I am trying to setup database secrets through Hashicorp vault for MySQL Database. I've followed the instructions provided in the documents (https://www.vaultproject.io/docs/secrets/databases/index.html) for the configuration of database and role.
However when I try to generate the credential I am facing an error - 403 Permission Denied.
The logs on the server do not show any errors as well.
I am running the server on the Dev mode as I am trying to implement a prototype.
Is there some specific permissions that I need to setup and have missed?
Appreciate any help or feedback.
Thanks,
Aravind
I realised that the problem was due to a mismatch on the config of the database and the roles.
The role I was trying to get the credential for was not in the allowed roles for the database.
Thanks,
Aravind
Related
I'm creating a new production environment using all the newest (server, sql, ssrs). I got my test environment up and running with no issues but the production environment has MUCH stricter security measures on the network and server.
Just when I thought everything was good I clicked on my first report and got "HTTP Error 503. The service is unavailable". Did a few searches and all kinds of related hits popped up. Trial versions expiring, Duplicate SID's on copied VM's, etc. But one solution was really easy to test. Grant the service account used by Reporting Service Local Admin privileges.
Ok...done and it worked! Easy fix? But is it the best solution? What permission does the service account need? Granting it Admin worked...but is there a lesser (more specific) privilege I can grant to do the same thing?
I got MySql Server on Azure and is configured with Azure Directory Admin.
Example
MySql Servername: mysqlserver and
MySql AD Admin Account: admin#organistionname.com.au (this organisation domain account)
Can see above account from MySql Server under User Accounts.
I stood-up Azure Web App for phpMyadmin and configured to pointed to above MySql db.
When an logging into phpMyAdmin with above Active Directory Admin Account is getting validated against AD, but getting error
mysqli::real_connect(): (HY000/9013): An error occurred while validating the access token. Please acquire a new token and retry.
I need to get a Ad token which need to passed to MySql server.
How to achieve this in Azure Web App?
This documentation should help you: https://learn.microsoft.com/en-gb/azure/mysql/howto-configure-sign-in-azure-ad-authentication#connecting-to-azure-database-for-mysql-using-azure-ad.
You need to acquire an access token in your code for your user against the resource: https://ossrdbms-aad.database.windows.net or against the scope (if using v2): https://ossrdbms-aad.database.windows.net/.default.
Acquiring access tokens with AAD is a whole another topic and the exact way depends on your app.
This answer might help for that: https://stackoverflow.com/a/33512913/1658906
I have the same set up (except phpmyadmin running in a container in AKS).
I believe phpmyadmin can't connect to mysql with azure ad enabled (at least with an AD user/group) because the token (password) is required to be sent in cleartext, and phpmyadmin hashes it before sending it.
I think that's why I get the An error occurred while validating the access token. Please acquire a new token and retry. error.
That's also why in the docs, they set the --enable-cleartext-plugin flag on their example mysql cli commands.
Also in the docs, they state that it's only tested with myqsl cli and mysqladmin.
I'm currently planning on ditching phpmyadmin for azure bastion and a VM running mysqlworkbench for this reason.
I have started using Google's Data Studio I found it very easy to turn the Excel data into Intuitive Business Dashboards with little or no coding skills.
But I have a problem here, whenever I try to connect to Mysql DB (running on my local system) I'm facing error.
Connection Details:
Error Message:
I tried googling the Error Code but No luck.
But I'm able to access the local Mysql Server from Mysql Workbench.
What is that I am missing here? Data Studio Heros?
Thanks in advance.
Simple answer: To expose a localhost service to the web, you have to use ngrok.
For your MySQL the command is:
ngrok tcp 3306
Then the hostname you have to use data studio will be displayed.
Google Data Studio operates on the Web, thus does not have access to your personal local network. However,
You may make you MySQL db Engine accessible to the web by changing the bind-address parameter (See on MySQL Workbench, Instance > Option File > Networking > General > bind-address) to 0.0.0.0.
You also need to create a new user allowed to connect from Hosts Matching %, since Google Data Studio servers are using a dozen of different IP addresses (https://support.google.com/datastudio/answer/7088031?hl=en)
Please refer to this question:
How to make mySQL database at my local accessible from different machines?
Please note that this is a bad practice to open an access to your personal computer and you may instead want to use a MySQL or MariaDB cloud service such as https://console.cloud.google.com/launcher/details/bitnami-launchpad/mariadb
You cannot put host address as localhost.
1) You will need to check your device address at whatismyip.com or something like that.
2) Second thing you need to check is if your device is under firewall or not.
You can refer below URL for more information
http://qsok.com/x/KIBr
As Will mentioned above, it's best practise to use cloud service such as Google Cloud itself to host your MySql database and then take the connection there.
When you connect your database to Data Studio you need to open firewall for all the IP addresses it uses. You can find the whole list of IPs on the bottom of this support article https://support.google.com/datastudio/answer/7088031?hl=en
If your database is behind a firewall, you will need to open access to
the all of the following IP addresses. These are used by Data Studio
to connect to and query your MySql database.
I have been trying to log in Cosmos-GUI to start developing my FIWARE application, but after I log in with my FILAB user/password I get "Error:Invalid IdM User"
I saw a similar question, and they said that it was caused by a migration of the server and that now it is solved, but I still have the problem (Invalid Idm User when trying to Connect to Cosmos Gui).
Fixed by private email. Nevertheless, putting here the identifed problem for future reference to other potential users: if the FIWARE LAB password contains non alphanumeric characters then the Cosmos portal fails on creating the account. Currently reasearching why.
I am using the vmc tool to upload my web application to cloudfoundry. I have pushed my web aplication and created service to bind with. But I am getting a problem in tunneling it. I want to connect my database stored in backup file in my system with my web application. Here is the image where I entered the commands:
I am having an error about path. I don't know how to resolve this. Please let me know how I should attach my databse with my web application.
What the error is saying is that you need to have MySQL client on your build path. Caldecott (the application which gets executed when you type vmc tunnel) uses your own client for either MySQL, Postgres or Redis. If you do not have MySQL client installed or if you do not have it defined in your PATH environment variable, you will get this error.
This is probably not it but there's a space in your password string in the screenshot provided.
Besides that it seems that this error may be generated if the "build path" used for connecting to the database is incorrect. Manually check if the tunnel to the database works fine with those credentials and/or check to see if VMC can access other databases.