一、开头:运维中的 "诡异" 现象
上周三,团队突然接到业务反馈:数据库能正常执行查询、写入数据,但通过netstat和ss命令查看端口时,却发现找不到数据库的端口,但是进程依然存在,最后通过数据库启动日志和数据库操作发现了数据库端口诡异的变成了0------ 要知道,端口 0 是系统预留的 "动态端口标识",正常情况下数据库服务会绑定在预设的固定端口(如 MySQL 的 3306、PostgreSQL 的 5432)。更奇怪的是,日志中没有任何 "端口绑定失败""权限不足" 的报错信息,重启数据库服务后,端口依旧是 0。我们先排除了端口被占用、防火墙拦截、服务进程异常等常规问题,直到检查my.cnf(MySQL 配置文件)时,才发现skip-grant-tables参数被意外启用 ------ 这个看似只与权限跳过相关的配置,竟成了端口变 0 的 "罪魁祸首"。
二、问题解析
在公司遇到此问题,还是用户使用登录平台时发现了系统的验证码无论无何都刷新不出来,显示空白,于是就联系了项目,项目联系我们处理。
为了还原此场景,我特意搭建了一个wordpress平台来测试和还原。
1. 还原问题
现在可以看到数据库时正常运行的
bash
[root@yam ~]# systemctl status mysql
● mysql.service - MySQL Community Server
Loaded: loaded (/usr/lib/systemd/system/mysql.service; enabled; preset: enabled)
Active: active (running) since Fri 2025-11-07 09:56:14 CST; 1h 23min ago
Invocation: edfc86a6bf1e4a8e8f31fb8752134c5e
Main PID: 6526 (mysqld)
Status: "Server is operational"
Tasks: 38 (limit: 3911)
Memory: 485.9M (peak: 485.9M)
CPU: 1min 25.872s
CGroup: /system.slice/mysql.service
└─6526 /usr/sbin/mysqld
Nov 07 09:56:13 yam systemd[1]: Starting mysql.service - MySQL Community Server...
Nov 07 09:56:13 yam mysqld[6526]: 2025-11-07T01:56:13.533255Z 0 [System] [MY-015015] [Server] MySQL Server - start.
Nov 07 09:56:13 yam mysqld[6526]: 2025-11-07T01:56:13.744263Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.4.6-0ubuntu3) starting as process 6526
Nov 07 09:56:13 yam mysqld[6526]: 2025-11-07T01:56:13.748932Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
Nov 07 09:56:13 yam mysqld[6526]: 2025-11-07T01:56:13.973172Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
Nov 07 09:56:14 yam mysqld[6526]: 2025-11-07T01:56:14.161934Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
Nov 07 09:56:14 yam mysqld[6526]: 2025-11-07T01:56:14.161983Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported>
Nov 07 09:56:14 yam mysqld[6526]: 2025-11-07T01:56:14.184739Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.4.6-0ubuntu3' socket: '/var/run>
Nov 07 09:56:14 yam mysqld[6526]: 2025-11-07T01:56:14.184749Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '::' port: 33060, socket: /var/run/mysq>
Nov 07 09:56:14 yam systemd[1]: Started mysql.service - MySQL Community Server.加入skip-grant-tables配置并重启数据库
由于这里时测试环境,所以就随便写了几个配置,但是生产环境中一般会结合机器的配置去对数据库进行优化处理,配置可以达到上百行。
bash
[root@yam ~]# cat /etc/mysql/my.cnf
[mysqld]
# 基础设置
skip-grant-tables
datadir=/var/lib/mysql
socket=/var/run/mysqld/mysqld.sock
user=mysql
port=3306
pid-file=/var/run/mysqld/mysqld.pid重启数据库
bash
[root@yam ~]# systemctl restart mysql
[root@yam ~]# systemctl status mysql
● mysql.service - MySQL Community Server
Loaded: loaded (/usr/lib/systemd/system/mysql.service; enabled; preset: enabled)
Active: active (running) since Fri 2025-11-07 11:20:55 CST; 2s ago
