I want to set up my database.yml (or wherever else is more appropriate) to ignore the SSL certificate when trying to connect to the database. I know this is bad practice but it is only a temporary thing that I need.
To give an example of what I'm trying to do, I want to mimic this SQL connection command:
mysql --ssl=0 -h 10.10.10.10 -u admincreds -p
I have tried putting each of the following parameters in the last line (sslca, sslkey, and sslcert) in my database.yml configuration as such:
development:
<<: *default
host: 10.10.10.10
username: admincreds
password: password
database: database
sslca/sslkey/sslcert: false
But I'm still getting the SSL error I expect:
.rvm/gems/ruby-2.2.2/gems/mysql2-0.3.21/lib/mysql2/client.rb:70:in `connect': SSL connection error: error:00000001:lib(0):func(0):reason(1) (Mysql2::Error)
Is there a different parameter I can put in that can skip over or not use ssl in database.yml or elsewhere? I just need to run a simple script.
According to mysql2 documentation you should set,
secure_auth: false
when using yaml conf for ActiveRecord connection.
The documentation points out:
ssl_mode: disabled
Worked for me.
Related
I'm learning Rails and my final app will be hosted on Heroku, which uses postgres, so I figured it'd be smart to work with postgres in development too as I'm building what is supposed to be a rather simple search function and want to avoid as many problems as possible actually deploying it.
Sadly, I'm using Ubuntu 14.04 so naturally the steps will be harder than on for example Windows.
Here's what I've done so far, which is a rather comical enterprise into a world that gives me nothing but problems at every step:
Actually installed postgresql. sudo apt-get install postgresql-9.4 as per the official website of course didn't work so I had to find a workaround (as always) but it should be installed now. I ran sudo apt-get install -y postgresql postgresql-contrib to get it working.
Tried logging in per some instructions with su postgres, but even after setting a password for su or using sudo su postgres that didn't work. Ended up creating a user with sudo -u postgres createuser -P my_user matching the name of my app. Created a database too.
Tried creating a new rails project with rails new my_app --database=postgresql. Didn't work as it complained lacking a pg gem (sorry for not pre-emptively making a Gemfile for you?) so I gave that up and just created it without specifying a database.
Removed the sqlite gem and added gem 'pg' in the Gemfile. Ran bundle install, but it didn't work. Had to run sudo apt-get install libpq-dev to install something I'm not sure what it is and then it worked.
Modified the database.yml as per some instructions and ran rake db:setup. Rails gave this error: FATAL: Peer authentication failed for user "my_user". Well, that's cool.
Not quite sure why, but I added a database here called my_app_development for it with the owner my_user but then db:setup instead complained that it lacked permissions to create a database (but I just created it FOR you?).
I ran chmod -R 0666 my_app as someone highly upvoted on SO suggested but holy shit that was bad as it didn't even give me permissions to enter the folder myself! Reverted that quickly and tried something else.
Someone suggested running psql -U my_user postgres but that only gives me the error psql: FATAL: Peer authentication failed for user "my_user"
Experimented logging in via psql postgres (I don't know what psql is, I'm just following suggestions) and tried ALTER ROLE my_user CREATEDB; but it only returns a permission denied error.
Officially gave up and came here.
Can anyone help me with the actual steps to follow from the beginning? It shouldn't be THIS hard, right?
By the way, this is what my database.yml looks like:
default: &default
adapter: sqlite3
pool: 5
timeout: 5000
development:
adapter: postgresql
encoding: unicode
database: my_app_development
host: localhost
pool: 5
username: my_user
password: my_password
test:
<<: *default
database: db/test.sqlite3
production:
<<: *default
database: db/production.sqlite3
Edit: Thanks alot to Ajay for walking me through how to setup postgres. If anyone comes across this thread, as frustrated as I am with postgres, here are a few pointers:
PG::InsufficientPrivilege: ERROR: permission denied to create database means the user doesn't have the right privileges. Log in via sudo -u postgres psql and you should see postgres=# before everything you type in the terminal. While there, type ALTER ROLE my_user CREATEDB; and it should work. I don't know why it didn't the first time I used that, perhaps I forgot sudo?
FATAL: Peer authentication failed for user "my_user" means you need to change some things in a file as per the instructions in one of the answers. Make sure to change it for both local and postgres. I have it set to md5 for everything but local and it works.
Login via sudo -u postgres psql and type `select * from pg_catalog.pg_user;' to check your current users. Good way to see if you created the user correctly and what privileges it has.
default: &default
adapter: sqlite3
pool: 5
timeout: 5000
Above adapter: sqlite3 is causing the error
Please try this:
default: &default
adapter: postgresql
pool: 5
timeout: 5000
development:
<<: *default
database: my_app_development
username: psql #postgres username
password: your_password #password
After you entered the valid postgres credentials(username/password) here. Try following in your terminal :
$ rake db:create #this will create your my_app_development database.
$ rake db:migrate #migrate your database.
