Git Deployment to an AWS instance within a VPC - ruby-on-rails

Last week I succeeded in getting a database and a rails app on two instances and pushing from my console my rails app with a working connection to the database. Now I want to do the same but with the two instances (app and db) safely within a VPC on AWS.
I have the two instances launched within the VPC but I'm struggling to figure out the final step of a) setting up my database.yml to connect to the db now that there's no public ec2 host to refer to; it needs to go through the VPC I assume, but how? b) setting up git so a simple git push production is linked to this rails instance in the AWS.
The only things I've found so far about going about this assume I'm creating the instances via Beanstalk, which wasn't the case. Thoughts?
Edit:
In terms of problem 1, it is now working if I do RAILS_ENV=production rails s, but only with a public DNS or IP; the private ones aren't getting me in. The server ends up timing out, but I've made sure that the VPS is open to port 5432 and so are the instances. The error is:
PG::ConnectionBad (could not connect to server: Operation timed out
Is the server running on host "10.0.0.153" and accepting
TCP/IP connections on port 5432?
):
And here's my database.yml file
production:
adapter: postgresql
encoding: unicode
database: database_name
host: ip_address
pool: 10
username: my_username
password: my_password

Related

How do you connect rails app with postgres database on app engine?

I'm new to rails, and I'm trying to deploy an app on Google App engine Flex with postgres.
My database.yml contains the following :
production:
adapter: postgresql
socket: /cloudsql/[postgres_instance_name]
database: pia-data
timeout: 5000
pool: 5
username: postgres
password: test
but I get the following error :
PG::ConnectionBad (could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
):
I tried with private IP and VPC, but the same error.
I don't know what I'm missing exactly to make it run, as it runs locally with 127.0.0.1 and cloud proxy.
Anybody had the same issue on GCP ?
Thank you in advance

Update Your Amazon RDS SSL/TLS Certificates for a Rails 5 application

I have received an email informing me that by March 5, 2020 I need to set a new SSL certificate for my RDS database.
What makes me confused in the email is the part about updating the client application:
As previously communicated, the current CA expires on March 5, 2020,
requiring updates to all client applications and database instances
that connect using Secure Sockets Layer (SSL)/Transport Layer Security
(TLS) with certificate verification. Client applications must add new
CA certificates to their trust stores, including root and intermediate
certificates where necessary. RDS database instances must separately
use new server certificates before this hard expiration date. If
you've missed previous communications on this subject, see the
Database Blog post for more information 1.
What does it mean? I have a standard Rails app where the config to the RDS is in the database.yml file:
production:
adapter: postgresql
encoding: utf8
database: myapp_production
username: username
password: pass
host: URLprod.rds.amazonaws.com
port: 5432
pool: 30
staging:
adapter: postgresql
encoding: utf8
database: myapp_staging
username: username
password: pass
host: URLstag.rds.amazonaws.com
port: 5432
pool: 30
The one thing I have done for the staging RDS was that on this page
I clicked the Update now button. During that time, I've got this error message (although, the Rails app was still running):
Failsafe from rollbar-gem. PG::ConnectionBad: "could not connect to server: Connection refused
Is the server running on host "URLstag.rds.amazonaws.com" (IP) and accepting
TCP/IP connections on port 5432?
After approx 2 minutes, I looked to Amazon RDS -> Databases -> my staging instance and I see there this information:
which implies that the SSL certificate was updated for this RDS instance.
However, I did:
not download any SSL certificate
not upload anything on the EC2 instance (or anywhere else)
not update any config files in the Rails app
Am I overlooking anything? Or is this the whole update of the certificate? It's still a bit unclear to me and I am trying to be sure before doing any changes on the production RDS database.

Rails trying to connect to postgresql on port 5432, but it's configured for 5433

I am attempting to get rails running in an ubuntu subsystem on Windows 10.
I have installed everything needed, but rails is unable to access postgres.
In both /etc/postgresql/9.5/main/postgresql.conf and the rails config/database.yml, I have port: 5433 instead of 5432. See [1] below for why I'm using 5433.
When trying to do a database operation through rails (e.g. rails db:setup), I get this:
PG::ConnectionBad: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
database.yml:
default: &default
adapter: postgresql
encoding: unicode
pool: 5
development:
<<: *default
database: some_database
username: 'postgres'
password: 'postgres'
I cannot figure out how to make rails try to start postgres on port 5433... I'm also not sure if there is a better way to solve the issue here.
Thanks for your time.
Further details:
[1] I am using port 5433 simply because I've been unable to figure out a way to make it use 5432. I have removed all postgres libraries and made sure to reinstall one using a specified version number, but it defaults to port 5433. When changing the port to 5432 in the config, starting it yields the error that some other process is using it, but netstat, lsof, and ps aux disagree. Not sure what else to do there.
For me, I believe this issue was somehow caused by something being cached by spring or some other service. After doing the following, the problem was resolved, though I'm not sure what all was required.
Killing all spring processes
restarting the machine
deleting and re-creating database.yml
changes the port from 5433 to 9854 (basically just anything else)
changing database user and name

