I have the following config in my production config/database.yml file. I've noticed that this doesn't work - it fails with a postgres password authentication failure.
I also noticed that if I replace <%= ENV['SOME_PASSWORD'] %> with the actual password, that it works fine.
production:
adapter: postgresql
host: localhost
database: some_database
username: some_user
password: <%= ENV['SOME_PASSWORD'] %>
However, I only see this behavior on my production Ubuntu server. This insertion of the environment variable works find on my OS X dev box.
Just curious why this is - why doesn't this work on Ubuntu? If I go into an interactive ruby session on the production box via irb, and type <%= ENV['SOME_PASSWORD'] %> it outputs the password as expected.
I've tested this multiple ways, and I'm sure this is the problem. I'm just not sure why it happens. I'm using Ruby Enterprise Edition for my ruby interpreter in both places. Just seems weird, and I'd really like to be able to keep my password completely out of my config file - I just feel like I need to use a slightly different syntax for the production server, but I'm not sure what that syntax might be.
NOTE: Every single other article I've found anywhere on the internet that deals with Rails postgres authentication issues, at some point, tells you to change your pg_hba.conf file to trust mode, which not only ignores the issue by bypassing authentication, it's insecure, and not a valid solution if you care about security.
Related
I know many others have encountered this problem, but I'm limited in the Postgres configuration I can do since I am using Amazon RDS...
Here is the relevant section of my database.yml
default: &default
host: <%= ENV["POSTGRES_HOST"] %>
username: <%= ENV["POSTGRES_USER"] %>
password: <%= ENV["POSTGRES_PASSWORD"] %>
adapter: postgis
encoding: unicode
database: <%= ENV["POSTGRES_DB"] %>
port: 5432
pool: 5
When I hard code the host, leave everything else as is, and load localhost:3000, I get fe_sendauth: no password supplied error. However, when I hard code all of the values instead of using an ENV variable, everything loads as normal with no errors.
I'm using Amazon RDS, so I have no ability to edit pg_hba.conf, but is this just a simpler problem of RoR not having access to ENV variables?
Yup, it's pretty clear that your ENV values are returning nil. Keep in mind that environment variables are loaded a bit differently on your production server than localhost. In most deployment configurations you can't simply set a Unix environment variable and have it be detectable in ENV.
I can't really tell much about how your ENV variables are being set from your provided code, but you should consider using Figaro (https://github.com/laserlemon/figaro) or dotenv (https://github.com/bkeepers/dotenv) to manage your ENV variables for you. However, it will require the extra step of having to manage an environment variable file outside of source control.
As you know, you MUST provide the correct database name, username, and password for the database in the config/database.yml file, or your Rails app will refuse to work.
In the default setup, your password is in plain text in the config/database.yml file. If your app is on a free GitHub repository, then your password is public information. This is not a viable option for a serious app. (It's OK for a tutorial exercise, provided that you don't use this password for anything else.)
I have a solution that has worked for me so far, but I'm wondering if there is something better. You can see my deployed example at https://github.com/jhsu802701/bsf .
What I do is set up the config/database.yml file to provide the username and password for the development environment programatically. For the development environment, I add commands to the config/database.yml script to acquire the development environment username (which is my regular username for the Debian Linux setup I use) and a blank password. (I give my username Postgres superuser privileges.) For the production environment, I add a command in the deployment script that acquires the username and password from files elsewhere on my account and writes this information to the config/database.yml file.
Is there a better solution?
Is there a Ruby gem that covers this? If not, I'm thinking of creating one.
The way that heroku does it, and a vast majority of other rails shops are with ENV variables
Export two variables to your environment,
export POSTGRES_USERNAME='username'
export POSTGRES_PASSWORD='password'
then in your database.yml file you can do
username: <%= ENV['POSTGRES_USERNAME'] %>
password: <%= ENV['POSTGRES_PASSWORD'] %>
This is how I make it work:
On terminal/cmd:
heroku config:set YOUR_DATABASE_PASSWORD=passywordy
Then, in /config/database.yml file;
production:
<<: *default
password: <%= ENV['YOUR_DATABASE_PASSWORD'] %>
(this password area is automatically generated when I used rails new my_app -d postgresql)
On other than heroku export you variables to system environment (linux) by typing in bash
export KEY=value
Then you can call it in Rails by ENV['KEY']
e.g.
in bash:
export CMS_DATABASE_PASSWORD=MySecurePassword
in secrets.yml:
password: <%= ENV['CMS_DATABASE_PASSWORD'] %>
Setting the environment variables as described in existing posts above, will only persist the environment variables for the duration of the current shell session.
