SFTP using Pysftp on Openshift - openshift

I have a django application running on openshift. From the openshift server I move a file from openshift to a private server. I can do this by setting hostkeys to none and using a password, however that password will change every month so I need to use ssh keys.
I have the following on the private server: known_hosts, id_rsa, id_rsa.pub.
When I try to connect from openshift I receive the error "No Known Hostkeys."
I known since this is a dockerized application running on the cloud this might be a bit tricky to answer, but I could really use some help.
Thank you,
I have attempted to put the id_rsa.pub from the private server into a file and use hostkeys.load(id_rsa.pub) and then connect without a password.
Setup
/opt/app-root/src/.ssh/known_hosts - I have the known_hosts from the private server
/views.py -
id_rsa_pub = "known_hosts"
id_rsa_pub = settings.STATICFILES_DIRS[0] + '/' + id_rsa_pub
known_hosts = '/opt/app-root/src/.ssh/known_hosts'
cnopts = pysftp.CnOpts()
print("id_rsa_pub below:")
print(id_rsa_pub)
cnopts.hostkeys.load(known_hosts)
with pysftp.Connection(host=host, username=username,
private_key=id_rsa_pub, cnopts=cnopts) as srv:
id_rsa_pub is located in static files
The error is "pysftp.exceptions.HostKeysException: No Host Keys Found"

Alright, this was quick.
I never solved the hostkey issue, however if you use private_key=id_rsa_pub and you have a path to it on Openshift in you src somewhere, the connection will go through. Make sure to set cnopts.hostkeys = None.
Thanks

Related

GAS MySQL SSL connection

I want to connect via Jdbc.getConnection() with my Google Cloud MySQL db and use SSL.
Within GAS: I have made the exact same setup as described in this old answer, but I get the error message: "Exception: We're sorry, a server error occurred. Please wait a bit and try again."
conn = Jdbc.getConnection('jdbc:mysql://xxx.xxx.xxx.xxx/myDBname?useSSL=true', {
'user': settings.user,
'password': settings.userPwd,
'_serverSslCertificate': '-----BEGIN CERTIFICATE-----super_secret_1-----END CERTIFICATE-----',
'_clientSslCertificate': '-----BEGIN CERTIFICATE-----super_secret_2-----END CERTIFICATE-----',
'_clientSslKey': '-----BEGIN RSA PRIVATE KEY-----super_secret_3-----END RSA PRIVATE KEY-----'
});
Did something change over the years?
What I have tried so far:
The user and password seems to be correct, because without "?useSSL=true" everything works
I have also created new SSL certificates within GCP
Unfortunately Jdbc.getCloudSqlConnection() is not an option to use instead Jdbc.getConnection()
Runtime V8 and Stable/Rhino throw the same error
Cause for the issue: Within the certificate and key strings the "\n" are missing.
These are not inserted within the GCP SQL modal when a new SSL certificate was created. So you need to download client-key.pem, client-cert.pem and server-ca.pem and replace each line break with a "\n".

