Overview
Problem
An error occurs during FineOps deployment, saying "connection refused."
Error message: ERROR: 2022/05/18 17:33:07 finedb connect error:dial tcp 192.168.1.24:3306: connect: connection refused
An error occurs during O&M project deployment, saying "Server IP try to bind ports failed!"
Error message: Server IP try to bind ports 9114,9100,9200,9080,9070 failed!
Cause
The containers of the FineOps components and O&M project components to be deployed will occupy some ports.
If these ports are already occupied or not open, the deployment will fail, and the above errors will occur.
Solution
Perform the following steps in turn.
1. Check if the port is occupied by other processes on the server.
If the port is in use, reassign a free port and check the next two items for the new port.
If the port is not in use, proceed to check the next two items for this port.
2. Check if the server firewall allows the port.
You are advised to enable the server firewall.
Ensure that the server firewall allows the required port.
Check the next item if the port is already open.
3. Check if the server security group allows the port (for cloud servers).
This document does not describe port configuration methods for security groups of cloud servers. Contact your cloud provider for assistance.
Port Occupancy Inspection
This document provides multiple methods to check if a port is occupied by another process in a Linux system.
Note that you need to execute the following commands using the root user or users with sufficient privileges to obtain complete process information.
Using the netstat Command
| Command | netstat -tuln | grep <Port number> |
|---|---|
| Description | The system returns the process listening on the specified port. Process information will be displayed if the port is in use. Otherwise, no information will be outputted. |
| Example |  |
Use the lsof Command
| Command | lsof -i :<Port number> |
|---|---|
| Description | The system returns the process running on the specific port. Process information will be displayed if the port is in use. Otherwise, no information will be outputted. |
| Example | |
Firewall Configuration Inspection
1. You are advised to keep the server firewall enabled at all times.
2. You are advised to open necessary ports only to minimize network exposure.
Common Command
| Scenario | Command |
|---|---|
| Check the firewall status. | systemctl status firewalld |
| Enable the firewall. | systemctl start firewalld |
| Disable the firewall. | systemctl stop firewalld |
| Enable the firewall on boot. | systemctl enable firewalld |
| Disable the firewall on boot. | systemctl disable firewalld |
| List all allowed ports. | firewall-cmd --zone=public --list-ports |
| Check if a specific port is allowed. | firewall-cmd --zone=public --query-port=<Port number>/<Protocol> |
| Allow a specific port. | firewall-cmd --zone=public --add-port=<Port number>/<Protocol> --permanent |
| Remove a specific port from the allowed list. | firewall-cmd --zone=public --remove-port=<Port number>/<Protocol> --permanent |
| Update firewall rules. | firewall-cmd --reload |
Example
This example demonstrates how to enable the firewall and allow the port 8080.
1. Enable the firewall.
Check the firewall status.
systemctl status firewalld
If the system returns not running, the firewall is inactive.
Enable the firewall.
systemctl start firewalld
Verify the firewall status.
systemctl status firewalld
If the system returns running, the firewall is active.
2. Allow the port 8080.
Check if the port is open.
firewall-cmd --zone=public --query-port=8083/tcp
If the system returns no, the port 8080 is disallowed.
Allow the port.
firewall-cmd --zone=public --add-port=8080/tcp --permanent
If the system returns success, the port 8080 is allowed.
Update the firewall rule.
firewall-cmd --reload
If the system returns success, the rule is updated.
Verify the port status.
firewall-cmd --zone=public --query-port=8080/tcp
If the system returns yes, the port 8080 is allowed.
Notes
You must restart the Docker service after rebooting Firewalld.
Problem:
When you deploy FineOps or O&M projects, Docker is automatically installed on the target server.
Docker modifies the iptables rules upon startup to ensure proper network communication between containers and port mapping.
Restarting Firewalld may reset or overwrite the iptables rules, causing loss of container network connectivity or failure in service port mapping.
Solution
Restart the Docker service after rebooting Firewalld for Docker to reload and reapply the necessary iptables rules, thus ensuring network connectivity.
FineOps/O&M projects will be temporarily unavailable during restarts. Perform this operation during non-business hours.
Basic Docker knowledge is required. If you are unable to complete it, contact FanRuan technical support personnel. For details about how to contact technical support personnel, see Technical Support Channel Introduction.
Previous:Common Docker Operations