im struggling (since a few days) to connect to our db2 database on an as400 over ssl.
For the database connection im using jaydebeapi and to access the database with a secure connection i need to append the trustStore location and trustStore password to the JVM over a jpype function.
Here is a snipped what ive done so far:
import jaydebeapi
import os
import jpype
import pandas as pd
from credentials_getter import get_db2_credentials
class i5Connection:
def __init__(self, user, password):
if jpype.isJVMStarted():
print("already started!")
filepath_script = os.path.dirname(os.path.abspath(__file__))
ssl_trust_store_location = filepath_script + "/database/java-certs.jks"
jar = filepath_script + '/database/jt400.jar'
jvm_path = jpype.getDefaultJVMPath()
jpype.startJVM(jvm_path,
'-Djava.class.path=%s' % jar,
'-Djavax.net.ssl.trustStore=%s' % ssl_trust_store_location +
'-Djavax.net.ssl.trustStorePassword=pw')
connection_string = 'jdbc:as400://172.17.0.1/library'
print(connection_string)
self.conn = jaydebeapi.connect('com.ibm.as400.access.AS400JDBCDriver',
connection_string,
{'user': user,
'password': password,
'secure': 'true'},
filepath_script + '/database/jt400.jar')
Right now im running into the following error message:
jpype._jexception.java.sql.SQLExceptionPyRaisable: java.sql.SQLException: The application requester cannot establish the connection. (PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
If i remove the trustStoreLocation, password from the startJVM call and the secure parameter for the jaydebeapi call, it works (without encryption)
Can anyone please tell me what im doing wrong? Is there probably a good ibm documentation i didnt find yet?
Edit: Ive found a workaround: I just saved the certificate to the cacert manually via keytool: How do I import an existing Java keystore (.jks) file into a Java installation?
not really a solution, but hopefully helpful if someone is stuck as well...
This isn't a JayDeBeApi solution, but I am able to connect to HANA using Python with an encrypted connection using this solution on a Mac and Windows.
Related
I wrote the code bellow. It works on a .py file on my computer but not while running on Google Colab)
import mysql
import mysql.connector as msql
from mysql.connector import Error
try:
conn = msql.connect(host='localhost',database='transport_db_hl' ,user='root',
password='******')#give ur username, password
except Error as e:
print("Error while connecting to MySQL now ", e)
My server status is like that:
You would need to make:
your mysql server publicly available (hint: https://phoenixnap.com/kb/mysql-remote-connection)
presumably enable port forwarding on your router (hint: https://www.noip.com/support/knowledgebase/general-port-forwarding-guide/)
find your public IP (hint: https://www.whatsmyip.org/)
and replace the "localhost" with your public IP in your code above
I'm working on an app that needs to connect to an ibm db2 database. Using DBeaver I can successfully connect to the database (I provide him the db2cc.jar and db2cc4.jar files).
It looks to me as DBeaver is using my Window's credentials to login, because I didn't need to input any login or password to connect.
Now, I've been trying to connect to the same database using python 3.7 and pypi's latest version of the ibm_db package. I didn't install anything else.
import ibm_db
# ...
connection_string = "DATABASE=" + self.params['schema'] + ";" + \
"HOSTNAME=" + self.params['host'] + ";" + \
"PORT=" + self.params['port'] + ";" + \
"PROTOCOL=TCPIP;" + \
"SECURITYMECHANISM=4;" + \
"UID=" + self.params['user'] + ";" + \
"PWD=" + self.params['password'] + ";"
try:
self.connection = ibm_db.connect(connection_string, "", "")
# ...
Using my Windows credentials in the parameters, I get the following error message:
Connection error
Bad credentials
SQLCODE=-30082
08001
From what I've seen on stack overflow connecting to a db2 database is complicated...
Does someone know how to connect ? Using the windows credentials or otherwise...
Thanks !
Db2 works fine with Python.
You need to be aware of some basics before you start such as:
what operating-system runs the target Db2-database and
what kind of client is being used (java, odbc/cli, .net etc), and
what kind of authentication/encrpytion is in place for the database
(ssl, server based authentication/+/-/encryption etc.).
is the remote database rdbms Apache DERBY or Db2.
Find out these basics before you start. You have to speak with people who run the Db2-server.
Note: in your question you mention (SecurityMechanism=4) com.ibm.db2.jcc.DB2BaseDataSource.USER_ONLY_SECURITY - this is not relevant for non-JAVA clients, it is relevant is the database manager is DERBY .
For python, the ibm_db package is not a java application.
DBeaver is a java application (hence it uses db2jcc.jar or db2jcc4.jar and a licence-file to connect to the remote database).