Heroku SSL connection error unsupported protocol

I have been using Heroku for a while to host my Discord bot. It has been connecting to a MySQL database hosted on ClearDB successfully. However, very recently, whenever I use the bot and it tries to connect to the database, it throws this error:
2026 (HY000): SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
It has been working completely fine until now, and I haven't changed anything. For background, all I did was delete a pipeline and make my app a standalone app without any pipeline. Just in case this helps.
Is this because Heroku has been updated? How can I fix my bot? Let me know if you need any more information.
Any help is appreciated, and Thank You in advance!
EDIT:
Database connection code:
import mysql.connector
def create_conn():
conn = None
try:
conn = mysql.connector.connect(host="HOST",
database="DB",
user="USER",
password="PWD")
except Exception as e:
print(e)
return conn
def execute_query(query, params, fetchall=True):
conn = create_conn()
if conn:
cursor = conn.cursor()
cursor.execute(query % params)
try:
if fetchall:
results = cursor.fetchall()
else:
results = cursor.fetchone()
except:
results = None
conn.commit()
cursor.close()
conn.close()
return results
else:
return False
The database connection used to work, and still works when I run it on my testing machine, a raspberry pi.
EDIT 2:
requirements.txt:
aiohttp==3.6.3
async-timeout==3.0.1
attrs==20.3.0
CacheControl==0.12.6
cachetools==4.2.0
certifi==2020.12.5
cffi==1.14.4
chardet==3.0.4
click==7.1.2
cryptography==3.3.1
cssselect==1.1.0
cssutils==1.0.2
discord==1.0.1
discord-pretty-help==1.2.0
discord.py==1.6.0
emoji==0.6.0
Flask==1.1.2
google-api-core==1.24.1
google-api-python-client==1.12.8
google-auth==1.24.0
google-auth-httplib2==0.0.4
google-cloud-core==1.5.0
google-cloud-firestore==2.0.2
google-cloud-storage==1.35.0
google-crc32c==1.1.0
google-resumable-media==1.2.0
googleapis-common-protos==1.52.0
grpcio==1.34.0
gunicorn==20.0.4
httplib2==0.18.1
idna==2.8
importlib-metadata==3.3.0
itsdangerous==1.1.0
jeepney==0.6.0
Jinja2==2.11.2
keyring==21.8.0
lxml==4.6.2
MarkupSafe==1.1.1
msgpack==1.0.2
multidict==4.7.6
mysql-connector-python==8.0.22
numpy==1.19.4
pandas==1.1.5
premailer==3.7.0
proto-plus==1.13.0
protobuf==3.14.0
pyasn1==0.4.8
pyasn1-modules==0.2.8
pycparser==2.20
python-dateutil==2.8.1
python-dotenv==0.15.0
pytz==2020.4
requests==2.25.1
rsa==4.7
schedule==0.6.0
SecretStorage==3.3.0
six==1.15.0
typing-extensions==3.7.4.3
uritemplate==3.0.1
urllib3==1.26.2
Werkzeug==1.0.1
yagmail==0.14.245
yarl==1.5.1
zipp==3.4.0
Just in case you can turn of ssl by:
conn = mysql.connector.connect(host="HOST",
database="DB",
user="USER",
password="PWD",
ssl_disabled=True)
i'm not quite sure how to do this, but i'm pretty sure you have to disable SSL for it to work, hope this helps.
Clearly, you need to enforce an SSL connection between your app and MySQL.
If you are using ruby stack then follow the given options and your SSL error problem will be solved.
Download the CA, Client, and Private Key files from your ClearDB dashboard and place them in the root of the application’s filesystem.
Make sure you have OpenSSL installed, which you can find here for Unix/Linux/OS X and here for Windows.
*Due to the MySQL client library configuration used on Heroku, you will need to strip the password from the private key file, which can be done like this:
$ openssl rsa -in cleardb_id-key.pem -out cleardb_id-key-no-password.pem
You can now delete the cleardb_id-key.pem and rename cleardb_id-key-no-password.pem to cleardb_id-key.pem, which you will use with your app.
*Set the DATABASE_URL config variable with the value of your modified CLEARDB_DATABASE_URL, like this:
$ heroku config:add DATABASE_URL="mysql2://abc1223:dfk243#us-cdbr-east.cleardb.com/my_heroku_db?
sslca=cleardb-ca-cert.pem&sslcert=cleardb_id-cert.pem&sslkey=cleardb_id-key.pem&reconnect=true"
notice how we added the “reconnect=true” parameters to the end of the URL? This is so that your application will automatically reconnect to ClearDB in the event of a connection timeout.
From here, simply restart your application (if Heroku didn’t already do that for you), and as long as you specified the correct file names and paths to the certificates in your DATABASE_URL, your app will now connect via SSL to ClearDB.

How to connect to local MySQL Server 8.0 with DBIish in Perl6

I'm working on a Perl6 project, but having difficulty connecting to MySQL. Even when using the DBIish (or perl6.org tutorial) example code, the connection fails. Any suggestions or advice is appreciated! User credentials have been confirmed accurate too.
I'm running this on Windows 10 with MySQL Server 8.0 and standard Perl6 with Rakudo Star. I have tried modifying the connection string in numerous ways like :$password :password<> :password() etc. but can't get a connection established. Also should note that I have the ODBC, C, C++, and.Net connectors installed.
#!/usr/bin/perl6
use v6.c;
use lib 'lib';
use DBIish;
use Register::User;
# Windows support
%*ENV<DBIISH_MYSQL_LIB> = "C:/Program Files/MySQL/MySQL Server 8.0/liblibmysql.dll"
if $*DISTRO.is-win;
my $dbh = DBIish.connect('mysql', :host<localhost>, :port(3306), :database<dbNameHere>, :user<usernameHere>, :password<pwdIsHere>) or die "couldn't connect to database";
my $sth = $dbh.prepare(q:to/STATEMENT/);
SELECT *
FROM users
STATEMENT
$sth.execute();
my #rows = $sth.allrows();
for #rows { .print }
say #rows.elems;
$sth.finish;
$dbh.dispose;
This should be connecting to the DB. Then the app runs a query, followed by printing out each resulting row. What actually happens is the application hits the 'die' message every time.
This is more of a work around, but being unable to use use a DB is crippling. So even when trying to use the NativeLibs I couldn't get a connection via DBIish. Instead I have opted to using DB::MySQL which is proving to be quite helpful. With a few lines of code this module has your DB needs covered:
use DB::MySQL;
my $mysql = DB::MySQL.new(:database<databaseName>, :user<userName>, :password<passwordHere>);
my #users = $mysql.query('select * from users').arrays;
for #users { say "user #$_[0]: $_[1] $_[2]"; }
#Results would be:
#user #1: FirstName LastName
#user #2: FirstName LastName
#etc...
This will print out a line for each user formatted as shown above. It's not as familiar as DBIish, but this module gets the job done as needed. There's plenty more you can do with it to, so I highly recommend reading the docs.
According to this github DBIish issue 127
The environmental variable DBIISH_MYSQL_LIB was removed. I don't know if anyone brought it back.
However if you add the library's path, and the file is named mysql.dll, it will work. Not a good result for the scientific method.
So more testing is needed - and perhaps
C:\Program Files\MySQL\MySQL Server 8.0\lib>mklink mysql.dll .\libmysql.dll
Oviously you can create your own lib directory and add that to your path and then add this symlink to that directory.
Hope this helps. I've spent hours..
EDIT: Still spending time - accounting later.
Something very transitory is going on. I reset the machine (perhaps always do this from now on), and still got the missing mysql.dll errors. Tried going into the MySQL lib directory to execute raku from there.. worked. changed directories.. didn't work.
Launched administrator cmd - from home directory, tried the raku command. Worked. Ok - not good, but perhaps consistent. Launched non admin cmd, tried it from the MySQL lib directory, worked. And just for giggles, tried it outside of that directory.. worked.
Now I can't get it not to work. Will explore NativeLibs::Searcher as Valle Lukas suggested!
Maybe the example in the dbiish repository is not valid anymore.
The DBIISH_MYSQL_LIB Env seems to be replaced by NativeLibs::Searcher with commit 9bc4191
Looking at NativeLibs::Searcher may help to find the root cause of the problem.

