After upgrading my flask application from SQLAlchemy 1.4.46 to 2.0.1 I'm seeing that I get a password authentication failed error during flask db upgrade (Flask-Migrate). I'm able to connect fine running flask normally. DB upgrades were working fine before the SQLAlchemy upgrade, and they work fine if I downgrade back to 1.4.46.
Has anything changed? I'm providing the same SQLALCHEMY_DATABASE_URL is constructed with:
SQLALCHEMY_DATABASE_URI = f"postgresql+psycopg2://{PG_USER}:{PG_PASSWORD}#{PG_HOST}:5432/{PG_DB}?{urlencode(LIBPQ_PARAMS)}"
and becomes
postgresql+psycopg2://user:xxx#example.com:5432/exampledb?connect_timeout=10&keepalives=1&keepalives_idle=60&keepalives_interval=10&keepalives_count=5&sslmode=require
in the logs, I see:
PG-00000 LOG: connection received: host=10.101.15.236 port=53150
PG-28P01 FATAL: password authentication failed for user "user"
PG-28P01 DETAIL: Connection matched pg_hba.conf line 18: "hostssl all all 0.0.0.0/0 scram-sha-256"
File "/home/so/venv/lib64/python3.8/site-packages/psycopg2/__init__.py", line 122, in connect
conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
sqlalchemy.exc.OperationalError: (psycopg2.OperationalError) connection to server at "example.com" (10.101.1.28), port 5432 failed: FATAL: password authentication failed for user "user"
This is a known issue in Flask-Migrate at this time:
https://github.com/miguelgrinberg/Flask-Migrate/issues/505
Release 4.0.4 of Flask-Migrate addresses this issue. Please upgrade.
The issue was caused by a backwards incompatible change in SQLAlchemy that masks the database password when obtaining the database URL.
Bug report: https://github.com/miguelgrinberg/flask-migrate/issues/505
Related
I'm trying to connect to the MySQL server on PlanetScale, but can't as it requires SSL.
Here's their doc for that, but it's unclear what it says.
https://planetscale.com/docs/concepts/secure-connections
Here's the connection URL: DATABASE_URL='mysql://co30rXXXXXXX:pscale_pw_XXXXXXX#hoqx01444p30.us-east-4.psdb.cloud/restaurant?ssl={"rejectUnauthorized":true}'
Here's what I see from my terminal when I run yarn run migration-run
yarn run v1.22.18 $ npx prisma migrate dev Environment variables
loaded from .env Prisma schema loaded from prisma/schema.prisma
Datasource "db": MySQL database "restaurant" at
"hoqx0XXXXX.us-east-4.psdb.cloud:3306"
Error: Migration engine error: unknown error: Code: UNAVAILABLE server
does not allow insecure connections, client must use SSL/TLS
error Command failed with exit code 1. info Visit
https://yarnpkg.com/en/docs/cli/run for documentation about this
command.
Is there anyone who has tried to connect to PlanetScale DB from Node.js on localhost? I have tried some other suggestions from Stackoverflow, but don't seem to work.
?ssl={"rejectUnauthorized":false}&sslcert=/etc/ssl/certs/ca-certificates.crt
Adding these params at the end of the connection link, the issue has been fixed. :)
SSL ISSUE ON WINDOWS
If you're working on a Windows machine and using a .env file for your connection string, here is what worked for me to run locally (windows does not have a default /etc/ssl/certs/ reference as answered here).
