I'm working with a containerized Laravel app that is supposed to be connecting to a remote rds database, here is a sample .env
DB_HOST=xxxxxx.rds.amazonaws.com
DB_DATABASE=sample
DB_USERNAME=sample
DB_PASSWORD=sample
DB_PORT=3306
DATABASE_DRIVER=mysql
The container works as it should but the problem is, it cannot connect to the remote rds database, when I try running composer ie:
$ docker exec -ti laravel-php bash
$ composer install
I get this error:
[PDOException]
SQLSTATE[HY000] [1045] Access denied for user 'sample'#'192.168.66.1' (using password: YES)
Script php artisan clear-compiled handling the post-install-cmd event returned with error code 1
192.168.66.1 as my docker container's ip, I suspect that the db policy is open via #localhost access since my dev ops confirmed that it's open for public connections.
I'm using docker-compose version 2 btw, here's a sample docker-compose:
version: '2'
services:
sample-server:
build:
context: ./
dockerfile: sample.server.docker
volumes:
- ../backend:/var/www
ports:
- "8081:80"
environment:
- VIRTUAL_HOST=sample.local
links:
- sample-php
depends_on:
- sample-php
sample-php:
build:
context: ./
dockerfile: sample.php.docker
volumes:
- .:/var/www
links:
- sample-database
environment:
- "DB_PORT=3306"
- "DB_HOST=sample-database"
sample-database:
image: mysql:5.7
environment:
- "MYSQL_ROOT_PASSWORD=samplepassword"
- "MYSQL_DATABASE=sample"
ports:
- "33081:3306"
sample-nginx-proxy:
image: jwilder/nginx-proxy
ports:
- "80:80"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
default:
external:
name: sample-nginx-proxy
How can I fix this?
Check the following:
Database is publicly accessible:
Connecting outside the VPC that the database resides, more specifically accessed over the internet, requires that the database is configured for Public Accessibility. Which you said is already done. As you have an internal IP, and the database does not have a public IP, this is not really required.
Basic Configuration:
Check that the database name, and port is set correctly, which I am sure you have done.
Security Group Inbound Rules:
This is most likely the case, the database will have one or more security groups. Ensure that the security group is configured to allow inbound access from the client in your case: 192.168.66.1
Confirm the IP address of the client:
192.168.66.1 is a strange IP for the container, the first 4 IP Addresses of a VPC Subnet are reserved.
Confirm the network routing:
Confirm that the VPC that contains the client can connect to the database. As the client is running within a docker container ensure that the container can access the database. Easy way to do this is enable ICMP packets on an EC2 instance in the database subnet, and check you can Ping it or use the VPC route analyser.
Check the database user rights:
Can the database user connect for any address not localhost.
Security on the VPC:
Check the ACLs of the subnets for both inbound and outbound
UPDATE:
Here is a link from AWS: Troubleshooting for Amazon RDS.
I guess that's a MySql issue, how did you create the user?
If you want to allow access from everywhere just put %:
GRANT ALL PRIVILEGES ON *.* TO 'sample'#'%' IDENTIFIED BY 'samplepassword' with grant option;
FLUSH PRIVILEGES;
Related
I am learning Prisma and I can't do migration in my localhost.
I am using docker-compose to create an image of mysql and I have successfully connected to the DB, please see my docker-compose.yml and schema.prisma below:
Prisma's version
"prisma": "^4.6.1"
docker-compose.yml
services:
db:
image: mysql:8
volumes:
- db-data:/var/lib/mysql
ports:
- 3306:3306
networks:
- dev
environment:
MYSQL_ROOT_PASSWORD: prismatutorial
MYSQL_USER: prismatutorial
MYSQL_PASSWORD: prismatutorial
MYSQL_DATABASE: prisma_tutorial
command: mysqld --default-authentication-plugin=mysql_native_password
cap_add:
- ALL
networks:
dev:
volumes:
db-data:
driver: local
schema.prisma
generator client {
provider = "prisma-client-js"
}
datasource db {
provider = "mysql"
url = env("DATABASE_URL")
}
model User {
id Int #id #default(autoincrement())
name String
}
.env
DATABASE_URL="mysql://prismatutorial:prismatutorial#localhost:3306/prisma_tutorial"
Every time I run the command of npx prisma migrate dev --name firstMigration and I have the error as shown in the below message:
Error: P3014
Prisma Migrate could not create the shadow database. Please make sure the database user has permission to create databases. Read more about the shadow database (and workarounds) at https://pris.ly/d/migrate-shadow
Original error: Error code: P1010
User prismatutorial was denied access on the database prisma_tutorial
However, when I try to run npx prisma db push , I can see the table is successfully created in my localhost's DB and it doesn't have permission error.
