Is it possible to create an endpoint in SQL Server 2008 Service Broker with support for
Certificate based authentication and using domain account for Authorization?
e.g.
CREATE ENDPOINT ServiceBrokerEndpoint
AUTHORIZATION [domain\username]
STATE=STARTED AS TCP (LISTENER_PORT = 4022, LISTENER_IP = ALL)
FOR SERVICE_BROKER (MESSAGE_FORWARDING = DISABLED, MESSAGE_FORWARD_SIZE = 10, AUTHENTICATION = CERTIFICATE [CertificateName], ENCRYPTION = SUPPORTED ALGORITHM RC4)
Try this
-------------------------------------
-- connect to server
-------------------------------------
use master;
go
create master key encryption by password = '...';
create certificate [<servername>]
with subject = '<servername>'
, start_date = '20100216'
, expiry_date = '20150216';
create endpoint broker
state = started
as tcp (listenner_port = 4022)
for service_broker (authentication = certificate [<servername>]);
-- Export the public key to disk
backup certificate [<servername>]
to file = '\\someshare\<servername>.cer';
--------------------------------
-- connect to client
--------------------------------
use master;
go
create master key encryption by password = '...';
create certificate [<clientname>]
with subject = '<clientname>'
, start_date = '20100216'
, expiry_date = '20150216';
create endpoint broker
state = started
as tcp (listenner_port = 4022)
for service_broker (authentication = certificate [<clientname>]);
-- Export the public key to disk
backup certificate [<clientname>]
to file = '\\someshare\<clientname>.cer';
--create an identity for server and import the server's certificate:
create login [<servername>] with password = '...';
alter login [<servername>] disable;
create user [<servername>];
create certificate [<servername>]
authorization [<servername>]
from file = '\\someshare\<servername>.cer';
--authorize <servername> to connect on the broker endpoint
grant connect on endpoint::broker to [<servername>];
---------------------------------------
-- connect to the server
---------------------------------------
--create an identity for client and import the client's certificate:
create login [<clientname>] with password = '...';
alter login [<clientname>] disable;
create user [<clientname>];
create certificate [<clientname>]
authorization [<clientname>]
from file = '\\someshare\<clientname>.cer';
--authorize <clientname> to connect on the broker endpoint
grant connect on endpoint::broker to [<clientname>];
Related
I created an RDS DB Instance using a mocked boto3 rds client. Here's how I set it up in my conftest.py
#pytest.fixture
def aws_credentials():
"""Mocked AWS Credentials for moto."""
os.environ["AWS_ACCESS_KEY_ID"] = "testing"
os.environ["AWS_SECRET_ACCESS_KEY"] = "testing"
os.environ["AWS_SECURITY_TOKEN"] = "testing"
os.environ["AWS_SESSION_TOKEN"] = "testing"
#pytest.fixture
def rds_client(aws_credentials, aws_region):
with mock_rds():
client = boto3.client("rds", region_name=aws_region)
yield client
Following the example here (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.Python.html) I set up my mysql connector like this:
db_instance = rds_client.create_db_instance(DBInstanceIdentifier="TestDBInstanceIdentifier",
DBInstanceClass="db.m4.large", Engine="mysql",
MasterUsername="root", DBName="TestDBName")
print("RDS Instance-----------------------------------------------------")
print(db_instance)
host = db_instance['DBInstance']['Endpoint']['Address']
port = db_instance['DBInstance']['Endpoint']['Port']
user = db_instance['DBInstance']['MasterUsername']
dbname = db_instance['DBInstance']['DBName']
print("Starting connection")
token = rds_client.generate_db_auth_token(DBHostname=host, Port=port, DBUsername=user, Region=aws_region)
mydb = mysql.connector.connect(host=host, database=dbname, user=user, passwd=token, port=port)
However, the connector can't find the DB:
FAILED test_read_rds_db - mysql.connector.errors.DatabaseError: 2005 (HY000): Unknown MySQL server host 'TestDBInstanceIdentifier.aaaaaaaaaa.us-east-1.rds.amazonaws.com' (8)
Has someone been able to set this up before?
Moto does not offer this functionality. It mocks the AWS API, but does not expose any RDBMS-functionality.
You could look into Localstack instead. It uses Moto in the background to mock calls to AWS, but offers features on top of that such as the ability to connect to an RDS instance.
See the docs here: https://docs.localstack.cloud/aws/rds/
I am attempting to create a Route53 entry for a MySQL RDS instance but having issues with the :3306 at the end of the RDS endpoint returned from Terraform.
resource "aws_db_instance" "mydb" {
allocated_storage = 10
engine = "mysql"
engine_version = "5.6.17"
instance_class = "db.t2.micro"
name = "mydb"
username = "foo"
password = "bar"
db_subnet_group_name = "my_database_subnet_group"
parameter_group_name = "default.mysql5.6"
}
resource "aws_route53_record" "database" {
zone_id = "${aws_route53_zone.primary.zone_id}"
name = "database.example.com"
type = "CNAME"
ttl = "300"
records = ["${aws_db_instance.default.endpoint}"]
}
Terraform puts a :3306 at the end of the endpoint and that gets entered into the Route53 Value of the CNAME.
When I then try to connect to the CNAME database.example.com with the MySQL client I get:
ERROR 2005 (HY000): Unknown MySQL server host 'database.example.com' (0)
Once I remove the :3306 via the AWS route53 console It seems work just fine.
Question is: How do I strip the :3306 from the Terraform RDS endpoint
As well as an endpoint output, Terraform's aws_db_instance resource also outputs address that provides the FQDN of the instance.
