question
- After the clickhouse is deployed on the client server, it starts successfully, but the program cannot connect to the clickhouse, the program reports an error and refuses to connect, and the key reports an error
internal:8123 [host.docker.internal/172.17.0.1] failed: Connection refused - The excerpt program error log is as follows:
org.springframework.jdbc.CannotGetJdbcConnectionException: Failed to obtain JDBC Connection; nested exception is com.alibaba.druid.pool.GetConnectionTimeoutException: wait millis 600, active 0, maxActive 100, creating 0, createErrorCount 1
Caused by: com.alibaba.druid.pool.GetConnectionTimeoutException: wait millis 600, active 0, maxActive 100, creating 0, createErrorCount 1
Caused by: java.lang.RuntimeException: ru.yandex.clickhouse.except.ClickHouseException: ClickHouse exception, code: 210, host: host.docker.internal, port: 8123; Connect to host.docker.internal:8123 [host.docker.internal/172.17.0.1] failed: Connection refused (Connection refused)
Caused by: org.apache.http.conn.HttpHostConnectException: Connect to host.docker.internal:8123 [host.docker.internal/172.17.0.1] failed: Connection refused (Connection refused)
Caused by: java.net.ConnectException: Connection refused (Connection refused)
- The customer's program and
clickhouseconfiguration are consistent with our test environment, but the program cannot be connected, continue to checkclickhousethe log - Check
clickhousethe error logclickhouse-server.err.log(the default/var/log/clickhouse-server/is below ), there is indeed a network problem, and there is no such error in our test environment
2023.02.25 11:42:11.223352 [ 16413 ] {} <Error> CertificateReloader: Cannot obtain modification time for certificate file /etc/clickhouse-server/server.crt, skipping update. errno: 2, strerror: No such file or directory
2023.02.25 11:42:11.223506 [ 16413 ] {} <Error> CertificateReloader: Cannot obtain modification time for key file /etc/clickhouse-server/server.key, skipping update. errno: 2, strerror: No such file or directory
2023.02.25 11:42:11.224947 [ 16413 ] {} <Error> CertificateReloader: Poco::Exception. Code: 1000, e.code() = 0, SSL context exception: Error loading private key from file /etc/clickhouse-server/server.key: error:02000002:system library:OPENSSL_internal:No such file or directory (version 22.2.2.1)
- The configurations are consistent, and the preliminary judgment is that the network environment is different. After checking the customer's network configuration, it is found that only ipv4 is set on the customer's network, and ipv6 is disabled. Checked the configuration file of clickhouse and found that there are different configurations for ipv4/6
deal with
clickhouseThe network access service configuration is inconfig.xmlthe file (/etc/clickhouse-serverby ), specifically here, as follows:
<!-- Listen specified address.
Use :: (wildcard IPv6 address), if you want to accept connections both with IPv4 and IPv6 from everywhere.
Notes:
If you open connections from wildcard address, make sure that at least one of the following measures applied:
- server is protected by firewall and not accessible from untrusted networks;
- all users are restricted to subset of network addresses (see users.xml);
- all users have strong passwords, only secure (TLS) interfaces are accessible, or connections are only made via TLS interfaces.
- users without password have readonly access.
See also: https://www.shodan.io/search?query=clickhouse
-->
<listen_host>::</listen_host>
<!-- Same for hosts without support for IPv6: -->
<!-- <listen_host>0.0.0.0</listen_host> -->
<!-- Default values - try listen localhost on IPv4 and IPv6. -->
<!--
<listen_host>::1</listen_host>
<listen_host>127.0.0.1</listen_host>
-->
<!-- Don't exit if IPv6 or IPv4 networks are unavailable while trying to listen. -->
<!-- <listen_try>0</listen_try> -->
- The translation explains roughly that ipv4 and ipv6 are written differently. If ipv4/6 is enabled, use it
<listen_host>::</listen_host>; if only ipv4 is used, use<listen_host>0.0.0.0</listen_host> - After reading the comments of the configuration file, you have already understood it, and you can deal with it accordingly. You can modify the configuration according to different network environments.
other possible causes
- The clickhouse service is not started, or the server is not connected to the Internet
- The clickhouse startup error reported that the service was terminated (for example, file damage caused by abnormal power failure), and the service was not provided normally
[Solved] Abnormal power failure file damage clickhouse can not start: filesystem error Structure needs cleaning
server forced shutdown, abnormal power failure, etc. lead to clickhouse data damage Suspiciously many broken parts to remove
- The application service and the clickhouse service network are disconnected and cannot be accessed
- The clickhouse service restricts the access ip, which is not within the allowed range
- Incorrect username and password, access denied
- The accessed database or table does not exist, other errors are reported, etc.