I don't think I have to create a shadow database at this point.
Am I missing out something?
Or, the docker-compose.yml I have written is wrong?
Your help is very appreciated!
In this case, npx prisma db push is successfully creating the tables because it does not require a shadow database. Please note that you should use db push command for quick prototyping.
As you are using MySQL Database, the database user prismatutorial should have CREATE, ALTER, DROP, REFERENCES ON *.* privileges as per this reference. Once you grant these permissions you should be able to use migrate commands.
I'm running docker on my Raspberry Pi. I'm intending to run a few services locally (NextCloud, Bitwarden, etc) and want to use one MariaDB Instance, not one for each as most tutorial show. I've been trying to figure out how to make that work.
I installed mariadb on my RPI and nextcloud via Docker. I passed the MySQL environment variables to that container:
environment:
- MYSQL_PASSWORD=xxx
- MYSQL_DATABASE=dbname
- MYSQL_USER=user
- MYSQL_HOST=192.168.178.36
When I go to the NC initialization page and enter the data, it says Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [2002] Connection refused".
I addded "user#IP" to MySQL and granted it all access to the DB. The IP is the Docker-internal IP of the Container (172.xxx)
I've set up a docker container running a mysql instance on a remote computer I have. In the past this hasn't been an issue but for some reason I can't get it to work now. I am unsure what the issue might be. I am using docker compose and I can't seem to connect through mysql work bench on a different computer even those the container is running. Here are my details:
docker-compose.yaml
version: '3.7'
services:
api:
image: api
restart: unless-stopped
container_name: api
build: ./node/
ports:
- 3008:3008
mysql:
image: mysql
restart: unless-stopped
container_name: mysql
environment:
MYSQL_DATABASE: pitapaldb
MYSQL_USER: user
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: password
build: ./database/
ports:
- 3306:3306
networks:
default:
external:
name: my-net
database/Dockerfile
FROM mysql
COPY init.sql /docker-entrypoint-initdb.d
database/init.sql
CREATE DATABASE mydb;
USE mydb;
SET SQL_SAFE_UPDATES = 0;
ALTER USER 'root' IDENTIFIED WITH mysql_native_password BY 'password';
flush privileges;
CREATE TABLE carts (
id int PRIMARY KEY AUTO_INCREMENT,
lat float,
lon float,
address varchar(255),
status boolean,
city_id int
);
container is definitely running:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
784cf75183f4 mysql "docker-entrypoint.s…" 2 minutes ago Up About a minute 0.0.0.0:3306->3306/tcp, 33060/tcp mysql
But when I try to connect via workbench I get 'unable to connect'. I've tried both username user and root with password password. The IP address I use definitely should work because I have other services operating from it with no issue:
#LoF10 Here is a quick list of things to check:
Can you connect within the docker network on the machine running the MySQL docker? An easy way of testing this is by running a command such as this on your remote machine:
docker run --rm -it --network my-net mysql:5.7 mysql -h mysql -uroot -ppassword
If not, there may be a problem with your MySQL config, MySQL data, or the initialization of the container. These are what #JorgeCampos is suggesting you verify. Since you are pulling directly from MySQL's Docker Hub entry, the config should be set properly to allow remote connections. If good, proceed. FYI, you will know you've connected successfully if you see mysql> on the terminal. To exit: \q.
Can you connect on exposed port on the localhost of the machine running the MySQL docker? An easy way of testing this is by running a command such as this on your remote machine:
docker run --rm -it --network host mysql:5.7 mysql -h 127.0.0.1 -uroot -ppassword
Make sure to use the IP used above and NOT localhost. This is b/c the MySQL client has special handling of the 'localhost' keyword by looking for mysqld locally. Using the 127.0.0.1 forces MySQL to connect via a proper socket connection. If you are not able to connect, then there is a problem with mapping the container's port to your host. If good, proceed.
Assuming both machines are on the same network and the machine that has MySQL Workbench also has docker, can you connect using the IP of the machine running MySQL container e.g. 10.0.0.4? An easy way of testing this is by running a command such as this on your remote machine:
docker run --rm -it mysql:5.7 mysql -h 10.0.0.4 -uroot -ppassword
If not, you may want to verify if you can:
Ping the 10.0.0.4 machine
If there are any firewall rules that prevent its proper exposure to the network. This happens commonly with Windows' default Firewall...
If on AWS, there are a number of reasons why you might not be able to reach if it has been properly assigned a Public Port e.g. Security Groups, Route Tables, Internet Gateway, etc.
Once you are able to proceed from 3 above, then you should be able to connect using MySQL Workbench as you've described.
Hope those help. Any more detailed recommendation will require you sharing more about your local networking setup (OS, Physical/Virtual, how you are determining IP's, etc).
