I am in the process of setting up a remote PostgreSQL database. The server is running CentOS 7 and PostgreSQL-9.5. Currently, I am testing whether users can query the database. To this end, I have the following:
import psycopg2
host = 'server1'
dbname = 'test_db'
user = 'test-user'
sslcert = 'test-db.crt'
sslmode = 'verify-full'
sslkey = 'test-db.key'
dsn = 'host={0} dbname={1} user={2} sslcert={3} sslmode={4} sslkey={5}'.format(host, dbname, user, sslcert, sslmode, sslkey)
conn = psycopg2.connect(dsn)
The connection times out with the following error:
psycopg2.OperationalError: could not connect to server: Connection timed out (0x0000274C/10060)
Is the server running on host "server1" (xx.xx.xx.xx) and accepting
TCP/IP connections on port 5432?
I have tried several things (given below). I'm trying to pin down on which side the problem exists: the Python end or the database configuration:
Is the Python syntax correct?
Where can I find documentation concerning the DSN arguments, such as sslmode, sslcert, and sslkey?
Is there a different package better suited for this kind of connection?
What other questions should I be asking?
I have checked the following:
'server1' was entered correctly and the IP address returned by Python corresponds
All other arguments are spelled correctly and refer to the correct object
Postgres is currently running (service postgres-9.5 status shows "active")
Postgres is listening on port 5432 (netstat -na | grep tcp shows "LISTEN" on port 5432)
SSL is running for my table (psql -U username -W -d test-db -h host returns SSL connection (protocol: TLSAv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
user=test-user has been added to postgres as a Superuser
My understanding is that psycopg2 is the appropriate package to use nowadays. I have scoured the documentation and don't find much information regarding SSL connections. I found this SO post which talks about SSL connections using psycog2, but I can't match some of the syntax to the documentation.
In the Python script, I have tried the following in all 4 combinations:
Use sslmode='require'
Use absolute paths to test-db.crt and test-db.key
It appears that you have presented yourself with a False Dilemma. The problem does not lie solely between Python and the database configuration. There exist other entities in between which may cause a disconnect.
Is the Python syntax correct?
Yes. The syntax is described in the psycopg2.connect() documentation. It has the form:
psycopg2.connect(dsn=None, connection_factory=None, cursor_factory=None, async=False, **kwargs)
where the DSN (Data Source Name) can be given as a single string or as separate arguments:
conn = psycopg2.connect(dsn="dbname=test user=postgres password=secret")
conn = psycopg2.connect(dbname="test", user="postgres", password="secret")
Where can I find documentation concerning the DSN arguments, such as sslmode, sslcert, and sslkey?
Note that as DSN arguments, they are not part of the psycopg2 module. They are defined by the database, in this case Postgres. They can be found in the chapter on Database Connection Control Functions, under the Parameter Key Words section.
What other questions should I be asking?
Perhaps,
Is there anything between the host (the PostgresSQL server) and the client (the local Python instance) which could prevent communication?
One answer to this would be "the firewall." This turned out to be the problem. Postgres was listening and Python was reaching out. But the door was closed.
Related
I've failed to set up postgreSQL to work with my Ruby-on-Rails project for the past week. I've tried to uninstall and reinstall, postgreSQL, twice now.But when I try to launch postgreSQL I keep getting the error below:
could not connect to server: Connection refused (0x0000274D/10061)
Is the server running on host "localhost" (::1) and
accepting TCP/IP connections on port 5432?
could not connect to server: Connection refused (0x0000274D/10061)
Is the server running on host "localhost" (127.0.0.1) and
accepting TCP/IP connections on port 5432?"
I've looked at many online resources, including stackoverflow and none seem helpful.The key parts of my pg_hba.conf file looks like this:
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
And the key part of my postgresql.conf file is as follows:
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart)
#unix_socket_directories = '' # comma-separated list of directories
# (change requires restart)
#unix_socket_group = '' # (change requires restart)
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
Most of the suggestions, I've seen so far, were based on those two files. (For my case, they were already configured correctly). I also tried disabling the firewall and restarting postgreSQL but it didn't help. Does anyone have any suggestions for me? Thanks!
Got the same issue while settings up PostgreSQL 9.6.16 to work with Python/Django, but this is purely a database issue.
The solution lies in the error: In fact, I found this error mentioned within the official PostgreSQL documentation thus it's a common error.