To set the environment variables permanently, the export instruction(s) should be added to your shell config file. (Then run source ~/.bashrc to apply the changes to your current session)
TL;DR: If you're using BASH, add the export instruction(s) to ~/.bashrc.
While the above should suffice (if using BASH on most popular Linux distros), confidently identifying which config file to update for your shell can be quite tricky. The following post explains the reasons why and provides guidance on which config file to edit.
https://unix.stackexchange.com/questions/117467/how-to-permanently-set-environmental-variables
I have the following developement section of my development.yml file:
development:
adapter: postgresql
host: localhost
database: testtb
username: app_user
password: ENV['APP_USER_POSTGRES_PASSWORD'] <= Troublesome line
When I open a rails console via bundle exec rails console and type ENV['APP_USER_POSTGRES_PASSWORD'] I get back the DB password I've specified in my local profile. However, when I start my rails server, it can't connect to the DB, failing with
PGError FATAL: password authentication failed for user "app_user"
This was previously working when I had the DB password actually typed out in plain text, rather than trying to access it via ENV['...'], but for obvious reasons I want to keep the actual password out of this file entirely (and therefore out of the code repository) while still being able to commit other, non-secure changes to the database.yml file.
Is there something special about the syntax I'm missing, or are the environment variables for some reason not available when the database.yml file is being loaded?
Update: Some people report in the comments that this doesn't work as of Rails 4.2.x.x. I haven't tried it myself, so YMMV.
Ah, finally figured out the simple solution - it accepts embedded Ruby:
password: <%= ENV['APP_USER_POSTGRES_PASSWORD'] %>
Short and quick solution if you are running a Rails version > 4.2 Run the following command:
spring stop
..then run rails console or other rails command. My issue was that Spring server needed to be restarted in order to refresh/pickup my new ENV vars. I was starting up Rails console and it couldn't see them until I shut down Spring.
Previous versions of Rails didn't have this issue since they didn't use Spring server.
Another tool to help you troubleshoot -- Use the following command to print out your database.yml config. You can run it from the command line, but I prefer to run this within Rails console since then you can use awesome_print to make it pretty:
Within rails console:
puts ActiveRecord::Base.configurations
...or using awesome_print
ap ActiveRecord::Base.configurations
Or instead from the command line:
bin/rails runner 'puts ActiveRecord::Base.configurations'
Currently I get the following error:
PGError (FATAL: password authentication failed for user "postgres" ):
when my app tries to access the database.
I wanted to test my SQL calls against postgres as my app regular breaks when pushed up to production on Heroku because of the stricter requirements of postgres (which I think is probably a healthy thing) over sqlite 3. So I have a similar request to this for a not out of date tutorial for installing postgres for use with ruby on rails on windows (7) please. I thought it'd be a quick 20 minutes of downloading and installing but 2 and a bit hours later and I don't think I'm very close yet. So far I've:
Downloaded and installed Postgres Version 8.4.8-1 from here
Set my environment variables such that Path (for User) is: C:\Ruby192\bin;C:\Program Files (x86)\PostgreSQL\8.4\bin
Gemfile:
gem 'pg', '0.11.0' # instead of gem 'sqlite3', '1.3.3'
ran bundle install for my rails app seemingly successfully, but haven't found easy way to validate installation yet.
set database.yml as suggested here to:
development:
adapter: postgresql
database: db/development
username: postgres
password: secret
host: localhost
encoding: UTF8
pool: 5
timeout: 5000
I know I need to set up a user name and password for Postgres, maybe also start the postgres server, connect to it(?) and put in my local IP address I'll connect to it on into a config files somewhere and then edit one of the other .conf files in 'C:\Program Files (x86)\PostgreSQL\8.4\data' etc...
I think Rails has made me soft, am I over thinking things or is it actually fairly tricky to set up and I should just go back to Sqlite3, for which there's also the awesomely useful SQLite Manager, Firefox plugin?
