I'm going to deploy a website to Azure using MongoLab, but I got into a bit of confusion.
When I log to MongoLab site I get one Uri, but in the Azure site, if I hit connection string I get a different one. The Azure one is quite long and there is no space for putting user and password.
I get the Azure connection string when I select it in the main management site and hit the Connection Info button below. The other one I see it in the MongoLab site.
Also, I made the MongoLab DB from within the Azure Portal.
The connection string I see in Azure is this
mongodb://AzureAppServiceName:M.qKtufxLrRxv.1SwDBKelfkchdjCe08Cmv79lvTD2I-#ds035747.mongolab.com:port/DBName
And the one in MongoLab site is this:
mongodb://<dbuser>:<dbpassword>#ds035747.mongolab.com:port/DBName
Which one should I use?
I'm wondering that one is for direct connection to MongoLab when there is no restriction of ports whatsoever, such as development, and the other one is to connect when the site is deployed because of internal network restrictions in the Azure infrastructure.
Is this understanding correct?
The connection string provided in the MongoLab UI is a template that can be used when constructing your own URI when you create database users of your own.
When you provision a MongoLab database using the MongoLab addon in the Azure store, MongoLab passes the connection URI we generate to Azure. This pre-generated URI is the one available in the "Connection Info" section of the addon screen.
You can immediately use that URI in the connection info screen as suggested in the Quick Start provided at the top of this article: http://azure.microsoft.com/en-us/documentation/articles/store-mongolab-web-sites-dotnet-store-data-mongodb/. The quick start provides the steps for transferring the addon connection info to the environment variables of an Azure website.
It is also, as other responses suggest, entirely plausible to use that URI elsewhere or to create your own username and password after SSOing to MongoLab (using the URI template at the top of the page to construct a URI of your own).
Don't hesitate to email us at support#mongolab.com directly if you have any questions!
Sincerely,
Eric#MongoLab
You should go with the one provided when you go to the details of your database on the MongoLab site. It should look like this
mongodb://<dbuser>:<dbpassword>#ds048537.mongolab.com:48537/<databasename>
I don't know what kind of connection string Azure is showing you, but the format above works pretty well on Azure.
Related
In our organization, we are having common credentials to access the postgres databases, which every developers know, as it is hardcoded in application's connection string. Due to which, whenever a DML/DDL changes happens on databases, it is hard for us trace, as the developers use to make changes on their own. We can't have individual logins for each developers which is tedious to manage.
Note: Also, we can't ensure that the credentials won't be shared with the peer developers.
To get rid of this, we thought of integrating Postgres with Azure Active Directory, for Authentication.
If we can map Azure AD group/users to Postgres, security will be tightened as well as maintenance overhead will also reduce.
But, I couldn't find a article to implement this, since most of the articles says the integration for Azure managed postgresql with Azure AD, and not for the postgres running on VMs.
Can anyone guide me or share a detailed article to implement the Azure AD integration for Postgres running on a VM(IaaS)
In Azure portal go to the postgresql database select Authentication and set active directory admin.
You can specify an Azure AD group instead of an individual user to have multiple administrators.
Connecting to postgresql :
1.Login to Azure subscription.
2.Get the access token of the postgresql serverusing below command:
az account get-access-token --resource https://ossrdbms-aad.database.windows.net
3.Use that token as password for login with postgresql server.
Creating user
CREATE USER "user1#yourtenant.onmicrosoft.com" IN ROLE azure_ad_user;
Token validation:
Token is signed by Azure AD and has not been tampered with
Token was issued by Azure AD for the tenant associated with the server
Token has not expired
Token is for the Azure Database for PostgreSQL resource (and not another Azure resource)
Reference Link: Use Azure Active Directory - Azure Database for PostgreSQL - Single Server | Microsoft Learn
Using Azure Active Directory is a great idea for the reasons you specified, but unfortunately there's no native support for connection to Azure Active Directory with a local Postgres database (which is essentially what you have with Postgres in a VM). It can be done through the LDAP protocol, however.
