max_user_connections 与 max_connections,max_connect_errors, nr_open, file-max

LINUX文件设置：

ulimit -n <num>  ----> [/etc/profile,/.bashrc] ---->/etc/security/limits.conf [* soft|hard  nofile  <num>  ] ------>/proc/sys/fs/nr_open-----> /proc/sys/fs/file-max ----->/etc/sysctl.conf

LINUX 连接设置:

ulimit -u  <num>  ------->[/etc/profile,/.bashrc]--------->/etc/security/limits.conf[* soft|hard  nproc <num>]

 mysql 应用程连接设置：my.cnf

[mysqld]
max_connections=4
max_connect_errors=3

最大用户连接:

max_user_connections     3    //针对同一用户的链接

所有用户连接之和：

max_connections         4    //所有用户连接的和

实验：

会话1

[root@localhost ~]# mysql -uroot -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 1
Server version: 5.6.28-debug-log Source distribution

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

会话2

[root@localhost ~]# mysql -uroot -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 1
Server version: 5.6.28-debug-log Source distribution

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

会话3

[root@localhost ~]# mysql -uroot -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 1
Server version: 5.6.28-debug-log Source distribution

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

会话4：

[root@localhost ~]# mysql -uroot -p                           //root 用户 more than 'max_user_connections'

Enter password: ERROR 1203 (42000): User root already has more than 'max_user_connections' active connections



[root@localhost ~]# mysql -umysql -p                          //mysql用户可登陆
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 5
Server version: 5.6.28-debug-log Source distribution

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

会话5：

Last login: Thu Jul  7 01:04:28 2016 from 192.168.1.152
[root@localhost ~]# mysql -umysql -p
Enter password: 
ERROR 1040 (08004): Too many connections     已超过最大连接数
[root@localhost ~]# 

max_connect_errors:

mysql的这个参数指的是网络错误  

密码错误并不算在内,尝试用for循环尝试密码的用户host并不会block

以下是mysql非常出名的分支percona的cto关于max_connect_errors的评论

There seems to be confusion around that variable.

It does not really block hosts for repeated invalid passwords but for aborted connections due to network errors.

模拟网络错误：max_connect_errors=1
http://www.cnblogs.com/ivictor/p/5311607.html

[root@localhost ~]# telnet 192.168.1.26 3306
Trying 192.168.1.26...
Connected to 192.168.1.26 (192.168.1.26).
Escape character is '^]'.
jHost '192.168.1.26' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'Connection closed by foreign host.

[root@localhost ~]# mysql -h192.168.1.26 -p -uroot 
Enter password: 
ERROR 1129 (HY000): Host '192.168.1.26' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'


[root@localhost ~]# mysql -h192.168.1.26 -p -uroot
Enter password: 
ERROR 1129 (HY000): Host '192.168.1.26' is blocked because of many connection errors; unblock with 'mysqladmin flush-host'

一、程序运行一段时间后，tomcat启动后，连接池不能使用，拿不到数据库连接，查看catalina.out发现如下错误：
[http-80-35] ERROR sls.database.DBConn - org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create Poola
bleConnectionFactory (null,  message from server: Host localhost is blocked because of many connection errors; unblock with mysqladmin flush-hosts)

二、出现的原因：
数据库的错误链接处达到最大，数据库服务器拒绝连接。
由于出现某台host连接错误次数等于max_connect_errors（默认10） ，主机'host_name'再次尝试时被屏蔽。可有效反的防止dos攻击，使用'mysqladmin flush-hosts'解除屏蔽。

【连接次数失败过多,并超过max_connect_erros的值后，服务器会直接拒绝来源机器的所有连接，只要把 mysql server默认 max_connect_errors = 10
把这个值设置大点就好了，记得一定要执行mysqladmin flush-hosts命令来解锁，原来的主机才可以恢复正常连接的．】

三、解决方案：
1.查看数据库允许的错误链接数：
     show status 看那个abort_client.

2.运行：
mysqladmin flush-hosts命令，解除数据库的连接屏蔽，重新允许数据库被访问。

3.也可以重启mysql数据库，这样，也可以将错误链接数清零。

4.修改my.inf或者：my.cnf修改max_connect_errors的值，可以适当大些。
配置文件中，如果没有此键值，请在[mysqld]内增加该值。
# Maximum amount of errors allowed per host. If this limit is reached,
# the host will be blocked from connecting to the MySQL server until
# "FLUSH HOSTS" has been run or the server was restarted. Invalid
# passwords and other errors during the connect phase result in
# increasing this value. See the "Aborted_connects" status variable for
# global counter.
max_connect_errors = 8000

[mysqld]
max_connections=xx
max_connect_errors=xx
max_user_connections=xx