And here is how I resolved this issue:
Always first start the postgres database server, use postgres or the wrapper program pg_ctl.I used the command, below, on windows 10.Remember, whatever comes after -D should be the path to where you installed PostgreSQL, to the data folder, which holds the pg_hba.conf and postgresql.conf files.
> pg_ctl start -D "C:/Program Files/PostgreSQL/9.6/data"
If that runs well, you are ready to access the database server.Open another cmd shell, and type the command below.Remember the password you entered while installing PostgreSQL?Enter that password when asked Password for user postgres:
> psql -U postgres
Once done, you can now go ahead to CREATE ROLE and CREATE DATABASE accordingly.
I’m trying to connect to an LDAP directory over SSL using the Windows LDAP C-API. This fails with error code 0x51 = LDAP_SERVER_DOWN while the event log on the client computer has this:
„The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is eim-tsi2.sam.develop.beta.ads. The SSL connection request has failed. The attached data contains the server certificate.”
This is can’t be true since “Ldap Admin” is able to connect over SSL and port 636.
The LDAP directory is an Oracle DSEE which has the CA and the server certificate in the appropriate cert store.
The client has the CA installed in the “Trusted Root Certification Authorities” and there in the „Local Computer“ physical store. I assumed this to be the right place for the CA since my little client program uses the Windows LDAP C-API; LDAP Admin indeed expects the CA there.
Here is an excerpt of my program omitting the error handling and other obvious source code:
ld = ldap_sslinit(host, LDAP_SSL_PORT, 1);
// Set options: LDAP version, timeout ...
rc = ldap_set_option(ld, LDAP_OPT_SSL, LDAP_OPT_ON);
// Now connect:
rc = ldap_connect(ld, NULL);
Result:
0x51 = LDAP_SERVER_DOWN
Connecting without SSL succeeds so the LDAP server is generally accessible.
Since Ldap Admin is able to connect over SSL, I assume the certificates are valid and in the right place. But obviously the LDAP API expects them somewhere else and cannot get the server certificate from the server. I configured the certs as described here: https://msdn.microsoft.com/en-us/library/aa366105%28v=vs.85%29.aspx
What am I doing wrong?
Sometimes it helps reading error messages more carefully. The entry in the event viewer caused by an unsuccessful bind over SSL was "The server name we were expecting is eim-tsi2.sam.develop.beta.ads."
I should have noticed that the name should have been eim-tsi2.cgn.de.(etc.), instead. So the domain name part was wrong.
This is a bug in Schannel which can be solved by an entry in the registry as described here: https://support.microsoft.com/en-us/kb/2275950.
I still do not know why LDAPAdmin was able to connect without that additional registry key although it also uses the WINLDAP API and therefore should have run into the same error. But that doesn’t matter any more.
Thanks, Andrew, for your help.
Please don't move this question to askubuntu as I think this question is not OS-specific.
When I invoke the createuser postgres command (for now it doesn't matter if I provide any parameters or not), I'm getting this error:
createuser: could not connect to database postgres: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/tmp/.s.PGSQL.5432"?
Normally it means that the postgres server is down but not this time:
pg_lsclusters
Ver Cluster Port Status Owner Data directory Log file
9.4 main 5432 online postgres /var/lib/postgresql/9.4/main /var/log/postgresql/postgresql-9.4-main.log
sudo service postgresql status
9.4/main (port 5432): online
But it's true that there is no /tmp/.s.PGSQL.5432 file because my configuration file (/etc/postgresql/9.4/main/postgresql.conf) has this line:
unix_socket_directories = '/var/run/postgresql'
So I don't really understand why createuser whants to access /tmp/.s.PGSQL.5432? Can this path can be hardcoded into the createuser binary? I don't see any command line argument to specify the settings file location for createuser...
Have you started the service?
service postgresql start
The postgresql.conf file is read by the database server, but not by client applications (such as createuser, psql, ...). (In fact, the server configuration file cannot be read by client applications because the client would have to connect to the server, which could be halfway across the world, before it could possibly know where that configuration file lives).
Instead, you have to tell your client application where to find the socket directory.
If your client application (createuser) is connecting to the local host (which is must be because you are not specifying a different host), you use the host parameter to specify the name of the socket directory.
For example:
createuser -h /var/run/postgresql newusername
See http://www.postgresql.org/docs/devel/static/libpq-connect.html#LIBPQ-CONNECT-HOST
Hope that helps.