Invocation: f3d8e895c7244eaab4f42a213f518a31
Process: 23627 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
Main PID: 23638 (mysqld)
Status: "Server is operational"
Tasks: 34 (limit: 3911)
Memory: 477.3M (peak: 477.3M)
CPU: 929ms
CGroup: /system.slice/mysql.service
└─23638 /usr/sbin/mysqld可以看到虽然我们的数据库正常运行,但是业务这边已经开始显示连接数据库失败了,然后我们就要去排查。
2. 排查问题
bash
# 状态没有问题
[root@yam ~]# systemctl status mysql
● mysql.service - MySQL Community Server
Loaded: loaded (/usr/lib/systemd/system/mysql.service; enabled; preset: enabled)
Active: active (running) since Fri 2025-11-07 11:20:55 CST; 4min 8s ago
Invocation: f3d8e895c7244eaab4f42a213f518a31
Process: 23627 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
Main PID: 23638 (mysqld)
Status: "Server is operational"
Tasks: 33 (limit: 3911)
Memory: 477.1M (peak: 477.8M)
CPU: 5.034s
CGroup: /system.slice/mysql.service
└─23638 /usr/sbin/mysqld
# 防火墙没有问题
[root@yam ~]# systemctl status ufw
○ ufw.service - Uncomplicated firewall
Loaded: loaded (/usr/lib/systemd/system/ufw.service; disabled; preset: enabled)
Active: inactive (dead)
Docs: man:ufw(8)
[root@yam ~]#
# 网络没有问题
[root@yam ~]# ping www.baidu.com
PING www.a.shifen.com (180.101.49.44) 56(84) bytes of data.
64 bytes from 180.101.49.44: icmp_seq=1 ttl=128 time=32.2 ms
64 bytes from 180.101.49.44: icmp_seq=2 ttl=128 time=16.1 ms
^C
--- www.a.shifen.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 16.127/24.162/32.198/8.035 ms
# 监控没有告警,但还是排查一下资源也没有问题
[root@yam ~]# free -h
total used free shared buff/cache available
Mem: 3.3Gi 1.1Gi 891Mi 31Mi 1.6Gi 2.2Gi
Swap: 0B 0B 0B
[root@yam ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
tmpfs tmpfs 336M 1.6M 334M 1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv ext4 48G 7.5G 39G 17% /
tmpfs tmpfs 1.7G 0 1.7G 0% /dev/shm
tmpfs tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs tmpfs 1.7G 0 1.7G 0% /tmp
tmpfs tmpfs 1.0M 0 1.0M 0% /run/credentials/systemd-journald.service
tmpfs tmpfs 1.0M 0 1.0M 0% /run/credentials/systemd-resolved.service
tmpfs tmpfs 1.0M 0 1.0M 0% /run/credentials/systemd-networkd.service
/dev/sda2 ext4 2.0G 121M 1.7G 7% /boot
tmpfs tmpfs 1.0M 0 1.0M 0% /run/credentials/getty@tty1.service
tmpfs tmpfs 336M 8.0K 336M 1% /run/user/0在对服务进行排查
bash
# 数据库运行但是连接拒绝?
[root@yam ~]# telnet 127.0.0.1 3306
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
# 找不到端口?
[root@yam ~]# netstat -nltup |grep -E 'mysql|3306'
# 进程却存在
[root@yam ~]# ps -ef |grep mysql
mysql 23638 1 1 11:20 ? 00:00:07 /usr/sbin/mysqld
# 看一下是不是my.cnf的端口指定错了,发现并没有
[root@yam ~]# grep -i 'port' /etc/mysql/my.cnf
port=3306
# 看一下服务日志,好像也没看到啥问题
[root@yam ~]# cat /var/log/mysql/error.log
2025-11-07T01:51:42.570005Z 0 [System] [MY-015017] [Server] MySQL Server Initialization - start.
