search

nuxsmin / docker-syspass

Docker stuff for running sysPass on Docker
GNU General Public License v3.0
39 stars 21 forks source link

Unable to connect after server crash [default docker-compose] #13

Closed pslobo closed 4 years ago

pslobo commented 6 years ago

Hi,

Yesterday our server crashed and now I'm unable to connect to syspass. I have an error similar to #5:

Error 1045: SQLSTATE[HY000] [1045] Access denied for user 'sp_admin'@'syspass-app.syspass_default' (using password: YES)

# docker exec -it syspass-db mysql -e "select user,host from mysql.user;"
+------------------+-----------------------------+
| user             | host                        |
+------------------+-----------------------------+
| root             | 127.0.0.1                   |
| sp_admin          | 172.18.0.3                  |
| root             | 8a582731e3b2                |
| root             | ::1                         |
| sp_ubit          | ed1bbf888e1c                |
| debian-sys-maint | localhost                   |
| root             | localhost                   |
| root             | syspass-app.syspass_default |
+------------------+-----------------------------+

# docker container exec -it syspass-app ping syspass-db
PING syspass-db (172.18.0.3): 56 data bytes
64 bytes from 172.18.0.3: icmp_seq=0 ttl=64 time=0.095 ms

Everything has been working just fine with the default docker-compose and so not entirely sure what could be causing this issue.

Update
A little more info:

mysql> show grants for 'sp_admin'@'syspass-app.syspass_default';
ERROR 1141 (42000): There is no such grant defined for user 'sp_admin' on host 'syspass-app.syspass_default'

mysql> show grants for 'sp_admin'@'172.18.0.3';
+-----------------------------------------------------------------------------------------------------------------+
| Grants for sp_admin@172.18.0.3                                                                                   |
+-----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'sp_admin'@'172.18.0.3' IDENTIFIED BY PASSWORD 'XXXXXX' |
| GRANT ALL PRIVILEGES ON `syspass`.* TO 'sp_admin'@'172.18.0.3'                                                   |
+-----------------------------------------------------------------------------------------------------------------+
pslobo commented 6 years ago

OK, so upon closer inspection it seems as though when the containers came up, their IP was swtiched around and therefore things weren't working as expected (not sure why sp_admin doesn't have privileges for the syspass_app.syspass_default though).

Fixed my issue with manually applying grants:

mysql> GRANT USAGE ON *.* TO 'sp_admin'@'syspass-app.syspass_default' IDENTIFIED BY PASSWORD 'XXXXXXXX';
mysql> GRANT ALL PRIVILEGES ON `syspass`.* TO 'sp_admin'@'syspass-app.syspass_default';

If this won't cause issues moving forward, then feel free to close this issue. Thanks

nuxsmin commented 6 years ago

@pslobo this is one of the most facing issues since almost everyone uses Docker's DHCP network configuration, so it could lead to unexpected behaviors. I was thinking about setting a fixed network in compose file, but it could break some other containers, so I let it so.

I'll add some notes in the doc.

Thanks for the feedback!

Regards