You can only use your Windows credentials for connecting to a Db2-database when that Db2-database run on Microsoft-Windows, and the credentials work on the hostname running the Db2-server. For any other combinations, the administrator must issue you a userid/password that is relevant for the target hostname.
The ibm_db package needs a Db2-client to be installed. The Db2-client is a separate installable. There are different kinds of Db2-client depending both on which operating-system runs your Db2-server and how much functionality you need to have in your Db2-client. If your remote Db2-server runs on Linux, Unix, Windows or Z/OS then you can use the "IBM Data Server Runtime Client" which you can either download from IBM's passport advantage website, or get from your internal IT folks. If your Db2-server runs on i-Series (AS/400) you should get its drivers from your i-Series administrator. For either Z/OS or i-Series you will additionally need a license file (which costs money) and you should get that from your administrator, unless your company uses a gateway product called Db2-connect in which case you don't need a separate license file on your workstation.
Try the following connection string, If your db2 client and server are on the same host.
Change the 'mydb' and 'DB2' (db2 instance name, you can get it with db2ilist utility) constants according your case.
ibm_db.connect('DATABASE=mydb;Instance=DB2;PROTOCOL=IPC;', '', '')
add ibm_db library and import ibm_db on top in the .py file.
def get_db_connection():
"""
This will help to get db2 connection for query execution
:return: conn
"""
dsn_driver = "{IBM DB2 ODBC DRIVER}"
dsn_database = "BLUDB"
dsn_hostname = "your_hostname"
dsn_port = "50000"
dsn_protocol = "TCPIP"
dsn_uid = "your_userid"
dsn_pwd = "your_pwd"
dsn = (
"DRIVER={0};"
"DATABASE={1};"
"HOSTNAME={2};"
"PORT={3};"
"PROTOCOL={4};"
"UID={5};"
"PWD={6};").format(dsn_driver, dsn_database, dsn_hostname, dsn_port, dsn_protocol, dsn_uid, dsn_pwd)
try:
conn = ibm_db.connect(dsn, "", "")
print("Connected!")
return conn
except Exception:
print("\nERROR: Unable to connect to the \'" + dsn_database + "\' server.")
print("error: ", ibm_db.conn_errormsg())
exit(-1)
function get_db_connection() will return the connection object. On that connection object you can perform operation like:
conn = get_db_connection()
list_results = []
select_query = 'SELECT a.STATUS, a.ID FROM "TABLE_NAME" AS a'
print(select_query)
selectStmt = ibm_db.exec_immediate(conn, select_query)
while ibm_db.fetch_row(selectStmt) != False:
list_results.append(ibm_db.result(selectStmt, 'ID'))
ibm_db.close(conn)
After trying to run a query on redshift, I get the following error message:
OperationalError: (psycopg2.OperationalError) server certificate for
"" does not match host name "".
I already installed the sqlalchemy-redshift package, as well as the Psycopg2 package. My code:
from sqlalchemy import create_engine
def run_query(query, connection_string):
red_engine = create_engine(connection_string)
data_set = pd.read_sql_query(query, red_engine)
return data_set
The exact same code does work on another computer, so we are sure that the login name, password and queries are correct, and the problem is specific to my computer. Any suggestions?
This worked for me in the end: we added a preferred sslmode to our code, as follows:
create_engine(connection_string, connect_args={'sslmode': 'prefer'})
I'm using MySQLdb for python, and I would like to connect to a database hosted on an other PC on the same network/LAN.
I tried the followings for host:
192.168.5.37
192.168.5.37:3306
http://192.168.5.37
http://192.168.5.37:3306
None of the above work, I always get the
2005, Unknown MySQL server host ... (0)
What might be the problem?
Code:
db = MySQLdb.connect(host="192.168.5.37", user = "root" passwd = "password", db = "test1")
You can use MySQL Connector/Python, a standardized database driver for Python.
You must provide username, password, host, database name.
import mysql.connector
conn = mysql.connector.connect(user=username, password=password,
host="192.168.5.37",
database=databaseName)
conn.close()
You can download it from: https://dev.mysql.com/downloads/connector/python/
The IP you posted are local IPs
Give it a try with your external IP (for example on this website)
https://www.whatismyip.com/
If it works with the external IP, then it's maybe a misconfiguration of your firewall.
I want to connect to a remote PostgreSQL database through Python to do some basic data analysis. This database requires SSL (verify-ca), along with three files (which I have):
Server root certificate file
Client certificate file
Client key file
I have not been able to find a tutorial which describes how to make this connection with Python.
Any help is appreciated.
Use the psycopg2 module.