I'm still searching for a beginners guide to installing and using Postgres for rails but so far have only been confused by most of the stuff I look at / tried following like this, this, this, this, this(for Snow Leopard), this(linux).
Any pointers would be much appreciated. Thanks!
James
An approach to installing Postgres on windows 7 for use as PostgreSQL database for a rails 3 (3.0.7) project.
Preamble (you can skip this bit)
So the first thing to point out is that Postgres is not just a different file extension from .sqlite3, it's a whole mechanism for managing your databases. As such it has a client/server model, of which you'll need to set up both to use Postgres as the database for your rails app.
Motivation for going through considerable pain of Postgres setup versus almost effortless sqlite setup: if you're deploying to Heroku, they're currently using Postgres so some of your SQL calls that are fine on sqlite3 will break when used with Postgres. It's much easier to debug postgres locally rather than when it's on Heroku's servers.
So I did the following things:
(Disclaimer: I may have forgotten to include some of the things I did... it took me over 48 hours of on and off pain to get it to work... if the following advice doesn't work for you then the huge (2300 pages!!) but very thorough Postgres documentation should help. I'd recommend downloading this anyway if you're serious about using Postgres as it has a lot of material that I've only just begun to understand the significance of.)
(Second disclaimer: I have almost certainly broken 20 sensible Postgres guidelines and exposed security holes in the Postgres database whilst doing so. If there any obvious things an experienced Postgres user disagrees with, please edit my post.)
.Step 1. Download and install PostgreSQL v9.0.4-1 from here because here said only 9.0.x would be supported on windows 7. I kept all the default options and just used 'secret' as the password when prompted by the Postgres installer for one (again not entirely sure what the consequences of sharing that info on the internet is... will soon find out I'm sure). You'll need this password in step 3.
.Step 2. Change environment variables such that Path (for system, not user (I'm not sure if this is significant or not)) is: C:\Program Files\PostgreSQL\9.0\bin
(n.b. I'm on 64-bit windows hence it not being installed for 32-bit in 'C:\Program Files (x86)\PostgreS...')
Don't forget to change access rights to folder PostgreSQL\9.0 and remove any default readonly rights on the folder or content.
(You may also need to restart your computer for these to take effect - thanks #Gavin -although not likely).
.Step 3. Test Postgres installation by trying to create a new database:
From command line: createdb -U postgres mydb_as_postgres.
You should be prompted to enter the password now, if you're not it may be that you need to start the server first (I can't remember whether I needed to do this or not). The easiest way is through pgAdmin III, which should be 'pgAdmin3.exe' in a folder somewhere like C:\Program Files\PostgreSQL\9.0\bin. Once you've started pgAdmin III there should be a panel on the left called 'Object Browser'. In this there should be a tree with:
Server Groups > Servers > PostgreSQL 9.0 (localhost:5432)
Right click on 'PostgreSQL 9.0 (localhost:5432)' and select 'Connect'.
The createdb -U postgres mydb_as_postgres command should create a new databse called 'mydb_as_postgres' which you can check by firing up pgAdmin III and double clicking on 'PostgreSQL 9.0 (localhost:5432)'. Under this there should be:
Databases (2) which should list 2 databases called mydb_as_postgres and postgres
I called it _as_postgres because the -U postgres part of the command tells Postgres to create the database with the postgres user as it's owner, which you need to specify when you're not signed in as the postgres user. I have all of my files stored as 'AJames' user though so if you're the same and want to keep developing your app when signed in as a different user you need to create a Postgres 'role' for that user now (see step 4).
.Step 4. Through pgAdmin III. Right-click on Login Roles (which for me is in):
Object Browser > Server Groups > Servers > PostgreSQL 9.0 (localhost:5432) > Login Roles
Right-click on Login Roles and select 'New Login Role...'
in Role name, put in your operating system user name, which for me is AJames,
and fill in your password under the 'Role Privileges' tab, I checked all the boxes, but an experienced postgres user would likely strongly recommend to only check the 'inherits rights from parent roles' and the 'can create database objects' But I'm not an experienced user and just want to debug Rails SQL calls in Postgres so I also checked the 'Superuser' and 'Can create roles', just in case.
