在CentOS7.3中安装了MySQL8.0.21之后,就开启了一段漫长的爬坑历程,简要回顾如下:
一、从Win10中用Navicat连接安装好的MySQL服务器
出现如下异常:1045 - Access denied for user ‘root’@‘192.168.101.151’(using password: YES)
二、尝试解决遇到的防火墙问题
在网上查阅了多篇博客,结论可能是3306端口没有加入到防火墙的允许列表。
接着,开始研究了CentOS7中的防火墙,发现RHEL6之前版本用的防火墙管理工具都是iptables,而自RHEL7起,Firewalld动态防火墙管理器服务(Dynamic Firewall Manager of Linux systems)就成了默认的防火墙管理工具。
通过yum -y install iptables-services命令安装iptables:
然后启动iptables,出现异常,记录如下:
[root@localhost~]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@localhost~]# systemctl start iptables
Job for iptables.service failed because the control process exited with error code. See "systemctl status iptables.service" and "journalctl -xe" for details.
[root@localhost~]# systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since 一 2020-08-31 16:45:01 CST; 2min 53s ago
Process: 16808 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=1/FAILURE)
Main PID: 16808 (code=exited, status=1/FAILURE)
8月 31 16:45:01 localhost.localdomain systemd[1]: Starting IPv4 firewall with iptables...
8月 31 16:45:01 localhost.localdomain iptables.init[16808]: iptables: Applying firewall rules: iptables-restore: line 1 failed
8月 31 16:45:01 localhost.localdomain iptables.init[16808]: [失败]
8月 31 16:45:01 localhost.localdomain systemd[1]: iptables.service: main process exited, code=exited, status=1/FAILURE
8月 31 16:45:01 localhost.localdomain systemd[1]: Failed to start IPv4 firewall with iptables.
8月 31 16:45:01 localhost.localdomain systemd[1]: Unit iptables.service entered failed state.
8月 31 16:45:01 localhost.localdomain systemd[1]: iptables.service failed.
尝试解决上述异常,未果,转而尝试启用firewalld:
systemctl disable iptables;systemctl stop iptables #禁止iptables开机启动;停止iptables
据说iptables和firewalld不能同时运行。
使用systemctl start firewalld或service firewalld start启动firewalld,记录如下:
[root@localhost~]# systemctl start firewalld
Job for firewalld.service failed because the control process exited with error code. See "systemctl status firewalld.service" and "journalctl -xe" for details.
[root@localhost~]# vim /usr/sbin/firewalld
##将 #!/usr/bin/python -Es修改为#!/usr/bin/python2 -Es或#!/usr/bin/python2.7 -Es
[root@localhost~]# service firewalld start
Redirecting to /bin/systemctl start firewalld.service
[root@localhost~]# systemctl start firewalld
查看firewalld状态:
systemctl status firewalld;firewall-cmd --state
或者:systemctl status firewalld.service;firewall-cmd --state
[root@localhost~]# systemctl status firewalld -l;firewall-cmd --state
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since 一 2020-08-31 17:06:44 CST; 4min 25s ago
Docs: man:firewalld(1)
Process: 17225 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 17225 (code=exited, status=0/SUCCESS)
8月 31 17:06:44 localhost.localdomain firewalld[17225]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now.
8月 31 17:06:44 localhost.localdomain firewalld[17225]: WARNING: ipset not usable, disabling ipset usage in firewall.
8月 31 17:06:44 localhost.localdomain firewalld[17225]: WARNING: Failed to load nf_conntrack module: modprobe: ERROR: could not insert 'nf_conntrack': Unknown symbol in module, or unknown parameter (see dmesg)
modprobe: ERROR: Error running install command for nf_conntrack
modprobe: ERROR: could not insert 'nf_conntrack': Operation not permitted
8月 31 17:06:44 localhost.localdomain firewalld[17225]: ERROR: Failed to read file "/proc/sys/net/netfilter/nf_conntrack_helper": [Errno 2] 没有那个文件或目录: '/proc/sys/net/netfilter/nf_conntrack_helper'
8月 31 17:06:44 localhost.localdomain firewalld[17225]: WARNING: Failed to get and parse nf_conntrack_helper setting
8月 31 17:06:44 localhost.localdomain firewalld[17225]: WARNING: iptables not usable, disabling IPv4 firewall.
8月 31 17:06:44 localhost.localdomain firewalld[17225]: WARNING: ip6tables not usable, disabling IPv6 firewall.
8月 31 17:06:44 localhost.localdomain firewalld[17225]: WARNING: ebtables not usable, disabling ethernet bridge firewall.
8月 31 17:06:44 localhost.localdomain firewalld[17225]: FATAL ERROR: No IPv4 and IPv6 firewall.
8月 31 17:06:44 localhost.localdomain firewalld[17225]: ERROR: Raising SystemExit in run_server
not running
接下来,又尝试解决ERROR: Failed to read file “/proc/sys/net/netfilter/nf_conntrack_helper”: [Errno 2] 没有那个文件或目录: '/proc/sys/net/netfilter/nf_conntrack_helper’异常,得知/proc/sys/net/netfilter目录下都是虚拟文件,暂时未找到该异常的解决办法。
三、幡然醒悟,回归正途
绕了一大圈,结果还是一头雾水,静心梳理一下此前的思路,猛然发现我解决问题的方向已经跑偏了,本来要解决客户端连接MySQL服务器时出现的“1045 - Access denied for user”异常,结果一度跑偏到解决防火墙的“FATAL ERROR: No IPv4 and IPv6 firewall.”异常了。于是,我又果断回头,开始搜寻“1045 - Access denied for user”异常相关的解决办法。虽然后来找到的几种方案都不太理想,但从https://www.cnblogs.com/zhoading/p/11562514.html博客中得到重大启发,即:客户端连接MySQL服务器时,需要服务器端事先对客户端进行授权。
总算有了眉目,于是立即开始新的尝试:
grant all privileges on *.* to 'root'@'192.168.101.151' identified by 'tt111222';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'identified by 'tt111222'' at line 1
上述命令修改为:
mysql> grant all privileges on *.* to 'root'@'192.168.101.151' IDENTIFIED WITH mysql_native_password BY 'tt111222';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED WITH mysql_native_password BY 'tt111222'' at line 1
上述命令再次修改为:
mysql> grant all privileges on *.* to 'root'@'192.168.101.151' IDENTIFIED WITH 'tt111222';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED WITH 'tt111222'' at line 1
mysql> grant all privileges on *.* to 'root'@'%' with grant option;
mysql> grant all privileges on *.* to 'root'@'localhost' with grant option;
Query OK, 0 rows affected (0.22 sec)
mysql> grant all privileges on *.* to 'root'@'192.168.101.151' with grant option;
ERROR 1410 (42000): You are not allowed to create a user with GRANT
多次尝试多次受挫后,心生疑问:客户端连接MySQL服务器时难道不可使用root账户,而是需要创建其它独立用户?之后,尝试创建新的账户,并进行授权,结果,居然真的成功了!!
mysql> use mysql;create user edmond identified by 'tt111222';
Database changed
Query OK, 0 rows affected (0.03 sec)
mysql> GRANT EXECUTE,INSERT,SELECT,UPDATE,DELETE ON *.* TO 'edmond'@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.01 sec)
看到“连接成功”四个字,简直是百感交集啊!
又可以继续前进了,又可以在漫漫征途中不断地跳入、爬出大大小小的豪华新坑了!
转自:https://blog.csdn.net/shinyolive/article/details/108294935