You will need to use the ssl options in your connection string, or add them as key word arguments:
import psycopg2
conn = psycopg2.connect(dbname='yourdb', user='dbuser', password='abcd1234', host='server', port='5432', sslmode='require')
In this case sslmode specifies that SSL is required.
To perform server certificate verification you can set sslmode to verify-full or verify-ca. You need to supply the path to the server certificate in sslrootcert. Also set the sslcert and sslkey values to your client certificate and key respectively.
It is explained in detail in the PostgreSQL Connection Strings documentation (see also Parameter Key Words) and in SSL Support.
You may also use an ssh tunnel with paramiko and sshtunnel:
import psycopg2
import paramiko
from sshtunnel import SSHTunnelForwarder
mypkey = paramiko.RSAKey.from_private_key_file('/path/to/private/key')
tunnel = SSHTunnelForwarder(
(host_ip, 22),
ssh_username=username,
ssh_pkey=mypkey,
remote_bind_address=('localhost', psql_port))
tunnel.start()
conn = psycopg2.connect(dbname='gisdata', user=psql_username, password=psql_password, host='127.0.0.1', port=tunnel.local_bind_port)
If you need to connect to your PostgresSQL database with an SSL certificate using psycopg2, you'll need to put your certificate SSL certificate in a subdirectory of your python program, and then you can reference the certificate in your connection string. I believe you could also set an environment variable as well, but in my example my SSL certificate will be in a subdirectory.
My python script is in a directory which looks like:
/Users/myusername/Desktop/MyCoolPythonProgram/test_database_connection.py
And my SSL certificate is in a directory which looks like:
/Users/myusername/Desktop/MyCoolPythonProgram/database/ssl_certificate/database/ssl_certificate/ca-certificate.crt
My HOSTNAME is a URL from DigitalOcean, but yours might be an IP Address instead.
This is what my test_database_connection.py script looks like:
import psycopg2
import os
POSTGRES_DATABASE_HOST_ADDRESS = "your-database-name-do-user-12345678-0.b.db.ondigitalocean.com"
POSTGRES_DATABASE_NAME = "defaultdb"
POSTGRES_USERNAME = "doadmin"
POSTGRES_PASSWORD = "$uperD00P3Rp#$$W0RDg0E$here"
# HOW TO (Relative Path Python): https://stackoverflow.com/questions/918154/relative-paths-in-python
path_to_current_directory = os.path.dirname(__file__)
relative_path_to_ssl_cert = 'database/ssl_certificate/ca-certificate.crt'
SSL_ROOT_CERT = os.path.join(path_to_current_directory , relative_path_to_ssl_cert )
POSTGRES_CONNECTION_PORT = "1234" # Set this to the correct port! Mine is provided by DigitalOcean and it's NOT 1234
db_info = "host='%s' dbname='%s' user='%s' password='%s' sslmode='require' sslrootcert='%s' port='%s'" % (POSTGRES_DATABASE_HOST_ADDRESS, POSTGRES_DATABASE_NAME, POSTGRES_USERNAME, POSTGRES_PASSWORD, SSL_ROOT_CERT, POSTGRES_CONNECTION_PORT)
postgres_connection = psycopg2.connect(db_info)
with postgres_connection:
with postgres_connection.cursor() as postgres_cursor:
sql = "SELECT * FROM your_table;"
postgres_cursor.execute(sql)
results = postgres_cursor.fetchall()
for row in results:
print("row in result")
print("Connection Success!")
# Close Database Cursor/Connection
postgres_cursor.close()
Adding this for completeness and because I couldn't find it anywhere else on SO. Like #mhawke says, you can use psycopg2, but you can also use any other Python database modules (ORMs, etc) that allow you to manually specify a database postgresql URI (postgresql://[user[:password]#][netloc][:port][/dbname][?param1=value1&...]) to connect to since the sslmode="require" parameter that psycopg2.connect uses to enforce ssl connections is just part of the postgresql:// URI that you use to connect to your database (see 33.1.2. Parameter Key Words). So, if you wanted to use sqlalchemy or another ORM instead of vanilla psycopg2, you can tack your desired sslmode onto the end of your database URI and connect that way.
import sqlalchemy
DATABASE_URI = "postgresql://postgres:postgres#localhost:5432/dbname"
# sqlalchemy 1.4+ uses postgresql:// instead of postgres://
ssl_mode = "?sslmode=require"
DATABASE_URI += ssl_mode
engine = sqlalchemy.create_engine(URI)
Session = sqlalchemy.orm.sessionmaker(bind=engine)
There's a nifty figure (Table 33.1) in the postgres documentation on SSL Support that breaks down the different options you can supply. If you want to use any of the fancier options that require you to specify a path to a specific certificate, you can drop it in with a format string.