Connecting to MySql gear on another gear - mysql

so I have two free gears on OpenShift.
One is a PHP with MySql 5.7 from:
https://github.com/icflorescu/openshift-cartridge-mysql
To which I can remote login from my PC without any problem by SSH tunnel.
Now on the second gear I wanted to create Spring Boot app that would connect to DB on the first gear. Using env | grep MYSQL on first gear I receive:
OPENSHIFT_MYSQL_DB_PORT=13306
OPENSHIFT_MYSQL_DB_HOST=127.10.104.130
So this + my logging data was put into Spring application.properties, after successfull build Spring crashed at data pool creation because it could not connect to database so I SSHed into second hear and tried accessing MySQL instance from first gear via:
mysql -u root -h 127.10.104.130 -P 13306 but I get error message:
Can not connect to MySQL Server on '127.10.104.130' (113)
After that I tried:
mysql -u root -h myAppName-domain.rhcloud.com -P 13306 which results in longer time of connection but ultimatelly failling with:
Can not connect to MySQL Server on 'myAppName-domain.rhcloud.com' (110)
And I can easly ping gear#1 from gear#2 so I am confused - do I need some extra sql config or firewall settings? I am also doing tail on mysql logs and nothing is showing up like connection is not even made.

If you are connecting on another gear you have to use the OPENSHIFT_MYSQL_DB_PROXY_PORT instead.
The easiest way I find to tell if its a database issue or a network issue is to simply try to telnet to the remote mysql host.
Ex - this should result in a connection timeout if you are on a different gear.
telnet 127.10.104.130 13306
But this should connect:
telnet <mysql app id>.domain.rhcloud.com <WHATEVER THE PROXY PORT IS>

I'm the author of the openshift-cartridge-mysql mentioned above.
It's been a while since I've published that cartridge, but if I remember correctly, the setup script is quite unassuming and there's nothing created by default, so you have to create your own users, databases and explicitly grant the appropriate privileges.
Connect from your PC either by ssh or by Workbench over ssh tunnel, create your user and database, then execute something like:
GRANT ... ; FLUSH PRIVILEGES;
You can learn more on MySQL's GRANT command in the official manual.
There's a line in the repo README exemplifying how you could grant remote access to root, which is not as unsafe as it looks because you can only access the DB gear from your main application gear.
But ideally you'd want to limit the access as much as possible (to a specific user coming from a specific host/IP, such as your main application gear). Something like this:
GRANT ALL ON appdb.* TO 'appuser'#'appgear';
Don't forget to FLUSH PRIVILEGES when you're done.
I hope this helps,
#icflorescu

Related

Connect to existing MySQL database on server from local computer

I am trying to connect to an existing mysql database on a linux server and scaffold tables in my project and working with them via EFCore.
I use this command line to scaffold :
dotnet ef dbcontext scaffold "server={IP};port={PORT};userid={USER_ID};password={PASSWORD};database={DB_NAME};" Pomelo.EntityFrameworkCore.MySql -o Models -f
But it shows this error to me:
Host '{MY_IP}' is not allowed to connect to this MySQL server
I am using Pomelo.EntityFrameworkCore.MySql library on .NET Core 2.1 SDK
What should I do?
If your MySQL instance is bound to the public IP address (you can check this by doing 3306 port scan for that IP - assuming MySQL is running on the standard port) then you need to grant privileges on the database for the user you are using as follows:
GRANT ALL PRIVILEGES ON <yourdb>.* TO `<youruser>`#`<yourip>` IDENTIFIED by '<yourpassword>';
After you have run this you need to run the FLUSH PRIVILEGES; command. Assuming all above conditions are met you should be able to access your DB remotely.
There are 2 things to understand before trying to connect.
1) Generally, databases are allowed to listen to local machine, ie localhost.
2) databases as mysql authentication comes in pair i.e. user#host_name.
So changing the way DB want you are really screwing security.
Now here is the way you can change MySQL listen for rest of world.
1) go to **my.cnf**, Check ‘**bind-address**’, comment this line. it
must be bind with `localhost` or `127.0.0.1`.
2) go to database MySQL, table users, column host replace
`localhost` to `"%"`, so the anyone from anywhere can connect.
3) `CREATE USER ‘root’#‘%’ IDENTIFIED BY ‘some_pass’`;
4) `GRANT ALL PRIVILEGES ON *.* TO ‘root’#‘%’;`
5) `FLUSH PRIVILEGES;`