.Step 5. You should now be able to create a new database without being signed in as the postgres user. Try typing:
createdb mydb_as_user
Hopefully this should work for you.
.Step 6. Okay, so you've got a development.sqlite3 file in your rails 'db/' directory. Initially I was going to set the next test as converting this from sqlite3 to psql.
I couldn't get this to work though but I left my attempts here as the solution I used required having the data in a Rails app on Heroku.com (see instead the solution from step 7 onwards). For those who only have a local app and no data in Heroku, they can't use the same approach, so they might need to explore something like this:
x6.1 First, test 'psql' by trying a command from your command line like:
psql mydb_as_user
this should display something like below (after you've typed in your password):
C:>psql mydb_as_user
Password:
psql (9.0.4)
WARNING: Console code page (850) differs from Windows code page (1252)
8-bit characters might not work correctly. See psql reference
page "Notes for Windows users" for details.
Type "help" for help.
mydb5=#
x6.2 try entering:
CREATE TABLE users_table (id integer, "name" text);
It should display:
CREATE TABLE
mydb5=#
If you check in pgAdmin III, you should see the table there under:
Object Browser > Server Groups > Servers > PostgreSQL 9.0 (localhost:5432) > Databases > mydb_as_user > Schemas > public > Tables > users_table >
x6.3 Okay, next to try the conversion. Downloaded sqlite-shell precompiled binary for windows.
x6.4 Create a new directory, I used 'C:\temp' and put the sqlite3.exe and your development.sqlite3 files in it.
x6.5 Use the following commands (which are from here) to dump the development.sqlite3 database into Postgres.
sqlite3 development .dump | psql development2
you might get an error like:
psql: FATAL: database "development2" does not exist
x6.6 so I went into pgAdmin III and made a development 2 database, tried the command again and got:
ERROR: syntax error at or near "PRAGMA"
LINE 1: PRAGMA foreign_keys=OFF;
^
BEGIN
COMMIT
Like I said, I couldn't get it to work. I'm sure there's a way of getting round that error but I thought of a different way and so I instead used this solution (which requires a Heroku account to have your data and does the conversion from sqlite3 to psql using the Taps gem (I believe):
.Step 7. in pgAdmin III I created another database. Under the properties tab I set name: 'development', owner: 'AJames' (replace this with your own Windows user name). And under the privileges tab, set role: 'public' and checked the ALL option (thought this resets to unchecked so I'm not sure that's necessary).
.Step 8. add
gem 'pg', '0.11.0'
to your gem file. You'll probably also want to remove the:
gem 'sqlite3'
at this point too.
.Step 9. set database.yml as suggested here to:
development:
adapter: postgresql
database: db/development
username: AJames # replace this with your own user name
password: secret # replace this with your own password
host: localhost
encoding: UTF8
pool: 5
timeout: 5000
If you are working on an open source project and don't want your password to be made publicly available, have a look at some of the answers to Securely providing the database password in a Rails app.
.Step 10. from command line in your rails app's root directory run:
rake db:migrate
This will create the new schema and all the tables in the Postgres database.
.Step 11. run heroku db:pull from your command line (again from in the root directory of your rails app) to pull all your data down and into your new empty Postgres database. I think at this point your taps gem will be doing this work for you.
.Step 12. Hopefully there is no step 12! ...and it should now be working for you. Happy RoR PostgreSQL debugging! Please edit, or let me know, if there are any errors in this.
Also, here's a list of additional stuff that might be interesting/useful:
This is a blog post about Postgres passwords, what they're for,
why you need them, how to change them etc.
This, under 'Creating a spatial database', is useful for newbies to
understand what pg_hba.conf is about and the second link that
Reno gave above, under the 'Using pgAdmin III GUI' is useful to
testing to see if postgres is actually working, before trying to fit
it with Rails (i.e. try creating a database and putting a table and
some data into it).
In the huge but very comprehensive Postgres documentation, I'd
start on page 58, 'I. tutorial'. Then on pdf page 431(!) there's
'Chapter 17. Server setup and operation' that I also found useful.
the answer from AJP is the correct one with just a small re-config.
The line
database: db/development
does not work for me.