5. Modified the database.yml as per some instructions and ran rake
db:setup. Rails gave this error: FATAL: Peer authentication failed
for user "my_user". Well, that's cool.
you need to open your pg_hba.conf (probally located at /etc/postgresql/9.4/main/pg_hba.conf) and change the authentication method from "peer" to "md5" (which will asks for password) or to "trust" (which will unsecuritly allow access without password).
To know where your pg_hba is located, execute this on your terminal (terminal of the machine where the postgresql are running):
ps ax | grep postgresql.conf
it should return something like:
8803 ? S 0:00 /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
look the folder where config_file is located. In this case is /etc/postgresql/9.4/main/. Inside this folder there's another configuration file called pg_hba.conf (the permissions file). Edit it (with super user):
sudo nano /etc/postgresql/9.4/main/pg_hba.conf
on the lasts lines you will see something like that:
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres trust
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
You see the "trust" references? In your default pg_hba.conf they should be "peer". In my example, I had changed to "trust" (i.e, doesn't ask for passwords) all local connections, because my postgresql server not accept outside connections. But you can change to "md5", which will permit access when the user provide the correct password.
After change this, save and exit (in nano is Ctrl+O, Enter to confirm, Ctrl+X to exit). Then, restart postgresql (sudo /etc/init.d/postgresql restart - maybe works with just a reload)
UPDATE:
DISCLAIMER:
although trusting your local connections will not create a hole security (unless, of course you are sharing the machine with anothers users), do it only for testing purposes - to discover where the problem is (if is a permission/pg_hba problem or not). After discover where the problem are, its more concise to have one specific user to your project and use an authentication for it ("md5", "peer").
Using one single user for all your projects on the machine (e.g. the "postgres" user), and/or not use an authentication ("trust"), is like create a Rails project and use just one generic controller, instead having a controller for each table/group of logic.
I am trying to get a rails app to work with heroku but I am doing something wrong.
Database.yml
development:
adapter: postgresql
encoding: unicode
database: (heroku db)
user: (heroku db_user)
pool: 5
password: (heroku db_pass)
If I enter the information from my heroku database I get:
PG::ConnectionBad FATAL: password authentication failed for user
I am not rails guy, But this is something that i have done just now on my spring app, I wanted to connect my localhost development to heroku db.. I got db info from this:
heroku pg:credentials DATABASE
then I have passed params.. But I found that to connect remote heroku db, I needed to add this to my connection params..
ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
I guess, you also need to specify the host and port. To find out the host try running this command:
$ heroku config | grep HEROKU_POSTGRESQL
You should see something like
HEROKU_POSTGRESQL_RED_URL: postgres://user3123:passkja83kd8#ec2-117-21-174-214.compute-1.amazonaws.com:6212/db982398
if you already added the PostgreSQL add-on. More on this read here.
Then add the host and port info to your configuration:
development:
...
host: ec2-117-21-174-214.compute-1.amazonaws.com
port: 6212
...
But do remember that it's a bad idea to work with the production database from your local dev machine, unless you really know what you are doing.
I'm trying to upload a rails app to dotcloud.
I'm getting this error:
PG::Error (could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
):
activerecord (3.2.5) lib/active_record/connection_adapters/postgresql_adapter.rb:1206:in `initialize'
I'm guessing it's because I haven't set up a postgres database. How do I do that? The docs don't appear to say.
My dotcloud.yml file looks like this:
www:
type: ruby
exclude_bundler_groups:
- development
data:
type: postgresql
My database.yml looks like this:
production:
adapter: postgresql
database: my_app_production # have not set this up on dotcloud yet as I can't find any docs on how to do it
username: root
password: mypassword
Do I have to run migrations? How do I do that, again the docs don't say.
Is there an idiots guide to setting up a rails app on dotcloud? I'm coming over from Heroku, where you just push your code and run your migrations. I've spent a good few hours struggling with the dotcloud docs and can't get this app to run.
After you create your app with that yaml file, like "dotcloud push APPNAME app-on-dotcloud/", you should run this line "dotcloud APPNAME.data info" and you get all info for connect to database that you can add to database.yml
UPDATE
You've obtained all info for access to postgresql terminal: user, password, port and host. You need run "dotcloud ssh APPNAME.www", for you connect to postgresql with "psql -h myapp-myname.dotcloud.com -p 29876 -U root", then put your password. Finally, create your database with "CREATE DATABASE 'dbname';" and update your database.yml.
