Skip to content
Snippets Groups Projects
Commit 29c05509 authored by William Bell's avatar William Bell
Browse files

Updating software versions and moving to pymyqsl driver to avoid issues...

Updating software versions and moving to pymyqsl driver to avoid issues building mariadb for Python on AppService plan
parent 2a0179c4
No related branches found
No related tags found
No related merge requests found
No preview for this file type
......@@ -130,7 +130,7 @@ If these exercises are followed using an Azure student account, then a MariaDB d
\subsection{Accessing the database}
\begin{enumerate}
\item Follow the instructions at \href{https://docs.microsoft.com/en-us/azure/mysql/howto-configure-ssl}{https://docs.microsoft.com/en-us/azure/mysql/howto-configure-ssl} to download the \texttt{BaltimoreCyberTrustRoot.crt.pem} file and save it into the \texttt{src} directory.
\item Follow the instructions at \href{https://docs.microsoft.com/en-us/azure/mysql/howto-configure-ssl}{https://docs.microsoft.com/en-us/azure/mysql/howto-configure-ssl} to download the \texttt{DigiCertGlobalRootG2.crt.pem} file and save it into the \texttt{src} directory.
\item Set the environment variables for either the student account or teaching environment:
\begin{itemize}
......@@ -140,28 +140,28 @@ If these exercises are followed using an Azure student account, then a MariaDB d
\item \texttt{DB\_NAME} - The database name. (This is the same as the \texttt{DB\_USER}, when using the teaching environment.)
\end{itemize}
\item Open a command prompt or Bash shell window in the \texttt{src} directory. Then connect to the remote MariaDB database server using the command given in Listing~\ref{listing:mysql-connect} or \ref{listing:mysql-connect-ssl}, where Listing~\ref{listing:mysql-connect-ssl} should be used if the \texttt{BaltimoreCyberTrustRoot.crt.pem} certificate has already been installed on the host operating system. If this command is typed into a Bash shell on Windows, then it must be prefixed by \texttt{winpty}.
\item Open a command prompt or Bash shell window in the \texttt{src} directory. Then connect to the remote MariaDB database server using the command given in Listing~\ref{listing:mysql-connect-ssl}. If this command is typed into a Bash shell on Windows, then it must be prefixed by \texttt{winpty}.
\clearpage
\begin{lstlisting}[caption={Connecting to the remote MariaDB server.},label=listing:mysql-connect,numbers=none,language=,showspaces=true]
mysql --host $DB_SERVER \
--user $DB_USER -p$DB_PASSWORD --ssl \
--ssl-verify-server-cert --ssl-ca=BaltimoreCyberTrustRoot.crt.pem \
--tls-version="TLSv1.2,TLSv1.3" $DB_NAME
\end{lstlisting}
\begin{lstlisting}[caption={Connecting to the remote MariaDB server.},label=listing:mysql-connect-ssl,numbers=none,language=,showspaces=true]
mysql --host $DB_SERVER \
--user $DB_USER -p$DB_PASSWORD --ssl \
--tls-version="TLSv1.2,TLSv1.3" $DB_NAME
\end{lstlisting}
If the command given in Listing~\ref{listing:mysql-connect} fails with the error that is given in Listing~\ref{listing:ssl-error}, run the command that is given in Listing~\ref{listing:mysql-connect-ssl} instead. This error can occur if the \texttt{BaltimoreCyberTrustRoot.crt.pem} is already installed on the host computer, such that it clashes with the version provided locally.
%\begin{lstlisting}[caption={Connecting to the remote MariaDB server.},label=listing:mysql-%connect,numbers=none,language=,showspaces=true]
%mysql --host $DB_SERVER \
%--user $DB_USER -p$DB_PASSWORD --ssl \
%--ssl-verify-server-cert --ssl-ca=BaltimoreCyberTrustRoot.crt.pem \
%--tls-version="TLSv1.2,TLSv1.3" $DB_NAME
%\end{lstlisting}
\begin{lstlisting}[caption={Certificate chain error.},label=listing:ssl-error,numbers=none,language=,showspaces=true]
ERROR 2026 (HY000): SSL connection error: Server certificate validation failed. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
\end{lstlisting}
%If the command given in Listing~\ref{listing:mysql-connect} fails with the error that is given in Listing~\ref{listing:ssl-error}, run the command that is given in Listing~\ref{listing:mysql-connect-ssl} instead. This error can occur if the%\texttt{BaltimoreCyberTrustRoot.crt.pem} is already installed on the host computer, such that it clashes with the version provided locally.
%\begin{lstlisting}[caption={Certificate chain error.},label=listing:ssl-error,numbers=none,language=,showspaces=true]
%ERROR 2026 (HY000): SSL connection error: Server certificate validation failed. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
%\end{lstlisting}
\item Check the tables present and remove any existing tables by using Listing~\ref{listing:list-tables} and \ref{listing:db-reset}, respectively. The name \texttt{db\_name} should be replaced with the database name.
......@@ -191,10 +191,8 @@ It is easier to debug a program when it is running on the local computer, since
\item \texttt{DB\_USER} is the user name for the remote database server.
\item \texttt{DB\_PASSWORD} is the password for the remote database server.
\item \texttt{DB\_NAME} is the name of the database within the remote database server.