I've been doing some Sybase stuff on Linux and have bcp in's and out's working great. Here's my working bcp out on linux:
bcp drd02.dbo.APPL_ENVIRONMENT out APPL_ENVIRONMENT.bcp -U sa -P SyAdmin -n
When trying the same in Windows, I get the following error:
ct_connect(): network packet layer: internal net library error: Net-Lib protocol
driver call to connect two endpoints failed
Here's a few pertinent details:
I can connect to my server via iSQL GUI. Its shown as Sybase157 0.0.0.0 5000 and my Drd02 database is online and available.
Contents of the c:\sybase\ini\sql.ini are (I added the drd02 lines):
[Sybase157_XP]
master=NLWNSCK,0.0.0.0,5001
query=NLWNSCK,0.0.0.0,5001
drd02=NLWNSCK,0.0.0.0,5001
[Sybase157]
master=NLWNSCK,0.0.0.0,5000
query=NLWNSCK,0.0.0.0,5000
drd02=NLWNSCK,0.0.0.0,5000
[Sybase157_JSAGENT]
master=NLWNSCK,0.0.0.0,4900
query=NLWNSCK,0.0.0.0,4900
The environment variables are:
%DSQUERY%=Sybase157
%SYBASE%=c:\Sybase
No matter what I try, it's just not connecting. I'd be happy for any help that could be provided.
I figured it out. The fact that i could get into isql with the IP address made me think that maybe 0.0.0.0 is somehow not available to Bcp.
I modified c:\sybase\ini\sql.ini with the following:
from:
[Sybase157]
master=NLWNSCK,0.0.0.0,5000
query=NLWNSCK,0.0.0.0,5000
drd02=NLWNSCK,0.0.0.0,5000
to:
[Sybase157]
master=NLWNSCK,123.123.123.123,5000
query=NLWNSCK,0.0.0.0,5000
drd02=NLWNSCK,0.0.0.0,5000
after putting my public IP address of my vm in the sql.ini, bcp was able to speak to it correctly.
I should mention this was just a one-time fix to make it work, making this change will probably mess up external connections to the db. You'd need a loopback adapter or something to make this work right.
I've spent the last day or two setting up unixODBC and freetds on ubuntu 12 - not a fun process in itself but it does now work using both sqsh and isql. I've installed node-odbc and I'm using the code snippet provided in the github readme to test the connection but I always get
S1000:1:0:[unixODBC][FreeTDS][SQL Server]Unable to connect to data source
WARNING: ev_unref is deprecated, use uv_unref
[Error: Error opening database]
Using isql I run isql -v SERVER user pass (using the correct creds..) and then use DATABASE once connected and it all works and I can run queries fine. My connection string in the js is
"DRIVER={FreeTDS};SERVER=SERVER;UID=user;PWD=pass;DATABASE=DATABASE"
Which exactly matches the credentials used for connecting with isql but in Node I get the aforementioned error. Any ideas on why this is happening? Is it possible that it's to do the location of my odbc.ini and odbcinst.ini files or something like that?
Just for reference:
/etc/odbc.ini:
[SERVER]
Driver = FreeTDS
Trace = No
Server = SERVER
Port = 1433
Database = DATABASE
UsageCount = 1
TDS_Version = 7.0
/etc/odbcinst.ini:
[FreeTDS]
Description = FreeTDS
Driver = /usr/lib/libtdsodbc.so
Setup = /usr/lib/libtdsS.so
FileUsage = 1
CPTimeout = 5
CPReuse = 20
Threading = 1
Thanks in advance for any help!
Ran into this problem today, it ended up being that I needed to specify a port number as part of the connection string. FYI.
It looks like I have just found a solution to this although I don't fully understand why. If the connection string used is:
"DRIVER={FreeTDS};SERVER=SERVER;UID=user;PWD=pass;DATABASE=DATABASE"
Then for some reason it doesn't work at all, I've tried using setting SERVER as both the IP and the actual name of the machine...no luck. However if I change the connection string to use SERVERNAME or DSN (can only have one of SERVER, SERVERNAME or DNS in the string) and I supply the machine name then it works fine, I can't get it to work with IP no matter what I try though. So, in summary the connection string that is working for me is:
"DRIVER={FreeTDS};SERVERNAME=SERVERNAME;UID=user;PWD=pass;DATABASE=DATABASE"
The key to this problem seems to lie in SQLDriverConnect.