Google App Engine + Postgres Cloud SQL connection issues

I have been using GCP for a few days now but I am struggling to get my Ruby on Rails app to connect to Postgres hosted on Cloud SQL.
I have managed to connect locally via the cloud SQL proxy and execute migrations but I have not gotten past that.
Here is my database.yml production settings.
production:
<<: *default
adapter: postgresql
database: databasename
username: databaseuser
password: databasepassword
host: /cloudsql/project-name-172409:us-central1:application-name
Here is my app.yaml settings.
runtime: custom
env: flex
health_check:
enable_health_check: false
beta_settings:
cloud_sql_instances: project-name-172409:us-central1:application-name
env_variables:
SECRET_KEY_BASE: 121212
My custom docker file inherits from the base ruby build and executes migrations.
The error i get is this.
PG::ConnectionBad: could not connect to server: No such file or directory
Is the server running locally and accepting
I had the same issue. I forgot to activate the Cloud SQL API. After activating it, everything worked like a charm. After activating I had to deploy everything again.
It looks like CloudSQL is not mounted during the build of the docker image which makes sense. I was assuming it was never mounted because none of my builds finished due to the migrations failed which left me to presume that the database was not connecting.
Once I removed the migration execution code from my Dockerfile and build the Docker image, I SSH'd into the app engine instance to inspect if /cloudsql directory was there which it was. I am currently assuming that Rails can connect to the database as I am not getting any errors in my webapp. I will report back once I have confirmed rails is connecting to Postgres Cloud SQL.

Can ActiveRecord connect to PostgreSQL remotely and protect the DB password?

I have a PostgreSQL DB on a remote VPS server (CentOS 5) and I'd like to connect to have a Rails application connect to it from my local Mac laptop. On my laptop, I have the ActiveRecord PostgreSQL adapter installed -- postgres (0.7.9.2008.01.28).
I read in the PostgreSQL docs:
The password-based authentication methods are md5, crypt, and password. These methods operate similarly except for the way that the password is sent across the connection: respectively, MD5-hashed, crypt-encrypted, and clear-text.
[...]
If you are at all concerned about password "sniffing" attacks then md5 is preferred...Plain password should be avoided especially for connections over the open Internet (unless you use SSL, SSH, or another communications security wrapper around the connection).
In a standard Rails database.yml would have something like this for a localhost connection...
development:
adapter: postgresql
database: journalapp_development
username: xxx
password: yyy
host: localhost
But there's nothing in there about the authentication method discussed in the PostgreSQL docs. Is there as option to have something like "auth_method: md5"?
Regardless of whether Postgres allows this functionality, you can enable a secure connection to a remote database by using SSH tunneling. Here's the gratuitous Stack Overflow paste-in from the Web docs:
First make sure that an SSH server is
running properly on the same machine
as the PostgreSQL server and that you
can log in using ssh as some user.
Then you can establish a secure tunnel
with a command like this from the
client machine:
ssh -L 3333:foo.com:5432 joe#foo.com
The first number in the -L argument,
3333, is the port number of your end
of the tunnel; it can be chosen
freely. The second number, 5432, is
the remote end of the tunnel: the port
number your server is using. The name
or IP address between the port numbers
is the host with the database server
you are going to connect to. In order
to connect to the database server
using this tunnel, you connect to port
3333 on the local machine:
psql -h localhost -p 3333 postgres To
the database server it will then look
as though you are really user
joe#foo.com and it will use whatever
authentication procedure was
configured for connections from this
user and host. Note that the server
will not think the connection is
SSL-encrypted, since in fact it is not
encrypted between the SSH server and
the PostgreSQL server. This should not
pose any extra security risk as long
as they are on the same machine.
In case you want more, you can find it online by searching for "SSL tunnel" or "postgres SSL tunnel". Here's the Postgres site where I got the above:
http://www.postgresql.org/docs/current/static/ssh-tunnels.html
To summarize for Rails, you would then do the following:
1) In a terminal window, run the first ssh command above to establish the tunnel.
2) Set your database props like so:
development:
adapter: postgresql
database: journalapp_development
username: xxx
password: yyy
host: localhost
port: 3333
I had a look online and there doesn't seem to be an option for what you're looking for and in fact the client library, libpq doesn't mention this either.
My guess is that this is negotiated on your behalf within libpq. In any case, md5 is likely to be the default authentication method.
If you connect to a PostgreSQL server over insecure channel you need to encrypt your communication with SSL or (as runako has explained) SSH Tunneling.

Resources