FULL DISCLOSURE: I haven't actually done this part myself (or used the steps in the tutorial link), but this is my understanding from working with system operators. Use LDAP to connect to Azure AD then Postgres to connect via LDAP. More information on LDAP authentication in Postgres can be found here.
Bhavani's answer is about Azure Database for PostgreSQL, which is a Azure-native database service. This part I have used and I highly recommend it; you get Azure AD integration and can manage the database performance and connectivity specifically without having to also manage VM performance. Note that their screenshot is for the Flexible Server while the reference link says 'Single Server'; I recommend Flexible Server.
I am have AWS EC2 Server with my App Backend and Database there.
My new developer needs to upload few things in the Database and update Backend code but I don't want to give him the PEM.
He needs to SSH
Whats the best possible way to do it? I was thinking of creating an IAM User for him - but I only want him to give SSH Access, so permission would that be? I could only find a general full permission EC2 which would also give him permission to edit the Security Group and things like that.
I do trust him well, but I just don't want to give him full access in general.
What can I do?
Why not allow your developer to connect using session manager.
If you use this he can access the environment either in his browser or via the AWS CLI.
He should be able to mimic a regular session but without having the key, then when he's done you remove the permissions of the server. You can also enable logging to check the history of his sessions actions.
If you want to update code you should at some point take a look at using code deploy to have the code automatically rolled out without even accessing the server.
I have two mongo databases created in mLab. The first one is created directly from my personal account on mLab.
mongodb://nottheactualuser:123456#ds011168.mlab.com:11168/db1
The other was created from Microsoft Azure Portal > Marketplace.
mongodb://nottheactualuser:123456#ds064278.mlab.com:64278/db1
The first one is connecting successfully while the other one created from Azure is producing this error.
Connection error: MongoError: getaddrinfo ENOTFOUND
Has anyone encountered this yet? How do I solve this? Thanks.
Upon contacting the mlab support they told me this.
I cannot use the URL directly from mLab -
-Because the ICMP protocol is not permitted through the Azure load balancer, you will notice that you are unable to ping an Azure VM from the internet. You can read more about that here: https://blogs.msdn.microsoft.com/mast/2014/06/22/use-port-pings-instead-of-icmp-to-test-azure-vm-connectivity/
my mistake was I assumed that it would be fine to use the link directly from mLab. So I search further more and I came across with this post.
TL;DR
Login you youre azure classic portal
Navigate to Market Place and select your mLab database and click connection info.
A window will appear containing the MONGOLAB_URI you needed.
Copy and use that.
And lastly don't be like me.
I hope this helps.
Is there a way to get the server info of my VSO account and access using SQL Server?
I've tried logging in using the URL
{account}.visualstudio.com
But I got a sever not found error
No, the back-end databases are SQL Azure instances, different from the TFS on-premise databases. I cannot see MS ever giving you access to the database - maybe the data, but not the database.
You can only use the API (old and new REST) and Power BI tools to perform queries.
If you have a specific problem you are trying to solve, post it as a new question because it may be possible without database access.
When I bind SQL Database service to an application I can see credentials from application panel. But in case I've created a service and would like to work with it before I'm binding to any application, is it possible? I haven't find a way to see credentials, only internal tools to work with database.
Thank you.
Once you provision a new SQL Database instance, you need to enter the service details page in bluemix, find the 'Launch' button to go to the service page which will open up separately. On the service page go to Set up `-->` Connect Applications `-- >` Connection settings. You will get all the connection details except the username and password.
If you are not able to resolve the username and password then you have got two alternatives :-
1. Create a dummy application, bind it to your SQL Database, get the credentials from VCAP_SERVICES, and you can use them externally.
2. If you are looking for something only on `DB2` then you have another alternative called `DashDB` available in Bluemix. Here the settings are well defined, credentials are clearly available and will work even without binding the service to an application.
Hope this helps you. Thanks.