Cloud Lesson｜RDS instance connection fails again? Look at my assassin!

Abstract: Since I purchased an RDS instance, the problem of connection failure has accompanied me. It is really difficult for me. Don't be afraid, don't worry, follow Xiaoyunmei, read this article, let you in the wind and rain, the instance connection will be unimpeded since then! The problem can be solved by following the investigation in the following aspects~

This article is shared from the HUAWEI CLOUD Community " [Cloud Small Lesson] [Lesson 17] RDS instance connection fails again? Look at my assassin! 160dbd72e69e8b", the original author:

Little A: My instance connection failed, but I can’t figure out the reason

Little B: My instance was just okay, why suddenly I can’t connect to it

Little C: My...

Since I purchased an RDS instance, the problem of connection failure has been with me. It is really difficult for me. Don't be afraid, don't worry, follow Xiaoyunmei, read this article, let you in the wind and rain, the instance connection will be unimpeded since then!

The problem can be solved by following the investigation in the following aspects~

1. Troubleshoot database instance exceptions

Relational database system failures, abnormal instance status, and locked instances or tables may cause instance exceptions. You can try the instance restart function to solve this problem.

2. Use the correct client connection method

It is recommended to install an engine client that is not lower than the version of the database instance.

3. Use the correct SSL method to connect securely

• (recommended) SSL method: on the SSL switch on the 160dbd72e6a04b instance connection management page, and upload the certificate to ECS.

mysql -h 172.16.0.31 -P 3306 -u root -p --ssl-ca=/tmp/ca.pem

• common method: The SSL switch on the basic information page of the

mysql -h 172.16.0.31 -P 3306 -u root -p

4. Eliminate connection command errors

Including the connection address, port parameter configuration, user name and password, SSL mode error, please configure the parameter items correctly, and try to connect to the instance again.

SSL intranet connection MySQL example: mysql -h 172.16.0.31 -P 3306 -u root -p --ssl-ca=/tmp/ca.pem

o Connection address

On the "Connection Management" page of the target instance, "Intranet Address" on the "Intranet Connection" tab.

o Database port

On the "Connection Management" page of the target instance, "Database Port" on the "Intranet Connection" tab.

o Username and password

The root administrator account and its corresponding password.

o Certificate name

SSL certificate file name, the file needs to be placed in the path where the command is executed.

SSL public network connection MySQL example: mysql -h public network address -P 3306 -u root -p --ssl-ca=/tmp/ca.pem

o Connection address

On the "Connection Management" page of the target instance, the "Elastic Public IP" on the "Public Network Connection" tab.

o Database port

On the "Connection Management" page of the target instance, "Database Port" on the "Public Network Connection" tab.

o Username and password

The root administrator account and its corresponding password.

o Certificate name

SSL certificate file name, the file needs to be placed in the path where the command is executed.

5. Eliminate network failure

Intranet access

1). Check whether ECS and RDS are in the same region, VPC.

Intranets between cloud services in different regions are not connected to each other, and instances cannot be accessed. Please choose an area close to your business, which can reduce network delay and increase access speed.

Under different VPCs, it is supported to switch the ECS virtual private cloud to be consistent with the RDS instance, or use a VPC peer-to-peer connection to establish a peer-to-peer connection for two different virtual private clouds to achieve intranet intercommunication.

2). Check the security group rules.

When accessing RDS instances in the security group from outside the security group, you need to add corresponding inbound rules for the security group.

3). Test whether it can be connected to the port of the RDS instance address on ECS.

telnet <connection address> <port number>

Internet access

1). Check the security group rules.

When accessing RDS instances in the security group from outside the security group, you need to add corresponding inbound rules for the security group.

2). Check the network ACL rules.

Enter the virtual private cloud network ACL list, confirm that the network card bound to the EIP is in the subnet associated with the network ACL, and check the network ACL status. If it is "on", you need to add an ICMP release rule to release traffic.

3). Ping test for hosts in the same area.

If the EIP bound to the RDS instance is not pinged on the original ECS, please ping the EIP from another ECS in the same area. If it can be pinged normally, the virtual network is normal.

6. Exclude instances where the number of connections is full

1). Check whether the connection indicator of the instance has reached the upper limit.

2). Please check whether the business side connection is valid in time, optimize the instance connection, and release unnecessary connections.

3). The cloud monitoring service can currently monitor the database CPU, memory, disk, number of connections and other indicators, and set alarm strategies, so that risks can be identified in advance when an alarm occurs.

7. Common errors of connection failure

o ERROR 2013：Lost connection to MySQL server during query

If the connection timeout parameters "wait_timeout" and "interactive_timeout" are set too small, MySQL will automatically disconnect the timeout empty connection. For details, see MySQL client will automatically disconnect after connecting to the instance.

o ERROR 1045 (28000): Access denied for user ‘root'@‘192.168.0.30' (using password:YES)

Troubleshoot whether the password is incorrect, and confirm whether the host has the permission to connect to the database instance, and whether the MySQL client and the instance VIP can connect. For details, see Common Errors of Failure to Connect to RDS Instances.

o ERROR 1226 (42000):User‘test' has exceeded the‘max_user_connections' resource (current value:10)

Check whether the number of connections of the instance is limited, causing the connection to fail. For details, see Common Errors When Connecting to RDS Instances.

o ERROR 1129 (HY000): Host ‘192.168.0.111' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'

Check whether the number of failures (excluding password errors) of the MySQL client to connect to the database exceeds the value of max_connection_errors, causing the connection to fail. For details, see Common Errors of Failure to Connect to RDS Instances.

o [Warning] Access denied for user 'username'@'yourIp' (using password: NO)

This error occurs when connecting to MySQL and PostgreSQL instances. Please check whether the user name or password is correct.

o [Warning] Access denied for user 'username'@'yourIp' (using password: YES)

This error occurs when connecting to MySQL and PostgreSQL instances. Please check whether the user name or password is correct.

o Login failed for user 'username'

This error occurs when connecting to the SQL Server instance, please check whether the user name or password is correct.

The cloud database RDS not only supports client-side connection to instances, but also docks with DAS services, using the DAS visual interface to connect and manage the database, which is safe and simple.

Hurry up and poke here for details~~

Click to follow and learn about Huawei Cloud's fresh technology for the first time~