How to configure neo4j server to use bolt

I am currently running awebapp with an embedded neo4j. Now I want to change to a standalone neo4j server using bolt. Neo4j has been loaded onto a standalone and port 7474 work as expected.
Using the following code works as expected:
var authority = neo4j.v1.auth.basic("neo4j", "XXXXXXXX");
_driver = neo4j.v1.driver("bolt://localhost ", authority, {encrypted:false});
However
var authority = neo4j.v1.auth.basic("neo4j", "XXXXXXXX");
_driver = neo4j.v1.driver("bolt://somesite.com/ ", authority, {encrypted:false});
Fails with:
neo4j-web.js:27568 WebSocket connection to 'ws://somesite.com:7687/' failed: Error during WebSocket handshake: net::ERR_CONNECTION_RESET
The port 7687 has been enabled. The neo4j version 3.0.4 and the server operating system is Centos 7.
What am I missing?
Thanks for the help
you need to enable remote connections by adding the following line to conf/neo4j.conf:
dbms.connector.bolt.address=0.0.0.0:7687
Stefan's answer works for Neo4j 3.0 (see this KB article).
For those that are having an issue like Maulik, you are probably using a more recent version of Neo4j (3.5, 4.x), in which case you need to use the following instead:
dbms.connector.bolt.advertised_address=localhost:7687
dbms.connector.bolt.listen_address=0.0.0.0:7687

Hosting a keystonejs app with openshift

I keep getting a 503 but no errors in the log when trying to host my keystone.js app on openshift, has anyone successfully hosted a keystone app with them? Everything works fine on localhost.
I am using a fresh install of keystone.js with no blog or cloudinary.
Your providing very little information to give you a definitive answer. What options are you passing to keystone.init()? Are you using dotenv? If so, what are you setting there? Did you set any environment variables using rhc set-env?
I ask because a common (though not by far the only) culprit of 503 errors in Node.js applications on OpenShift is a port number overriding OpenShift's. Keystone looks at process.env.PORT before it looks at process.env.OPENSHIFT_INTERNAL_PORT. So, if you have PORT set on your .env or with rhc set-env it will take precedence over OPENSHIFT_INTERNAL_PORT.
I came across a similar question on the KeystoneJS Google Group. In that other case the developer had added a MONGODB cartridge to his app, but had not set the connection string for the cartridge in Keystone.
If this is your case as well you need to set the Keystone mongo option in Keystone.init() or using Keystone.set('mongo', 'connection_sring'). When you created the cartridge you got a url and some credentials. OpenShit passes these to your application in environment variables. You can build the mongo connection string as follows:
var connectionString = process.env.OPENSHIFT_MONGODB_DB_USERNAME + ":" + process.env.OPENSHIFT_MONGODB_DB_PASSWORD + "#" + process.env.OPENSHIFT_MONGODB_DB_HOST + '/' + process.env.OPENSHIFT_APP_NAME;
keystone.set('mongo', connectionString);
or
keystone.init({
...
mongo: connectionString,
...
});
Or you can use rhc set-env to set the MONGO environment variable as follows:
rhc set-env MONGO=http://{username}:{password}#{connection url}/{dbname} -a your_app_name
The connection url above is the one you got from OpenShift when you created the cartridge. If looks like a standard MONGODB url (e.g. mongodb://127.6.85.129:27017/).
These are just my best guesses, given that your question is a bit thin on details. You may want to post some more specifics so we can more accurately assess your problem.