has anyone else had issues with this process recently?
I ended up creating a fresh basic rails app, deploying to heroku, then trying to add RDS connectivity. really hope someone can spot my errors i'm going nuts!
why even when trying to run production 'mode' locally, its still trying to use db user/pass localhost?? i wonder if there is some config hidden in rails somewhere
second step, have i missed something obvious? I've tried a basic app from absolute scratch following all the guides, still cannot connect
is the error cannot connect via sock an indication of bad config elsewhere, it shouldn't be using any sockets, only port access?
thanks Ben
followed
- this for basic heroku app https://devcenter.heroku.com/articles/getting-started-with-rails4
- then this for rds https://devcenter.heroku.com/articles/amazon-rds
- then this to double check i had right cert: Specify SSL for Heroku external MySQL database connection
app configured as follows
- updated rails app to use database_url
- RDS created in North Virgina (this is same as heroku i believe, but lets not worry about latency just yet)
- security group
inbound port 3306 0.0.0.0/0(firstly I tried specific rds created group, I then tried the full default, based on this: Connecting Heroku to RDS using MySql2) - set up SSL in grants
GRANT USAGE ON *.* TO '<usr>'@'%' REQUIRE SSL;(see extract below) - added cert to heroku repo (
amazon-rds-ca-cert.pemseems to have all the intermediates in it) - added
DATABASE_URL=mysql2:://<usr>:<pwd>@pure-reaches-94579.cfc59p8se1g1.us-east-1.rds.amazonaws.com/purereaches?sslca=config/amazon-rds-ca-cert.pem - rebooted rds instance at every try
- i even tried simple RDS passwords thinking that complex ones somehow messed with the url
next step of investigation
I attempted to run production locally but use database url to connect to RDS:
$ export RACK_ENV="production"
$ export RAILS_ENV="production"
$ export SECRET_KEY_BASE="blah"
$ export DATABASE_URL="mysql2:://usr:[email protected]/purereaches?sslca=config/amazon-rds-ca-cert.pem"
$ rails server -e production
...
Mysql2::Error (Access denied for user 'root'@'localhost' (using password: NO)):
mysql2 (0.4.5) lib/mysql2/client.rb:89:in `connect'
...
this reveals that the standard rails app config trying to connect to local host still
what am i missing here!?
details
cannot login via ssl on cli - obviously not good
$ mysql -h pure-reaches-94579.cfc59p8se1g1.us-east-1.rds.amazonaws.com -u <usr> -p purereaches --ssl-ca=$HOME/Documents/repositories/baseherokuapp/baseherokuappconfig/amazon-rds-ca-cert.pem --ssl-verify-server-cert
Enter password:
ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed
rails app will not connect
gives mysql2::Error (Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)):
info
i'm worried its still trying to use sock... is this a red herring?
database.yml
default: &default
adapter: mysql2
encoding: utf8
pool: 5
# for next step test
# rails app error saying cannot connect to root @ localhost!
development:
<<: *default
url: <%= ENV['DATABASE_URL'] %>
production:
<<: *default
url: <%= ENV['DATABASE_URL'] %>
grants table
mysql> show grants;
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for purereaches@% |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* TO 'purereaches'@'%' IDENTIFIED BY PASSWORD <secret> REQUIRE SSL WITH GRANT OPTION |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.22 sec)