You get your connection string from the PlanetScale console, via "overview" > "connect"
This will look something like:
DATABASE_URL='mysql://xxxxxx:*****#aws-eu-west-1.connect.psdb.cloud/dbName?ssl={"rejectUnauthorized":true}'
When plainly using this you will most likley get the follow error message (as the question states):
Code: UNAVAILABLE server does not allow insecure connections, client must use SSL/TLS
You therefore need to provide a local cert, one can be downloaded from the following trusted location:
https://curl.se/docs/caextract.html
Next, you need to save this file to a logical location on disk that can be referenced in your connection string, for example c:/temp/cacert.pem
Once saved you can then append then following to your connection string:
&sslcert=C:\\temp\\cacert.pem
Restart your server and you should be all set! 🎉
The equivelant ssl cert update in NodeJs would look as follows:
const connection = mysql.createConnection({
host: 'hostNameHere',
user: 'userNameHere',
password: 'passwordHere',
database: 'dbHere',
ssl: {
ca: fs.readFileSync('C:\\temp\\cacert.pem')
}
});
Problem
I launched a MySQL RDS instance and was able to successfully connect to it using MySQL Workbench. However, I am still not able to connect to it from my local workstation using the following URI:
'mysql+pymysql://user:password#db_identifier.XXXXXXXXXX.us-east-1.rds.amazonaws.com:3306/db_name'
or the same URI without the port:
'mysql+pymysql://user:password#db_identifier.XXXXXXXXXX.us-east-1.rds.amazonaws.com/db_name'
The error that I receive when I specify this as my database URI and execute a db.create_all() command is:
sqlalchemy.exc.OperationalError:
(pymysql.err.OperationalError)
(2003, "Can't connect to MySQL server on 'db_identifier.XXXXXXXXXX.us-east-1.rds.amazonaws.com'
([WinError 10060] A connection attempt failed because the connected party did not
properly respond after a period of time, or established connection failed because
connected host has failed to respond)")
Question
What can I do to connect using pymysql? And why would it connect with MySQL Workbench and not through this URI?
Context
I am following the tutorial here. This uses SQLAlchemy to execute the SQL statements in Python.
The RDS instance (and its associated subnet/VPC) have the following:
a security group open on port 3306
NACL rules that allow incoming and outgoing traffic
Public Accessibility set to "Yes"
Check my answer on this post, it could be something about the "Public accesibility" option in your rds "Connectivity and Security" section as described here;
https://stackoverflow.com/a/63514997/2934184
I have setup an openstack by following tutorial. I am facing error on creating vm instance.
The error is:
I have configured the sql following this link
My nova.conf file looks like this:
Note: I am not connecting the vm to public network as given in this answer
This error occurs when
connection = mysql+pymysql://nova:NOVA_DBPASS#controller/nova
is not exist in [database] part in /etc/nova/nova.conf.
If the NOVA_DBPASS is wrong, then the error message will be
Unable to establish connection to http://controller:8774/v2.1/servers/detail: HTTPconnectionPool, not the no sql_connection parameter is established.
After setting the nova.conf config file, you should restart the nova service with these commands.
service nova-api restart
service nova-scheduler restart
service nova-conductor restart
service nova-novncproxy restart
I got stuck in using ejabberd and JSXC after installing with default configuration and move from Mnesia to MySQL, I could not login to admin site anymore. I checked log as below :
2015-08-06 15:50:32.972 [error] <0.3196.0>#ejabberd_auth:is_user_exists:313 The authentication module ejabberd_auth_odbc returned an error
when checking user <<"ejabberd">> in server <<"10.30.173.89">>
Error message: <<"Unknown Host">>
By the way, could you please help me to create MUC (multi-user chat), I don't know how to config it in JSXC and ejabberd.
This is an error in your configuration. "Unknown Host" error for the SQL query means that ejabberd could not find any MySQL database configured for that domain.
You need to check and fix your ejabberd configuration file.
I also have same question in same scenario.
I can add a new user from command line and also view it in my MySQL DB
./ejabberdctl register test2 localhost test2
But getting unknown host error when the user is trying to connect from client.
I need to access to a MySQL remote server, and I want to do this with the R software.
I set up the connection parameter but I can't access. I use this code:
drv <- dbDriver("MySQL")
library(RMySQL)
# open the connection using user, passsword, etc., as
con <- dbConnect(MySQL(), user="user", password="psw",
dbname="NameDB", host="webhosting", port=3306)
And I receive this error:
Error in mysqlNewConnection(drv, ...) :
RS-DBI driver: (Failed to connect to database: Error: Connection using old (pre-4.1.1)
authentication protocol refused (client option 'secure_auth' enabled)
I tried to connect to the database with the MySQL workbench, and it's working only if I select the option: "use the old authentication protocol".
Hence I know that it is what I need to activate in my connection, also using R. However I don't know how to do this! I tried to disable "secure_auth" but dbConnect does not have that parameter.
How can I change the authorization? Thanks in advance!
P.s.: I can't upgrade the server password to make it compatible with post-4.1.1 protocol.
You may want to try to connect to MySQL with RJDBC instead - it will connect with the JDBC driver under the covers, which apparently will allow old-style authentication.
Depending on the size of the DB, you can Clone the remote DB to a local one using MySQL Workbench. Then it's just a local connection, and you can disable/control authentication on it.