I'm using 2 docker images one with my nodeJS backend server the other with my MySQL database. On the docker-compose file I'm defining the passwords, ports and hostnames correctly:
sql:
image: mysql:5.7.22
hostname: sql
ports:
- 3306:3306
secrets:
- db_root_pass
- db_user_pass
environment:
MYSQL_USER: user
MYSQL_PASSWORD_FILE: /run/secrets/db_user_pass
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_pass
provider:
image: monokilho/app:dev
hostname: provider
ports:
- 3000:3001
- 9221:9229
secrets:
- db_user_pass
command: node --inspect=0.0.0.0:9229 appModule.js
And on my DB_config.js file for NodeJS I have the connection setup like so:
db_config.host = 'sql';
db_config.port = '3306';
db_config.user = 'user';
db_config.password = fs.readFileSync('/run/secrets/db_user_pass', 'utf8');
db_config.database = 'app';
db_config.multipleStatements = true;
Problem is that although, using this exact configurations, docker connects Node to MySQL just fine on my local windows machine, when I upload the images to my remote linux server I continue to get:
Access denied for user 'user'#'8b2e56e566b2.network_default'
I've already remade the secrets, tried manually adding the passwords to the config on NodeJS and nothing... what makes it even weirder is that if I go on the MySQL container to connect directly or if I make another MySQL container and remotely connect it works, so I know the password input on MySQL config is correct and it is accepting remote connections.
Any suggestion what might be the difference between windows and linux for this behavior to happen? Thanks in advance.
PS: If needed windows is windows 10 and linux distro is ububtu 16.04.
EDIT: The access denied error appears on the mysql logs so the nodejs docker can reach the mysql docker and the network should be fine.
Apparently the mysql config was ignoring a sneaky \n on the password file allowing it to work normally with a command line connection, while on the nodejs it was bugging the connection.
I'm trying to set up a MySQL container for developing.
So I used docker-compose to set it up.
The container and the mysql looks OK. The thing is that I want to connect to it from a DBeaver client and I can't find how I do it.
Here is my docker-compose.yml:
version: '2'
services:
db:
image: 'mysql:5.7'
volumes:
- '~/dev/dbs-data/mysql:/var/lib/mysql'
restart: 'always'
expose:
- '3306'
ports:
- '3306:3306'
environment:
MYSQL_ROOT_PASSWORD: 'pass'
MYSQL_DATABASE: 'db'
MYSQL_USER: 'user'
MYSQL_PASSWORD: 'pass'
When I try to connect it from DBeaver I get:
java.sql.SQLException: null, message from server:
"Host '172.18.0.1' is not allowed to connect to this MySQL server"
UPDATE
I'm not trying to connect using the IP 172.18.0.1. I tried to connect using localhost:3306, 127.0.0.1:3306 and with the sub IP docker gave it 0.0.0.0:3306
UPDATE
After having success connecting on my Mac, I tried again with DBeaver on my linux and again:
Tried to connect with other tool, mysql workbench:
As you can see in the official image documention :
MYSQL_ROOT_HOST : By default, MySQL creates the 'root'#'localhost' account. This account can only be connected to from inside the container, requiring the use of the docker exec command as noted under Connect to MySQL from the MySQL Command Line Client. To allow connections from other hosts, set this environment variable. As an example, the value "172.17.0.1", which is the default Docker gateway IP, will allow connections from the Docker host machine.
So you have to set the MYSQL_ROOT_HOST variable with the address 172.18.0.1 that you can see in the error message.
On Docker, run this command to create a MySql container and it will expose the ports to the outside world of docker.
docker run --name <mysql-container-name> -p 3306:3306 -e MYSQL_ROOT_PASSWORD=<root-password> -e MYSQL_USER=root -e MYSQL_PASSWORD=<user-password> -d mysql:latest
Few points to note:
You may see below error when trying to connect with DBeaver:
Public Key Retrieval is not allowed
Solution: When creating a new connection on DBeaver, go to Driver Properties look for allowPublicKeyRetrievel and set it to TRUE. Also, if needed set useSSL to FALSE.
Test your connection from DBeaver or any other clients, and it should be working.
I am new to docker and was experiencing the same issue in Linux, it was an issue with the addresses allowed to accept connection; here is what worked out for me:
Find the MySql configuration file named mysqld.cnf
It would be: /etc/mysql/mysql.conf.d/mysqld.cnfOr if you have your own configuration file.
Edit the bind-address key in it. Set it as: bind-address = 0.0.0.0
This will allow to accept connections from any IP address Restart docker-compose by $ docker-compose down$ docker-compose up
Wait for MySQL to start, it should work fine now.