basically I have a mongodb instance running and working on ec2. On the side I have a rails 3.2 app with mongoid as orm working on local. What I want to do next is try to connect my rails app to the mongodb instance using mongoid. Also, intending to host my rails app on Dotcloud later
Ran the code rails g mongoid:config to generate the mongoid.yml file with the following code:
development:
host: localhost
database: mongotest_development
test:
host: localhost
database: mongotest_test
set these environment variables on your prod server
production:
host: <%= ENV['MONGOID_HOST'] %>
port: <%= ENV['MONGOID_PORT'] %>
username: <%= ENV['MONGOID_USERNAME'] %>
password: <%= ENV['MONGOID_PASSWORD'] %>
database: <%= ENV['MONGOID_DATABASE'] %>
# slaves:
# - host: slave1.local
# port: 27018
# - host: slave2.local
# port: 27019
From here onwards, I don't think I have a clear picture of how all this is going to work. But I did some trial and error. Firstly I wanted to try connecting to the mongodb instance on development, so I commented out the mongoid.yml defaults and added the following:
development:
host: <public dns of the mongodb instance>
port: 27017
# username:
# password:
database: <I ssh into the instance and created a database>
I commented the username and password out partly because I am not sure what to put, and partly because when I inspect the mongod.conf file on ec2, I saw that by default :auth is false, so I assume authentication is not required. So I ran rails console and got the following error:
Failed to connect to a master node at <public dns of the mongodb instance>:27017 (Mongo::ConnectionFailure)
from /Users/Kinglee/.rvm/gems/ruby-1.9.2-p180#rails3tutorial/gems/mongo-1.6.2/lib/mongo/connection.rb:589:in `setup'
from /Users/Kinglee/.rvm/gems/ruby-1.9.2-p180#rails3tutorial/gems/mongo-1.6.2/lib/mongo/connection.rb:114:in `initialize'
from /Users/Kinglee/.rvm/gems/ruby-1.9.2-p180#rails3tutorial/gems/mongo-1.6.2/lib/mongo/connection.rb:165:in `new'
from /Users/Kinglee/.rvm/gems/ruby-1.9.2-p180#rails3tutorial/gems/mongo-1.6.2/lib/mongo/connection.rb:165:in `from_uri'
from /Users/Kinglee/.rvm/gems/ruby-1.9.2-p180#rails3tutorial/gems/mongoid-2.4.10/lib/mongoid/config/database.rb:86:in `master'
from /Users/Kinglee/.rvm/gems/ruby-1.9.2-p180#rails3tutorial/gems/mongoid-2.4.10/lib/mongoid/config/database.rb:19:in `configure'
from /Users/Kinglee/.rvm/gems/ruby-1.9.2-p180#rails3tutorial/gems/mongoid-2.4.10/lib/mongoid/config.rb:290:in `configure_databases'
....
At this point, I am kind of confused. I kept asking myself, do I need the username and password to connect to mongodb ? I kind of 80% sure that I need them but I am not sure where to find them or rather not sure what am I connecting to, the mongodb ec2 instance or the mongodb database. How should I go about doing that ? Should I open port 27017 and 28017 on the instance ? Do I need to add config to database.yml (I highly doubt I need to since there is already mongoid.yml but just want to confirm)
I have been looking at a list of documentation and tutorial:
http://mongoid.org/docs/installation/configuration.html
http://www.mongodb.org/display/DOCS/Security+and+Authentication#SecurityandAuthentication-AbouttheKeyFile
MongoDB and Mongoid in production - looks like what I looking for, but not sure, going to try it.
http://craiccomputing.blogspot.com/2011/02/authentication-in-mongo-and-mongoid.html
Appreciate any advice from anyone here.
Ok finally found the problem. In the mongodb.conf file, there is a setting which called
bind_ip = 127.0.0.1
I was blind to not notice this, it means that the server can only be access locally and not externally, hence the fail connection error. A quick fix would be to change it to
bind_ip = 0.0.0.0
and it works. But thanks for the advice guys.
It is most likely a firewall issue. Check to see if the security group for your ec2 instance has the default mongodb port 27017 open.
This article will give you the gist of how it works if you haven't done something like that before:
http://cloud-computing.learningtree.com/2010/09/24/understanding-amazon-ec2-security-groups-and-firewalls/
I'm very new to Ruby and postgres.
Below is my database.yml
development:
adapter: postgresql
database: test_database
username: postgresql
password: mypassword
host: localhost
encoding: utf8
The user exists and I'm, able to login using same credentials in phpPgadmin. But when I start rails server and go to home page of app, I get FATAL: Ident authentication failed for user "postgresql".
Edit: In case pghba.conf matters,
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
#local all all peer
local all postgres md5
local all postgresql md5
Could anyone please help ?
open PostgreSQL client authentication configuration file
vi /var/lib/pgsql/data/pg_hba.conf
This file manage below stuffs
Which hosts are allowed to connect
How clients are authenticated
Which PostgreSQL user names they can use
Which databases they can access
By default Postgresql uses IDENT-based authentication. All you have to do is allow username and password based authentication for your network or webserver. IDENT will never allow you to login via -U and -W options. Append following to allow login via localhost only:
local all all trust
host all 127.0.0.1/32 trust
Save and close the file. Restart Postgresql server:
service postgresql restart OR
sudo /etc/init.d/postgresql restart
It should work
I can find my pg_hba.conf file in the path:
/etc/postgresql/8.4/main/pg_hba.conf
For anyone who still can't find their pg_hba.conf file, I'm using PostgreSQL v9.2 and I found mine in:
/var/lib/pgsql/9.2/data/pg_hba.conf