I am trying to connect an application named thingsboard with a postgresql DB both running on Google Cloud Engine.
I have the following files provided by GCE when I set up the DB as allow only SSL connections:
client-cert.pem client-key.pem server-ca.pem
This is where the connection to the DB is set up. I tried with a the client-key.pem as client-key.pem, client-key.key, client-key.pk8 (with and without passphrase, when added passphrase I added the field "sslpassword=MYKEY"
url: "${SPRING_DATASOURCE_URL:jdbc:postgresql://DATABASEIP:5432/thingsboard?sslmode=verify-ca&sslrootcert=/etc/thingsboard/conf/keystore/server-ca.pem&sslcert=/etc/thingsboard/conf/keystore/client-cert.pem&sslkey=/etc/thingsboard/conf/keystore/client-key.pk8}"
username: "${SPRING_DATASOURCE_USERNAME:MYDBUSERNAME}"
password: "${SPRING_DATASOURCE_PASSWORD:MYDBPASSWORD}"
I am getting the following error
2019-01-16 18:55:32,866 [localhost-startStop-1] ERROR o.a.tomcat.jdbc.pool.ConnectionPool - Unable to create initial connections of pool.
org.postgresql.util.PSQLException: Could not read SSL key file /etc/thingsboard/conf/keystore/client-key.pk8.
Related
I am trying to setup a mssql debezium connector with AWS MSK Connect but keep getting the following error messages:
Connector error log:
[Worker-0a949760f6b805d4f] [2023-02-15 19:57:56,122] WARN [src-connector-014|task-0] [Consumer clientId=dlp.compcare.ccdemo-schemahistory, groupId=dlp.compcare.ccdemo-schemahistory] Bootstrap broker b-3.stuff.morestuff.c7.kafka.us-east-1.amazonaws.com:9098 (id: -2 rack: null) disconnected (org.apache.kafka.clients.NetworkClient:1079)
This error happens continuously for a bit then I see this error:
org.apache.kafka.common.errors.TimeoutException: Timeout expired while fetching topic metadata
In the cluster logs I see a corresponding error when I get the disconnect error:
[2023-02-15 20:08:21,627] INFO [SocketServer listenerType=ZK_BROKER, nodeId=3] Failed authentication with /172.32.34.126 (SSL handshake failed) (org.apache.kafka.common.network.Selector)
I have an ec2 client that i've setup to connect to my cluster and am able to connect and run commands against the cluster using IAM auth. I have setup a topic and produced and consumed from the topic using the console producer/consumers. I've also verified that when the connector start up it is creating the __amazon_msk_connect_status_* and __amazon_msk_connect_offsets_* topics.
I've verified that ip in the logs is the ip assigned to my connector by checking the Elastic Network Interface it was attached to.
Also for testing purposes I've opened up all traffic from 0.0.0.0/0 for the SG they are running in and also made sure the IAM role has msk*, msk-connect*, kafka*, and s3*.
I've also verified CDC is enabled on the RDS and that it is working properly. I see changes being picked and added to the CDC tables.
I believe the issue is related to IAM auth still but am not certain.