port fowarding for mysql server ubuntu remote connection

I have a ubuntu 16.04 on which I run 3 servers from virtualbox (a webserver, a home file server and a mysql server).
In this mysql server I naturally have an internal ip (192.168....) and an external one.
However when I try to connect remotely to this mysql server from mysql shell, workbench or .NET connector (eg. mysql -u root -p -h 172.241.442.12) using the external IP of this virtual machine I always get ERROR: Not connected.
My question is whether to connect I have to enable port forwarding in my router (3306), just as I would do enabling 80/8080 in a webserver to make it accessible from the internet.
I never did it before and haven't find any clear tutorial either. My main purpose is to connect to this db in a vb.net application.
Thanks!
Yes, if you intend to access it in this manner you will need to forward a port. You will also need to grant access to MySQL for a user that is allowed remote access.
GRANT ALL ON somedb.* TO `user`#`123.123.123.123` IDENTIFIED BY 'somePassword'
The IP address can be a hostname, or % to match everything.
That said, unless you really need a permanant external connection to MySQL you should not expose it like this, the better option would be to tunnel the port through SSH.
ssh -N user#dbserver -L12345:localhost:3306 &
mysql -u root -h localhost -P 12345

MySQL Host '::1' or '127.0.0.1' is not allowed to connect to this MySQL server

I have a strange issue on a web server (Windows Server 2012) with MySQL 5.7.16.
I can't connect anymore to mysql server, I don't know why.
If I type mysql -uroot -ppassword appear an error
ERROR 1130 <HY000>: Host '::1' is not allowed to connect to this MySQL server or
ERROR 1130 <HY000>: Host '127.0.0.1' is not allowed to connect to this MySQL server
I tried to use another user with all privileges and I've seen that in host there is only localhost (not 127.0.0.1 or ::1)
How can I login with root#localhost and not with root#127.0.0.1?
It's very frustrating...
Every account trying to use #127.0.0.1 or #::1 but there exist only localhost in host and I can't change it.
If I type mysql -uroot -ppassword I see
ERROR 1130 <HY000>: Host '127.0.0.1' is not allowed to connect to this MySQL server
Same if I type mysql -uroot -ppassword -h localhost or anything else
Ok i Fixed...
I've comment "skip_name_resolve" in my.ini and everything is back to work.. i really don't know why because this record was in my.ini also yesterday..last week.. last month..
The variable skip_name_resolve gives better performance because the server does not try to resolve the names of the connecting clients or look for them every time in the host name cache (even localhost is resolved/searched), but the manual states that config also limits the #localhost connections. The solution is to copy the #localhost users with #127.0.0.1, like this:
CREATE USER 'root'#'127.0.0.1' IDENTIFIED BY 'root-password';
CREATE USER 'root'#'::1' IDENTIFIED BY 'root-password';
FLUSH PRIVILEGES;
where ::1 is localhost for IPv6 addressing. This way we keep the root and local accounts limited to the local server. Using '%' open the potential clients to the world, and we don't want that. Disabling skip_name_resolve also requires the server having an accesible and fast DNS resolver to minimize latency.
I noted that I can connect with a local phpmyadmin even if the user has #localhost; this is because phpmyadmin connects thru a local unix socket, a special type of file used to communicate between processes, and does not need networking.
EDIT: As #Francisco R noted, the new root users also should have full access to all databases by issuing the following commands:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'127.0.0.1'
GRANT ALL PRIVILEGES ON *.* TO 'root'#'::1'
FLUSH PRIVILEGES
I had the same message after a fresh installation with the no-install zip and solved it as follows. Perhaps this could have been a solution for your problem too:
Stop the MySQL server or service.
Open a Command Prompt window with administrative rights and go to the bin folder in the MySQL install directory.
Start MySQL with skip-grants-table and don't forget your config file:
mysqld --defaults-file=[filename] --skip-grant-tables
Open another Command Prompt window and go to the bin folder again.
Now you can login:
mysql -u root -p
Show the users with:
SELECT user, host FROM mysql.user;
Verify there is one 'root' with host 'localhost'.
Change the host:
UPDATE mysql.user SET host='%' WHERE user='root';
Exit the mysql program and close the Command Prompt window.
Type Ctrl-C in the other Command Prompt window to stop the server, then close the Command Prompt Window.
Start MySQL as you normally would and verify that you can login.
Make sure that when you created the user you have specified % as the hostname, otherwise the user will only be able to connect from the localhost.
I came here looking for a solution using Local by flywheel for wordpress development to the same problem, BUT, in a linux machine.
Just if someone faces the same problem, the solution listed here works.
Just comment skip_name_resolve in the file conf/mysql/my.cnf.hbs under the file tree created by Local
Thanks!
Looks that you need to modify your hosts file. C:\Windows\System32\Drivers\etc\hosts
just add the line and save it, (to be able to edit and save you may need to open it as administrator)
127.0.0.1 localhost

