I was trying to setup a ssl mongodb connection from spring boot but I couldn't able to find a way to set a connection from YML file(beacuse it's easy to maintain dev and prod environment). How can I add client.PEM and rootCA.pem keys to below connection?
Please note this not a database administration question!
data:
mongodb:
authentication-database: admin
database: <database>
host: <host>
password: <password>
port: <port>
username: <username>
One way to resolve it is simple use URI string connect and database name in your application.yml file. Example:
data:
mongodb:
database: <databaseName>
uri: <mongodb://[username:password#]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]>
Example with SSL option:
mongodb://user:password#mongoServer:27017/?ssl=true
More info here https://docs.mongodb.com/manual/reference/connection-string/
Related
I am using spring configuration server.
While setting up Kafka, I came across the fact that I need to somehow specify binary certificates
spring:
kafka:
ssl:
truststore:
location: /filepath/trust_cert.jks
password: 1234
keystore:
location: /filepath/keystore_cert.jks
password: 1234
Can I somehow put them on the configuration server, and in this case, what should I write to the config, where the path to the file is expected?
I really don’t want to manually upload them to each server, I would like the configuration server to give them
Of course, these urls must be protected, just like configuration server urls
I am banging my head around why spring cloud config is using ssh even when i try to provide https uri in the application.yaml. Here's my quick config file:
spring:
cloud:
config:
server:
git:
uri: https://github.com/myOrg/myRepo
skipSslValidation: true
username: ${GITHUB_USERNAME}
password: ${GITHUB_PASSWORD}
server:
port: 8888
ssl:
enabled: false
I would assume spring cloud config to use https to do this connection and clone the repo. Can someone help me understand why still it uses ssh and fails on auth(which is obvious as I don't provide any private key):
org.springframework.cloud.config.server.environment.NoSuchRepositoryException: Cannot clone or checkout repository: https://github.com/myOrg/myRepo
at org.springframework.cloud.config.server.environment...
Caused by: org.eclipse.jgit.api.errors.TransportException: git#github.com:myOrg/myRepo: Auth fail
....
Caused by: com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:519) ~[jsch-0.1.55.jar:na]
at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:115) ~[org.eclipse.jgit.ssh.jsch-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
... 62 common frames omitted
My suspicion is that if https doesn't work, it tries via ssh. That's why it's using ssh. Has anyone faced issues like this?
Any help appreciated!
Answering my own question. Apparently, the fallback was due to the ~/.git folder in which ssh access was recommended. Deleting it solved the problem.
I have no problem to connect Oracle 11g with Oracle SQL Developer with configuration below:
Username: orc
Password: PAP
Connection Type: Basic
Hostname: connect.gogo.com
Port: 1528
Service name: svcname
In NIFI, any idea how should I put the value for the Database Connection URL?
Database Connection URL:
Database Driver Class Name: oracle.jdbc.driver.OracleDriver
Database Driver Location: /opt/nifi/jdbc/ojdbc8.jar
Thanks,
Kenny
you can add a DBCPConnectionPool under Controller Service like this
Database Connection URL: jdbc:oracle:thin:#connect.gogo.com:1528/svcname
more information here
https://docs.oracle.com/cd/E11882_01/appdev.112/e13995/oracle/jdbc/OracleDriver.html
or you could use tnsnames.ora file syntax in url like this:
Database Connection URL: jdbc:oracle:thin:#(DESCRIPTION =(ADDRESS_LIST =(ADDRESS =(PROTOCOL=TCP)(HOST=connect.gogo.com)(PORT=1528)))(CONNECT_DATA=...))
I have a Spring-Boot application that use Spring Cloud Config and I'm trying to get the application's configuration file from Bitbucket. I was able to get the configuration file some time ago but now I'm getting an error when I try to access by config-server url.
application.yml:
server:
port: 8888
spring:
application:
name: config-server
cloud:
config:
server:
git:
password: ##########
username: ##########
uri: https://USERNAME#bitbucket.org/repositorios-closeup/cup-configuration-files
searchPaths: '{application}'
When I try to access the url the application is showing an error - NOT AUTHORIZED:
org.eclipse.jgit.api.errors.TransportException: https://USERNAME#bitbucket.org/repositorios-closeup/cup-configuration-files: not authorized
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:254) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar:5.1.3.201810200350-r]
at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:306) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar:5.1.3.201810200350-r]
Does anybody know what is happening? I've already check all credentials and url on bitbucket.
I had to generate a Personal Access Token on my Github user settings. And use it, instead of the real password.
I know you mentioned Bitbucket, but I've got the same issue with Github instead. And that's how I solved the "Not authorized" message.
I want to add my contribution to this question. I hope it might help someone. #henriqueor answer was what helped me. As I've enabled SSH I needed to generate a Personal Access Token with all scopes granted. (As I'm a Junior Developer, I would need more time to investigate what scopes are necessary to avoid this error.)
Selected scopes: admin:enterprise, admin:gpg_key, admin:org, admin:org_hook, admin:public_key, admin:repo_hook, admin:ssh_signing_key, delete:packages, delete_repo, gist, notifications, project, repo, user, workflow, write:discussion, write:packages
I added the following command line. It worked for me.
spring.cloud.config.server.git.ignore-local-ssh-settings=true
This setting ignores the local ssh config.
I needed to change the authentication to use ssh instead of https.
I generated the ssh using this command:
sh-keygen -m PEM -t rsa -b 4096 -C 'bitbucket_username'
Imported the public key to bitbucket using this tutorial:
https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/
And changed my application.yml to use the ssh-private-key:
cloud:
config:
server:
git:
uri: git#bitbucket.org:repositorios/configuration-files.git
searchPaths: '{application}'
ignore-local-ssh-settings: true
private-key: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
default-label: master
For BitBucket i had to create an App Password and put it in the spring.cloud.config.server.git.password property
BitBucket create App Passwords
I've created a mongodb setup using the AWS cloudplatform quickstart found here: https://docs.aws.amazon.com/quickstart/latest/mongodb/deployment.html. I can successfully connect to my from my EC2 instance, so it has been set up properly.
Since I need to connect to it through my spring application, I need to set up an SSH tunnel through the EC2 instance to the mongodb nodes.
The only related answers I could find were using mysql and some sort of DataSource object that required a schema parameter (which I don't have, database will be full of different sorts of entities), so I was unsure of how to proceed.
My questions:
How do I set up the SSH tunnel? How do I pass in my .pem key file?
How will my application.properties look like for connecting to DB?
I setup a bastion in my private subnet and using ssh tunnel to access my MongoDb Cluster through git-bash:
~/.ssh/config
Host bastion-host-mongo-forward
User ec2-user
Port 22
IdentityFile ~/admin.pem
HostName ec2-xx-xxx-xx-xxx.compute-1.amazonaws.com
Localforward 3307 ip-10-50-2-24.ec2.internal:27017
Localforward 3308 ip-10-50-3-143.ec2.internal:27017
Localforward 3309 ip-10-50-3-103.ec2.internal:27017
start the tunnel:
ssh bastion-host-mongo-forward
After that you can setup your application.yaml and target the uri:
spring:
profiles: local
data:
mongodb:
uri: mongodb://user:password#localhost:3307,localhost:3308,localhost:3309/databaseName