Cluster Config:
auto.create.topics.enable=true
delete.topic.enable=true
worker config:
key.converter=org.apache.kafka.connect.storage.StringConverter
value.converter=org.apache.kafka.connect.storage.StringConverter
config.providers.secretManager.class=com.github.jcustenborder.kafka.config.aws.SecretsManagerConfigProvider
config.providers=secretManager
config.providers.secretManager.param.aws.region=us-east-1
request.timeout.ms=90000
errors.log.enable=true
errors.log.include.messages=true
Connector Config:
connector.class=io.debezium.connector.sqlserver.SqlServerConnector
tasks.max=1
database.history.consumer.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;
schema.include.list=dbo
database.history.producer.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler
database.history.consumer.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler
database.history.consumer.security.protocol=SASL_SSL
database.instance=MSSQLSERVER
topic.prefix=dlp.compcare.ccdemo
schema.history.internal.kafka.topic=dlp.compcare.ccdemo.history
value.converter=org.apache.kafka.connect.json.JsonConverter
key.converter=org.apache.kafka.connect.storage.StringConverter
database.history.sasl.mechanism=AWS_MSK_IAM
database.encrypt=false
database.history.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;
database.history.producer.sasl.mechanism=AWS_MSK_IAM
database.history.producer.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;
database.user=debezium
database.names=Intermodal_CCDEMO
database.history.producer.security.protocol=SASL_SSL
database.server.name=ccdemo_1
schema.history.internal.kafka.bootstrap.servers=b-1:9098
database.port=1433
database.hostname=my-mssql-rds.rds.amazonaws.com
database.history.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler
database.password=${secretManager:dlp-compcare:dbpassword}
table.include.list=dbo.EquipmentSetup
database.history.security.protocol=SASL_SSL
database.history.consumer.sasl.mechanism=AWS_MSK_IAM
I was able to do this same process but with a postgres rds with no issues.
I've tried everything I can think of so any an all help would be greatly appreciated!
I also referenced the following when setting up the cluster/connector:
https://catalog.workshops.aws/msk-labs/en-US/mskconnect/source-connector-setup
https://thedataguy.in/debezium-with-aws-msk-iam-authentication/
https://debezium.io/documentation/reference/stable/connectors/sqlserver.html#sqlserver-connector-properties
Streaming MSSQL CDC to AWS MSK with Debezium
https://docs.aws.amazon.com/msk/latest/developerguide/mkc-debeziumsource-connector-example.html
i want just to host a website previously work , into another web server
i have change parameters.yml file with new host parameteres of connection
i have upload all my files , and i have import my databases
when i try to enter (myhost/web ) i have this errors : Access denied for user 'root'#'localhost' (using password: NO)
error.log
[07-Dec-2022 15:30:13 Africa/Algiers] PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[28000] [1045] Access denied for user 'root'#'localhost' (using password: NO)' in /home2/icares/logicom.dz/ncomparer/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php:43
Stack trace:
#0 /home2/icares/logicom.dz/ncomparer/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php(43): PDO->__construct('mysql:host=127....', 'root', NULL, Array)
#1 /home2/icares/logicom.dz/ncomparer/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOMySql/Driver.php(45): Doctrine\DBAL\Driver\PDOConnection->__construct('mysql:host=127....', 'root', NULL, Array)
#2 /home2/icares/logicom.dz/ncomparer/vendor/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(360): Doctrine\DBAL\Driver\PDOMySql\Driver->connect(Array, 'root', NULL, Array)
#3 /home2/icares/logicom.dz/ncomparer/vendor/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(429): Doctrine\DBAL\Connection->connect()
#4 /home2/icares/logicom.dz/ncomparer/vendor/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(389): in /home2/icares/logicom.dz/ncomparer/app/cache/prod/classes.php on line 3390
I have change the parameters of connection with new server , but the error is that username root password no and server is localhost , what i must do ?
The error.log says that your Symfony trying to access database (probably MySQL) via the user 'root' from a local host. But your database, MySQL is not set to allow access as 'root'.
MySQL and most databases do not allow to access as 'root' as default as security reason, especially without password (what your erro said).
So, may be you need to check:
What is your database_user and database_password set in Symfony project (parameters.yml?)
Check MySQL from cli that what kind of previleges are set for your database.
The way to access mysql without password may find here:
Allow linux root user mysql root access without password
Or some hints may be here:
How to create a root user with no password in mysql
I have a rails 4.2 application with postgres database which is running. I have requirement to connect with other databases (word_press_sites) on demand basis.
I have tried the below code this into rails console:
ActiveRecord::Base.establish_connection(
adapter: "mysql2",
host: ENV["HOST"],
username: ENV["USERNAME"],
password: ENV["PASSWORD"],
database: ENV["DB_NAME"]
)
above code results,
No error, connected to the word_press database_tables.