2025-11-07T01:51:42.571133Z 0 [System] [MY-013169] [Server] /usr/sbin/mysqld (mysqld 8.4.6-0ubuntu3) initializing of server in progress as process 5468
2025-11-07T01:51:42.577478Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2025-11-07T01:51:43.392260Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2025-11-07T01:51:44.347714Z 6 [Warning] [MY-010453] [Server] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option.
2025-11-07T01:51:45.122462Z 6 [System] [MY-013172] [Server] Received SHUTDOWN from user boot. Shutting down mysqld (Version: 8.4.6-0ubuntu3).
2025-11-07T01:51:48.273198Z 0 [System] [MY-015018] [Server] MySQL Server Initialization - end.
2025-11-07T01:51:48.802892Z 0 [System] [MY-015015] [Server] MySQL Server - start.
2025-11-07T01:51:49.243164Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.4.6-0ubuntu3) starting as process 5585
2025-11-07T01:51:49.254668Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2025-11-07T01:51:50.333709Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2025-11-07T01:51:50.812406Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2025-11-07T01:51:50.812427Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel.
2025-11-07T01:51:50.836316Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.4.6-0ubuntu3' socket: '/var/run/mysqld/mysqld.sock' port: 3306 (Ubuntu).
2025-11-07T01:51:50.836308Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '127.0.0.1' port: 33060, socket: /var/run/mysqld/mysqlx.sock
2025-11-07T01:55:40.778838Z 0 [System] [MY-013172] [Server] Received SHUTDOWN from user <via user signal>. Shutting down mysqld (Version: 8.4.6-0ubuntu3).
2025-11-07T01:55:42.239963Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.4.6-0ubuntu3) (Ubuntu).
2025-11-07T01:55:42.239980Z 0 [System] [MY-015016] [Server] MySQL Server - end.于是我就想进入数据库看一下是不是数据库出了问题,就在我测试数据库功能的时候找到了这个问题.
3. 发现问题
bash
[root@yam ~]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 8.4.6-0ubuntu3 (Ubuntu)
Copyright (c) 2000, 2025, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
| wordpress |
+--------------------+
5 rows in set (0.01 sec)
mysql> create user test@'%' identified by '123456';
ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
mysql> 4. 解决问题
把数据库的my.cnf配置中skip-grant-tables配置给删除掉,重启数据库就正常了。
其实还是自己侥幸觉得没有人会动数据库的其他配置,然后查看my.cnf的时候只过滤了port字段。
查看数据库状态
bash
[root@yam ~]# systemctl status mysql
● mysql.service - MySQL Community Server
Loaded: loaded (/usr/lib/systemd/system/mysql.service; enabled; preset: enabled)
Active: active (running) since Fri 2025-11-07 11:33:56 CST; 3min 26s ago
Invocation: 5d2fb21b6df94d58a7a24da1956f8245
Process: 23832 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
Main PID: 23841 (mysqld)
Status: "Server is operational"
Tasks: 36 (limit: 3911)
Memory: 475.7M (peak: 475.8M)
CPU: 4.193s
CGroup: /system.slice/mysql.service
└─23841 /usr/sbin/mysqld
# 端口也出现了
[root@yam ~]# netstat -nltup |grep -E 'mysql|3306'
tcp6 0 0 :::3306 :::* LISTEN 23841/mysqld
tcp6 0 0 :::33060 :::* LISTEN 23841/mysqld 业务也恢复了。
三、配置细节里的 "坑" 与经验
这次排查让我们深刻意识到:数据库的 "异常现象" 往往藏在看似不相关的配置细节里。skip-grant-tables本是用于忘记 root 密码时的临时救急参数,却因启用后跳过了权限校验环节,间接影响了端口绑定的初始化逻辑(部分数据库在权限校验环节会同步确认端口合法性)。这也提醒我们:任何配置修改(尤其是 "特殊功能参数")都需经过灰度验证,且修改后要全面检查服务状态(包括端口、日志、进程信息),而非仅关注核心功能是否可用。