GCE and Debian - Unable to connect to MYSQL from TOAD

In Google Compute Engine, LAMP installed using 'click to Deploy'. I have enabled ALLOW HTTP,HTTPS traffic also in the API console.
I couldn't connect MySQL via Toad. I tried the following Connection Type 1.SSH, 2.TCP, 3.SSL.
Refer this image:
.
I got issues while connecting through any of these three connection types. How to connect MySQL(created using GCE) via Toad?
I used SSH keys also, is there any specific method to connect to this mySQL created via GCE?
My remote server my.cnf file
If you want to connect to Mysql from a remote PC with Toad:
1) Add a firewall rule in the Developer Console Compute Engine network page to allow tcp:3306 (mysql port) to your IP or to everyone (0.0.0.0/0, easier but not secure) and then use Toad TCP connection.
2) Check that mysql user accepts connections from your IP or from every IP (%) or create a new mysql user. You can connect to instance in SSH and give the following commands to create a new Mysql user:
mysql -u root -p
then create user (change 'newuser' and 'password' according to your needs) :
CREATE USER 'newuser'#'%' IDENTIFIED BY 'password';
Grant user permission:
GRANT ALL PRIVILEGES ON * . * TO 'newuser'#'%';
FLUSH PRIVILEGES;
exit;
If connection still fails:
3) Check that mysql is listening on all IP addresses, for Debian see in /etc/mysql/my.cnf and change bind-address to :
bind-address = 0.0.0.0
and restart mysql:
/etc/init.d/mysql restart
Hope this helps.
Sincerely,
Paolo
Id try to access mysql from another server in the same network and project to help narrow down where your requests are getting blocked. If you can access mysql from another instance then it could be your firewall rules.
Also, does debian have iptables or another software firewall enabled by default?

Connecting to MySQL on AWS via Query Browser While Outside the U.S

I am running MySQL on an Amazon AWS Instance. I was able to previously connect to the MySQL Database via MySQL Query Browser. Now I am traveling outside the U.S. and I am having trouble connecting via the Query Browser. I am able to use Terminal to create an ssh connection and then login to MySQL, so it does not appear to be a larger issue with the MySQL Database.
Has anyone else had a similar problem? Any ideas how I can fix this?
This is the error I get from the MySQL Browser
Your connection attempt
failed for user 'admin' from your host to server at
ec2-XXX-XXX-XXX-XXX.compute-1.amazonaws.com:3306: Can't connect to
MySQL server on 'ec2-XXX-XXX-XXX-XXX.compute-1.amazonaws.com' (4)
Please: 1 Check that mysql is running on server
ec2-XXX-XXX-XXX-XXX.compute-1.amazonaws.com
2 Check that mysql is
running on port 3306 (note: 3306 is the default, but this can be
changed)
3 Check the admin has rights to connect to
ec2-XXX-XXX-XXX-XXX.compute-1.amazonaws.com from your address (mysql
rights define what clients can connect to the server and from which
machines)
4 Make sure you are both providing a password if needed and
using the correct password for
ec2-XXX-XXX-XXX-XXX.compute-1.amazonaws.com connecting from the host
address you're connecting from
The only possible problem I see could be #4, but I ran and re-ran this command via Terminal:
grant all privileges on *.* to 'admin'#'%' identified by '<pass>' with grant option;