1) If am trying to access the table by calling User.all in my rails application db i can not able to access which is throwing an error.
After opening the rails console you can check
ActiveRecord::Base.connection.current_database
This will give the current db info,Then try the script you have given
ActiveRecord::Base.establish_connection(
adapter: "mysql2",
host: ENV["HOST"],
username: ENV["USERNAME"],
password: ENV["PASSWORD"],
database: ENV["DB_NAME"]
)
Now try the same command
ActiveRecord::Base.connection.current_database
This will give the newly connected ActiveRecord connection
Which means Active record is shifted into newly connected wordpress database so that you can not able to access the table in your rails application database
If you want to revert back to your rails app db you can do this
ActiveRecord::Base.remove_connection( ActiveRecord::Base)
Let me know if you need more information
I’m trying to connect to an LDAP directory over SSL using the Windows LDAP C-API. This fails with error code 0x51 = LDAP_SERVER_DOWN while the event log on the client computer has this:
„The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is eim-tsi2.sam.develop.beta.ads. The SSL connection request has failed. The attached data contains the server certificate.”
This is can’t be true since “Ldap Admin” is able to connect over SSL and port 636.
The LDAP directory is an Oracle DSEE which has the CA and the server certificate in the appropriate cert store.
The client has the CA installed in the “Trusted Root Certification Authorities” and there in the „Local Computer“ physical store. I assumed this to be the right place for the CA since my little client program uses the Windows LDAP C-API; LDAP Admin indeed expects the CA there.
Here is an excerpt of my program omitting the error handling and other obvious source code:
ld = ldap_sslinit(host, LDAP_SSL_PORT, 1);
// Set options: LDAP version, timeout ...
rc = ldap_set_option(ld, LDAP_OPT_SSL, LDAP_OPT_ON);
// Now connect:
rc = ldap_connect(ld, NULL);
Result:
0x51 = LDAP_SERVER_DOWN
Connecting without SSL succeeds so the LDAP server is generally accessible.
Since Ldap Admin is able to connect over SSL, I assume the certificates are valid and in the right place. But obviously the LDAP API expects them somewhere else and cannot get the server certificate from the server. I configured the certs as described here: https://msdn.microsoft.com/en-us/library/aa366105%28v=vs.85%29.aspx
What am I doing wrong?
Sometimes it helps reading error messages more carefully. The entry in the event viewer caused by an unsuccessful bind over SSL was "The server name we were expecting is eim-tsi2.sam.develop.beta.ads."
I should have noticed that the name should have been eim-tsi2.cgn.de.(etc.), instead. So the domain name part was wrong.
This is a bug in Schannel which can be solved by an entry in the registry as described here: https://support.microsoft.com/en-us/kb/2275950.
I still do not know why LDAPAdmin was able to connect without that additional registry key although it also uses the WINLDAP API and therefore should have run into the same error. But that doesn’t matter any more.
Thanks, Andrew, for your help.
I followed the example on this website to implement a GCM server using CCS. However the code has exception when it tries to connect to the gcm server (last line in the code below):
ConnectionConfiguration config = new ConnectionConfiguration(GCM_SERVER, GCM_PORT);
config.setSecurityMode(SecurityMode.enabled);
config.setReconnectionAllowed(true);
config.setRosterLoadedAtLogin(false);
config.setSendPresence(false);
config.setSocketFactory(SSLSocketFactory.getDefault());
connection = new XMPPTCPConnection(config);
connection.connect();
I looked up online and someone said I needed to enable billing for my app on appengine in order to use GCM server. I did so but it still does not work. I keep seeing the following error:
gcm.googleapis.com:5235 Exception: Permission denied: Attempt to
access a blocked recipient without permission. (mapped-IPv4)
Am I missing something?