\item \texttt{DB\_SSL} is set to \texttt{"true"}, if the \texttt{BaltimoreCyberTrustRoot.crt.pem} is already installed on the host operating system.
\item \texttt{DB\_SSL\_CERT} is set to \texttt{BaltimoreCyberTrustRoot.crt.pem}, if the \texttt{BaltimoreCyberTrustRoot.crt.pem} is not installed on the host operating system.
\item \texttt{DB\_SSL\_CERT} should be set to \texttt{DigiCertGlobalRootG2.crt.pem}.
\end{itemize}
Either \texttt{DB\_SSL} or \texttt{DB\_SSL\_CERT} should be set, but not both.
\item Run the file \texttt{app.py}.
\item Verify the end points work as expected by using Listing~\ref{listing:web-service-test} or Postman.
......@@ -217,8 +215,8 @@ curl -s -X GET "http://127.0.0.1:5000/books/"
\item Create a zip file that contains the source code files, configuration and the certification, using Listing~\ref{listing:zip-files}.
\begin{lstlisting}[caption={Creating a zip file, ready for deployment.},label=listing:zip-files,numbers=none,language=,showspaces=true]
zip -r myapp.zip app.py models.py routes.py requirements.txt \
startup.txt BaltimoreCyberTrustRoot.crt.pem
zip -r zip myapp.zip app.py models.py requirements.txt routes.py \
startup.txt DigiCertGlobalRootG2.crt.pem
\end{lstlisting}
\item Create a Web App by using Listing~\ref{listing:create-web-app}, where the \texttt{plan\_id} should be replaced with the id of the existing plan on the teaching environment. Alternatively, a plan can be created in the student account. Following the Azure resource naming convention, the \texttt{app\_name} should start with the prefix ``app-''.
......@@ -227,17 +225,17 @@ startup.txt BaltimoreCyberTrustRoot.crt.pem
az webapp create --name $app_name \
--plan $plan_id \
--resource-group $resource_group \
--runtime "python|3.9" \
--runtime "python:3.9" \
--startup-file startup.txt
\end{lstlisting}
\item Configure the Web App by using Listing~\ref{listing:web-app-config}. The DB\_SSL\_CERT setting is needed, since the Linux App Service Plan does not contain the \texttt{BaltimoreCyberTrustRoot.crt.pem} certificate.
\item Configure the Web App by using Listing~\ref{listing:web-app-config}.
\begin{lstlisting}[caption={Configuring the Web App, with the database connection details and build flag.},label=listing:web-app-config,numbers=none,language=,showspaces=true]
az webapp config appsettings set --resource-group $resource_group \
--name $app_name --settings DB_SERVER=$DB_SERVER DB_NAME=$DB_NAME \
DB_USER=$DB_USER DB_PASSWORD=$DB_PASSWORD \
DB_SSL_CERT=BaltimoreCyberTrustRoot.crt.pem \
DB_SSL_CERT=DigiCertGlobalRootG2.crt.pem \
SCM_DO_BUILD_DURING_DEPLOYMENT=true
\end{lstlisting}
......
Package,{Package Type},Version
MariaDB Client,Native,10.5.10
Python,Native,3.9.7
azure-cli,Native,2.45.0
Flask,Python,2.2.3
Flask-SQLAlchemy,Python,3.0.3
mariadb,Python,1.0.11
SQLAlchemy,Python,2.0.4
\ No newline at end of file
MariaDB Client,Native,10.11.6
Python,Native,3.11.7
azure-cli,Native,2.56.0
Flask,Python,3.0.2
Flask-SQLAlchemy,Python,3.1.1
PyMSQL,Python,1.1.0
SQLAlchemy,Python,2.0.25
\ No newline at end of file
......@@ -16,11 +16,15 @@ def database_uri() -> sqlalchemy.engine.url.URL:
return url
# Create a new DB connection string from components.
host=os.environ.get("DB_SERVER", default="127.0.0.1")
username = os.environ.get("DB_USER", default="none")
username = f"{username}@{host}"
url = sqlalchemy.engine.url.URL.create(
drivername=os.environ.get("DB_DRIVER", default="mariadb+mariadbconnector"),
username=os.environ.get("DB_USER", default="none"),
drivername=os.environ.get("DB_DRIVER", default="mysql+pymysql"),
username=username,
password=os.environ.get("DB_PASSWORD", default="none"),
host=os.environ.get("DB_SERVER", default="127.0.0.1"),
host=host,
port=os.environ.get("DB_PORT", default="3306"),
database=os.environ.get("DB_NAME", default="mydb"))
......@@ -38,17 +42,9 @@ def database_connection_args() -> dict:
ssl_cert_file = os.environ.get("DB_SSL_CERT", default=None)
if ssl_cert_file is not None:
connection_args.update({
"ssl_ca": ssl_cert_file
'ssl': {'ca': ssl_cert_file}
})
# Check if SSL should be enabled.
ssl_str = os.environ.get("DB_SSL", default=None)
if ssl_str is not None:
if ssl_str.strip().lower() == "true":
connection_args.update({
"ssl": 1
})
return connection_args
......
Flask>=2.2
Flask>=3
Flask-SQLAlchemy>=3
mariadb==1.0.11
PyMSQL>=1
SQLAlchemy>=2
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment