, but for people reading later (or even for you if you want to enhance security) I add a little information about what I said: the RDS hostname will be resolved to private IP when the DNS query is made from an instance in the same VPC to the Amazon provided DNS server in that VPC. Thus in your security group, in that case, you would have to allow either the subnet of you haproxy or its private IP (not public one).

于 2016-01-25T10:06:40.140 に答える