So all you need to do is change your aws_route53_record resource to use address instead:
resource "aws_db_instance" "mydb" {
allocated_storage = 10
engine = "mysql"
engine_version = "5.6.17"
instance_class = "db.t2.micro"
name = "mydb"
username = "foo"
password = "bar"
db_subnet_group_name = "my_database_subnet_group"
parameter_group_name = "default.mysql5.6"
}
resource "aws_route53_record" "database" {
zone_id = "${aws_route53_zone.primary.zone_id}"
name = "database.example.com"
type = "CNAME"
ttl = "300"
records = ["${aws_db_instance.mydb.address}"]
}
i tried to configure SMTP in my Gitlab-Instance (following this guideline). but dont get it working.
gitlab.rb
gitlab_rails['gitlab_email_from'] = "admin#example.com"
gitlab_rails['gitlab_support_email'] = "admin#example.com"
#nginx['redirect_http_to_https'] = false
#nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt"
#nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key"
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = 'smtp.exmail.qq.com'
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_user_name'] = 'admin#example.com'
gitlab_rails['smtp_password'] = 'has been removed'
gitlab_rails['smtp_domain'] = 'smtp.qq.com'
gitlab_rails['smtp_authentication'] = :plain
gitlab_rails['smtp_enable_starttls_auto'] = true
production.log
Sent mail to i#example.com (8017.5ms)
mail.log
May 9 09:02:14 nday postfix/smtp[27203]: B16EF12019C: to=<i#example.com>, relay=none, delay=1049, delays=1017/0.04/32/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=mxbiz2.qq.com type=AAAA: Host not found, try again)s
May 9 09:02:14 nday postfix/smtp[27202]: 40274120CA7: to=<i#example.com>, relay=none, delay=988, delays=955/0.04/32/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=mxbiz2.qq.com type=AAAA: Host not found, try again)
BTW:I have changed the DNS and refresh. mail.log haven't logged my operation. It's old log.
Is your account new on Digital Ocean?
If yes, you need to ask them to unlock sendmail functionality.
This unlock is by account, not by droplet.
You will can use sendmail in all others droplets created by you after this unlock.
I am getting server error when i am try to register new user at first time. It works fine if i configure with H2 database.
My gerrit.config file is :
[gerrit]
basePath = git
canonicalWebUrl = http://localhost:8081
[database]
type = mysql
database = reviewdb
hostname = localhost
username = gerrit
[index]
type = LUCENE
[auth]
type = DEVELOPMENT_BECOME_ANY_ACCOUNT
[sendemail]
smtpServer = localhost
[container]
user = gerrit
javaHome = /usr/lib/jvm/java-7-openjdk-amd64/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = http://*:8081/
[cache]
directory = cache
I'm trying to set up HS from a 12c database that will eventually send data across to a remote MySQL server.
I have installed the odbc driver;
root ~ # rpm -ivh mysql-connector-odbc-5.3.4-1.el6.x86_64.rpm
This is my listener.ora file;
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = ap-ora-records-test.ap.local)(PORT = 1521))
)
)
This is my tnsnames.ora file;
RECORDSDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = ap-ora-records-test.ap.local)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = recordsdb.ap.local)
)
)
MYSQL =
(DESCRIPTION=
(ADDRESS=(PROTOCOL=tcp)(HOST=ap-ora-records-test.ap.local)(PORT=1521))
(CONNECT_DATA=(SID=MYSQL))
(HS=OK)
)
I connected to the database, and created the database link;
SQL> CREATE DATABASE LINK MYSQL
2 CONNECT TO "root" IDENTIFIED BY "removed"
3 USING 'mysql';
Restarting the lsnrctl;
./bin/lsnrctl reload
./bin/lsnrctl stop
./bin/lsnrctl start
./bin/lsnrctl status
./bin/lsnrctl status
LSNRCTL for Linux: Version 12.1.0.1.0 - Production on 08-SEP-2014 10:54:42
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 12.1.0.1.0 - Production
Start Date 08-SEP-2014 10:42:05
Uptime 0 days 0 hr. 12 min. 37 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/12.1.0/dbhome_1/log/diag/tnslsnr/ap-ora-records-test/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ap-ora-records-test.ap.local)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ap-ora-records-test.ap.local)(PORT=8080))(Presentation=HTTP)(Session=RAW))
Services Summary...
Service "recordsdb.ap.local" has 1 instance(s).
Instance "recordsdb", status READY, has 1 handler(s) for this service...
Service "recordsdbXDB.ap.local" has 1 instance(s).
Instance "recordsdb", status READY, has 1 handler(s) for this service...
The command completed successfully
As well as tnsping;
oracle /u01/app/oracle/product/12.1.0/dbhome_1 $ ./bin/tnsping ap-ora-records-test
TNS Ping Utility for Linux: Version 12.1.0.1.0 - Production on 08-SEP-2014 10:42:44
Copyright (c) 1997, 2013, Oracle. All rights reserved.
Used parameter files:
/u01/app/oracle/product/12.1.0/dbhome_1/network/admin/sqlnet.ora
Used EZCONNECT adapter to resolve the alias
Attempting to contact (DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=))(ADDRESS=(PROTOCOL=TCP)(HOST=::1)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521)))
OK (0 msec)
I then tried getting a piece of data - SQL> SELECT * from MYSQL.users#mysql; which gave the following result;
ERROR at line 1:
ORA-28545: error diagnosed by Net8 when connecting to an agent
Unable to retrieve text of NETWORK/NCR message 65535
ORA-02063: preceding 2 lines from MYSQL
Where am I going wrong?
edit 1:
This is my creation code;
CREATE SHARED PUBLIC DATABASE LINK mysql_remote_shared
CONNECT TO root IDENTIFIED BY password
AUTHENTICATED BY root IDENTIFIED BY password
USING 'mysql';