I have to change it to
database: development
I use this for ruby on rails for the command
rake db:create
and
rake db:migrate
to work
None of your links appeared to be the (arguably) most useful documentation - the official postgresql docs. I recently configure a Linux Mint box with postgresql and django using a combination of those documents and these, though the latter are specific to Linux.
I'd worry more about validating the postgresql side of things, less about rails. That is to say, your question should be "How can I set up and test a postgresql server on a Windows 7 box", moreso than you need to know how to get it locked into rails.
Edit:
Maybe this could also be of use to you - official postgresql wiki with detailed installation guides.
Good luck!
first things first, please excuse my utter noobness. I really tried to find a solution out there, but now i'm stuck and completely clueless.
i'm trying to deploy a rails 3 app on a distant server ; when developping on my local VM, no problem showed. But now, when i try to run
rake db:create
it fails, with error (here translated, since i'm french):
FATAL : password authentication failed for user <<mylogin>>
here's my database.yml :
login: &login
adapter: postgresql
username: mylogin
password: mypassword
host: localhost
port: 5432
encoding: UTF8
development:
<<: *login
database: somesite_development
test:
<<: *login
database: somesite_test
production:
<<: *login
database: somesite_production
the user "mylogin" has been created postgre-side with the command-line tool "createuser". It's authorized to create dbs.
postgresql.conf configures the server to listen on localhost.
I've tried many things with pg_hba.conf, none worked - whatever the method used (ident, password, md5) for user "mylogin" on 127.0.0.1, authentication fails - though i've never had problems connecting / creating dbs with psql.
any clue ?
EDIT: okay, found out how incredibly stupid i've been... the password for my user was simply not set !
I think i forgot the semicolon after
ALTER USER xxxx WITH PASSWORD xxxx ;
... i saw this by requesting "SELECT * FROM pg_shadow;" - the password field was empty. Three days of my life wasted because of this dumb mistake...
I was also stuck on this problem for a really long time, and went to a variety of links (including the ones offered in this post) to try and find the answer, but to no avail. However, the solution is very simple. While many of the other responses were on the right track here are the exact steps to solve the problem:
Open your pg_hba.conf file in a text editor of your choice. (It is located in /etc/postgresql//main)
Navigate to the line that reads:
# "local" is for Unix domain socket connections only
and paste below it:
local all all trust
This will trust all unix users trying to connect to the psql server on the local machine. (Read documentation at top of page for further info about function of columns)
Save the pg_hba.conf file and exit the text editor.
Restart the Postgresql server by running the command:
service postgresql restart
Now try and start a psql server by running:
psql -d -U (or "psql " for short)
You should be able log in with no problem.
*Note:
All this assumes that you have have a valid psql username for logging in. If you don't follow the links below to set one up:
Setting up a user:
http://erikonrails.snowedin.net/?p=274
Making sure you have a valid postgres user:
http://archives.postgresql.org/pgsql-novice/2002-08/msg00072.php
Listing all existing psql users:
If you are looking for a "LIST USERS" or "DISPLAY USERS" command then try:
"select * from pg_user;" (when logged in to psql)
Good luck!
okay, found out how incredibly stupid i've been... the password for my user was simply not set ! I think i forgot the semicolon after
ALTER USER xxxx WITH PASSWORD xxxx ;
... i saw this by requesting "SELECT * FROM pg_shadow;" - the password field was empty. Three days of my life wasted because of this dumb mistake...
I had same problem. In my case it was because in my database.yml file the username started with capital letter but in database it was all lower case.
Solution: When creating user from postgres command line, it converts all letters to lowercase. For using capital letters, double quotes must be used.
Example:
create user AlbertEinstein; result = alberteinstein
vs
create user "AlbertEinstein"; result = AlbertEinstein
Here are some concise instructions that should work for you
http://www.cyberciti.biz/faq/psql-fatal-ident-authentication-failed-for-user/.
Basically you need to set the authentication method for localhost to 'trust'.
You need to give "myuser" in postgresql the privilege "Can create database objects".
In pgadmin, it looks like this:
After calling rake db:create, you can take away this privilege.
In my case, I found that a later host permissions rule line in the pg_hba.conf file had over-ridden the earlier local line. I was correctly configuring the local line to use md5 authentication but the host line was set to ident which I changed to md5
As other have emphasized here, note that using trust is an insecure method, so you shouldn't use it in any production-style deployment.