2

I have a python/sqlalchemy app that I want to make communicate with a mysql database, both of which are in docker containers, and both of which launched via docker-compose.

I believe the correct way to establish credentials for the mysql database is using environment variables pulled from a config file. I believe this will allow me to easily develop locally, and then when I deploy the app, easily create a config file on the server, though I'm not entirely sure about that process yet.

For now, my mysql database's password for root isn't being accepted, whether the origin is the python server, or docker exec -it. That being said, the environment variable MYSQL_ROOT_PASSWORD does appear to be properly accessible in the mysql container. I'll demonstrate:

/docker-compose.dev.yml

version: '3.8'

services:
 api:
  build:
   context: ./backend/
  ports:
  - 5000:5000
  env_file:
  - .dev.env
  networks:
    - local-net
  depends_on:
    - mysqldb

 mysqldb:
  image: mysql
  # container_name: "mysqldb"
  ports:
  - 3306:3306
  env_file:
  - .dev.env
  volumes:
  - mysql:/var/lib/mysql
  - mysql_config:/etc/mysql
  networks:
  - local-net

 frontend:
   build:
     context: ./frontend/
   ports:
   - 8080:8080

volumes:
  mysql:
  mysql_config:

networks:
  local-net:
    driver: bridge

I believe that the proper way to pass in an env file is via env_file, and that appears to be working:

/.dev.env

MYSQL_ROOT_PASSWORD='password'
MYSQL_USER=root
MYSQL_HOST=mysqldb
MYSQL_DB='remixguesser'
MYSQL_PORT=3306

I believe it's working because if I do the following, it returns password

$ docker exec -it game-remix-guesser_mysqldb_1 bash
root@206acfa56847:/# echo $MYSQL_ROOT_PASSWORD
password

However, that's not the password for user root

root@206acfa56847:/# mysql -u root -p
Enter password:

And then input password I get:

ERROR 1045 (28000): Access denied for user 'root'@'(ip)' (using password: YES)

So, password isn't the password for user root despite my intentions. I believe this leading to me, in python, getting the error:

RuntimeError: 'cryptography' package is required for sha256_password or caching_sha2_password auth methods

Despite having confirmed that I have access to the same environment variables from the environment file as the mysql server does:

/backend/app/database.py

username = os.getenv('MYSQL_USER')
password = os.getenv('MYSQL_ROOT_PASSWORD')
host = os.getenv('MYSQL_HOST')
port = os.getenv('MYSQL_PORT')
DB_NAME = os.getenv('MYSQL_DB')

print(username)
print(password)
print(host)
print(port)
SQLALCHEMY_DATABASE_URL = f"mysql+pymysql://{username}:{password}@{host}:{port}"

Prints, before getting the error:

api_1       | root
api_1       | password
api_1       | mysqldb
api_1       | 3306

How can I properly establish a mysql server docker image in a way that allows me to share credentials with, and connect to it from, my python server? I believe the answer to that is "using a .env file," and so my question is thus How can I properly set up a user and password for a mysql docker image using a .env config file passed in via docker-compose?

Caleb Jay
  • 2,159
  • 3
  • 32
  • 66
  • 1
    [Don't quote values in docker .env file](https://dev.to/tvanantwerp/don-t-quote-environment-variables-in-docker-268h). You can also refer to the official [.env syntax rules](https://docs.docker.com/compose/env-file/#syntax-rules). To test it for yourself, enter the current password **with the quotes** and mysql should let you in. Same problem for your dbname. – Zeitounator Jul 27 '21 at 11:31
  • Hmm, you're probably right that that was one issue, however I both tried with the quotes, as well as changed the .env file and tried again with and without quotes, and at all times the password is failing. Do I need to do more tear-down other than simply stopping the docker-compose process? I thought it rebuilding automatically? – Caleb Jay Jul 28 '21 at 02:57
  • 2
    You need to start over on fresh volume is you want your db to be initialized => https://stackoverflow.com/questions/59838692/mysql-root-password-is-set-but-getting-access-denied-for-user-rootlocalhost/59839180#59839180 – