I have an Azure database server which I need to obtain the connection string for by way of command line. However, it is telling me that the "az postgres server show-connection-string" is not right, that "show-connection-string" is not recognized. I did a copy and paste from the Microsoft documentation but it gives the error, and I can't seem to find the answer. I could use a hand obtaining the connection string. Here is my CLI command:
az postgres server show-connection-string --server-name myserver1 --admin-user myuser#myserver --admin-password mypassword
Ensure you are running the latest version of the Azure CLI. As of this answer, the latest is 2.26.0 but I got this command to run in CloudShell which is running 2.25.0.
ken#Azure:~$ az postgres server show-connection-string --server-name myserver1 --admin-user myuser#myserver --admin-password mypassword
{
"connectionStrings": {
"C++ (libpq)": "host=myserver1.postgres.database.azure.com port=5432 dbname={database} user=myuser#myserver#myserver1 password=mypassword sslmode=require",
"ado.net": "Server=myserver1.postgres.database.azure.com;Database={database};Port=5432;User Id=myuser#myserver#myserver1;Password=mypassword;",
"jdbc": "jdbc:postgresql://myserver1.postgres.database.azure.com:5432/{database}?user=myuser#myserver#myserver1&password=mypassword",
"node.js": "var client = new pg.Client('postgres://myuser#myserver#myserver1:mypassword#myserver1.postgres.database.azure.com:5432/{database}');",
"php": "host=myserver1.postgres.database.azure.com port=5432 dbname={database} user=myuser#myserver#myserver1 password=mypassword",
"psql_cmd": "postgresql://myuser#myserver#myserver1:mypassword#myserver1.postgres.database.azure.com/{database}?sslmode=require",
"python": "cnx = psycopg2.connect(database='{database}', user='myuser#myserver#myserver1', host='myserver1.postgres.database.azure.com', password='mypassword', port='5432')",
"ruby": "cnx = PG::Connection.new(:host => 'myserver1.postgres.database.azure.com', :user => 'myuser#myserver#myserver1', :dbname => '{database}', :port => '5432', :password => 'mypassword')"
}
}
Related
Trying to deploy Strapi on Heroku with Postgres as described here
https://strapi.io/documentation/v3.x/deployment/heroku.html
But I get this error
error: no pg_hba.conf entry for host "84.212.51.43", user "ssqqeaz***", database "d6gtu***", SSL off
I use Heroku Postgres add-on.
My database config:
module.exports = ({ env }) => ({
defaultConnection: 'default',
connections: {
default: {
connector: 'bookshelf',
settings: {
client: 'postgres',
host: env('DATABASE_HOST', '127.0.0.1'),
port: env.int('DATABASE_PORT', 27017),
database: env('DATABASE_NAME', 'strapi'),
username: env('DATABASE_USERNAME', ''),
password: env('DATABASE_PASSWORD', ''),
},
options: {
ssl: true
},
},
},
});
Why? Please help!
try to change ssl : true into ssl : false
The current configuration you've posted will not work with a Heroku Postgres database. The primary concern here is that you're reading components of your postgres database url out of manually set config vars. This is very much recommended against by Heroku because they may need to move the database to a new host in the case of disasters. DATABASE_URL is set by Heroku when you create a database on an app and it's the one config var you can rely on to stay up-to-date. Moving on...
You will need to parse the username, password, host, port and database name out of the DATABASE_URL config var and supply those to the attributes of the settings block. Based on the error you provided, I can tell you're not presently doing this because Heroku databse usernames all start with a 'u', so something is very wrong if you get the error user "ssqqeaz***". As a first step you might try hard coding these values in the settings block to make sure it works (make sure to rotate the credentials after you do it, or otherwise clean up your git history to prevent leaked creds). The pattern for a postgres connection url is something like this: postgres:// $USERNAME : $PASSWORD # $HOSTNAME : $PORT / $DATABASE_NAME.
Not sure if it will help moving your config around...
remove ssl from option Key
insert ssl after password inside of settings Key
eg.
ssl: env.bool('DATABASE_SSL', false),
also check your app config vars inside of Heroku and make sure you have the required postgres config vars setup and they match the heroku generated DATABASE_URL config var.
lastly check your ./config/server.js file and make sure your host is 0.0.0.0
eg.
module.exports = ({ env }) => ({
host: env('HOST', '0.0.0.0'),
port: env.int('PORT', 1337),
admin: {
auth: {
secret: env('ADMIN_JWT_SECRET', '**********************************'),
},
},
});
I try to connect on my Aurora Postgres database with IAM user form my local machine but i have the following error :psql: FATAL: PAM authentication failed for user "test-rds"
Command for create user on db :
CREATE USER test-rds WITH LOGIN;
GRANT rds_iam TO test-rds;
I have create this policy and attach it to my IAM user.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds-db:connect"
],
"Resource": [
"arn:aws:rds-db:eu-west-1:$account:dbuser:$db-id/test-rds",
]
}
]
}
Then test the following commands :
export PGPASSWORD=$(aws rds generate-db-auth-token --hostname $db-host --port $db-port --username test-rds --region eu-west-1)
psql "host=$db-host port=$db-port sslmode=require sslrootcert=rds-combined-ca-bundle.pem dbname=postgres user=test-rds"
If i try with an postgresql user i can access to my db but not with iam users i don't understand why.
Please help me ^^ !
The problem was solved when I adapted the following command :
export PGPASSWORD=$(aws rds generate-db-auth-token --hostname $db-host --port $db-port --username test-rds --region eu-west-1)
I have add AWS_PROFILE in my command.
export PGPASSWORD=$(AWS_PROFILE=test-rds aws rds generate-db-auth-token --hostname $db-host --port $db-port --username test-rds --region eu-west-1)
Everything seems to be perfect except the authentication part.Can you generate temporary credentials as shown below and try connecting to database.It should work.
$ creds=$(aws sts assume-role --role-arn arn:aws:iam::ACC-ID:role/testauth --role-session-name test)
$ echo $creds
{ "AssumedRoleUser": { "AssumedRoleId": "XXXXXXXXXXXXXX:test", "Arn": "arn:aws:sts::XXXXXXXXXXXX:assumed-role/testauth/test" }, "Credentials": { "SecretAccessKey": "+xxxx/XXXXXXXXXXX+g0mdOo7vyfloot07", "SessionToken": "xxxxXIvYXdzEJP//////////XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+AO0fnzvmfGkd1QWLWdeVSOi4DTHabXYJZeBN6gYltigFnd61koyAMVD4Yw/eCi/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+XXXXXXXXXXXXXXX+wgs22LnfYwy4Kqhh7NCK7Gk6VXQ518MdlVmFBxyko5ffx3QU=", "Expiration": "2018-10-09T10:59:01Z", "AccessKeyId": "XXXXXXXXXXXXXXXXXXX" } }
Export dynamic variable for the session:
______________________________
$ export AWS_ACCESS_KEY_ID="XXXXXXXXXXXXXXXXXXX"
$ export AWS_SECRET_ACCESS_KEY="+xxxx/kHESRK32Fso+g0mdOo7vyfloot07"
$ export AWS_SESSION_TOKEN="xxxxIvYXdzEJP//////////wEaDO2IFbHyBBMLuswSXiLoARHDVo6yvQnxsKCis62f4nmmmGBMJYXCLWoKSuMcVgn5Aw+xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/eCi/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+i3OLpjWQw+wgs22LnfYwy4Kqhh7NCK7Gk6VXQ518MdlVmFBxyko5ffx3QU="
Generate Token:
_______________
$ export PGPASSWORD="$(aws rds generate-db-auth-token --hostname=testauth.xxxxxxxxxx.us-west-2.rds.amazonaws.com --port=5432 --username=testcustom --region us-west-2)"
Try Connections( should work):
_______________
$ psql -h testauth.xxxxxxxxxx.us-west-2.rds.amazonaws.com -p 5432 "dbname=testauth user=testcustom sslrootcert=/home/ec2-user/rds-combined-ca-bundle.pem sslmode=verify-ca"
psql (9.2.24, server 10.4)
WARNING: psql version 9.2, server version 10.0.
Some psql features might not work.
SSL connection (cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256)
Type "help" for help.
In knex documentation of configuration of knexfile.js for PostgreSQL, they have a property called client, which looks this way:
...
client: 'pg'
...
However, going through some other projects that utilize PostgreSQL I noticed that they have a different value there, which looks this way:
...
client: 'postgresql'
...
Does this string correspond to the name of some sort of command line tool that is being used with the project or I misunderstand something?
Postgresql is based on a server-client model as described in 'Architectural Fundamentals'
psql is the standard cli client of postgres as mentioned here in the docs.
A client may as well be a GUI such as pg-admin, or a node-package such as 'pg' - here's a list.
The client parameter is required and determines which client adapter will be used with the library.
You should also read the docs of 'Server Setup and Operation'
To initialize the library you can do the following (in this case on localhost):
var knex = require('knex')({
client: 'mysql',
connection: {
host : '127.0.0.1',
user : 'your_database_user',
password : 'your_database_password',
database : 'myapp_test'
}
})
The standard user of the client deamon ist 'postgres' - which you can use of course, but its highly advisable to create a new user as stated in the docs and/or apply a password to the standard user 'postgres'.
On Debian stretch i.E.:
# su - postgres
$ psql -d template1 -c "ALTER USER postgres WITH PASSWORD 'SecretPasswordHere';"
Make sure you delete the command line history so nobody can read out your pwd:
rm ~/.psql_history
Now you can add a new user (i.E. foobar) on the system and for postgres
# adduser foobar
and
# su - postgres
$ createuser --pwprompt --interactive foobar
Lets look at the following setup:
module.exports = {
development: {
client: 'xyz',
connection: { user: 'foobar', database: 'my_app' }
},
production: { client: 'abc', connection: process.env.DATABASE_URL }
};
This basically tells us the following:
In dev - use the client xyz to connect to postgresqls database my_app with the user foobar (in this case without pwd)
In prod - retrieve the globalenv the url of the db-server is set to and connect via the client abc
Here's an example how node's pg-client package opens a connection pool:
const pool = new Pool({
user: 'foobar',
host: 'someUrl',
database: 'someDataBaseName',
password: 'somePWD',
port: 5432,
})
If you could clarify or elaborate your setup or what you like to achieve a little more i could give you some more detailed info - but i hope that helped anyways..
I'm trying to write a MongoDB script as part of automating customer data deletion in accordance with GDPR (current process is manual), but I'm having problems authenticating from the script. Authentication works perfectly from the command line, but not from a script.
I'm not certain which mechanism I should use, but since there are only two that don't require external files (which I don't use in the command line), I figured I'd try both.
When running from the command line, this is the command I use:
$ mongo -u [adminusr] -p '[adminpwd]' --authenticationDatabase admin
This script:
var host = '127.0.0.1';
var port = '27017';
var user = 'admin';
var pwd = 'secrets';
var authDB = 'admin';
try {
var conn = new Mongo('mongodb://' + host + ':' + port + '/' + authDB);
conn.auth({
user: user,
pwd: pwd,
mechanism: 'SCRAM-SHA-1',
digest: false
});
// deletion commands...
} catch (e) {
print(e);
}
gives this error:
$ mongo erasure.js
MongoDB shell version v3.4.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.10
Error: Authentication failed.
Changing the auth part to this:
conn.auth({
user: user,
pwd: pwd,
mechanism: 'MONGODB-CR',
db: authDB,
digest: false
});
gives me this error:
$ mongo erasure.js
MongoDB shell version v3.4.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.10
Error: auth failed
The official documentation on writing MongoDB scripts and authentication is also very scarce on how to do this.
How can I get the auth to work?
Thanks.
I'm trying to connect to my Heroku PostgreSQL database but I have the following error :
cannotEstablishConnection("FATAL: no pg_hba.conf entry for host \"37.167.93.189\", user \"clpnkpyttmdtyq\", database \"d3h6147v73mgtu\", SSL off\n")
I know that Heroku postgres databases need to use an SSL connection but I don't know how to configure the connection on my Droplet object.
This is my postgresql.json configuration file :
{
"host": "ec2-54-163-224-108.compute-1.amazonaws.com",
"user": "clpnkpyttmdtyq",
"password": "99201aa07c48e18e7bdf210937857b85bee37cd8d8cb904381b1ddff934c7a4f",
"database": "d3h6147v73mgtu",
"port": 5432
}
Maybe there is ssl parameter that I don't know ?
How I add the VaporPostgresSQLProvider :
let drop = Droplet()
// Tell the droplet to use our SQL provider service
try drop.addProvider(VaporPostgreSQL.Provider.self)
Any ideas ?
When I try with my local postgres database, it works, because it don't need ssl connection.
For Heroku we need unverifiedTLS transport.
https://api.vapor.codes/postgresql/latest/PostgreSQL/Classes/PostgreSQLConnection/TransportConfig.html
let pgURL = Environment.get("DATABASE_URL") ?? "postgres://user:password#host:port/database"
let pgConfig = PostgreSQLDatabaseConfig(url: pgURL, transport: PostgreSQLConnection.TransportConfig.unverifiedTLS)!
it's a process that personally cost me a lot, this solution works for me, try this
On file Config > secrets > postgresql.json add this configuration (for use on local or remote, if this file not exist, create this)
{
"host": "127.0.0.1",
"user": "your_user_pc",
"password": "",
"database": "your_user_pc",
"port": 5432
}
The user can get it from Terminal
$ cd ~
On your file Procfile (sited on your project, show via finder) edit and add this code
web: App --env=production --workdir="./"
web: App --env=production --workdir=./ --config:servers.default.port=$PORT --config:postgresql.url=$DATABASE_URL
Now you can re-launch your application to heroku, you should consider having the server configured correctly from heroku with all its credentials and add-ons of Postgresql from the interface of Heroku
Note: And do not forget every change you make, run "vapor build" or "vapor build --clean"
Vapor 4 + build stack heroku-20 + Heroku Postgres's standard plan
Rijel David's suggestion did the trick for me
But unverifiedTLS syntax has slightly changed
if let databaseURL = Environment.get("DATABASE_URL"), var postgresConfig = PostgresConfiguration(url: databaseURL) {
postgresConfig.tlsConfiguration = .forClient(certificateVerification: .none)
app.databases.use(.postgres(
configuration: postgresConfig
), as: .psql)
} else {
// ...
}
Check out Vapor doc - https://docs.vapor.codes/4.0/deploy/heroku/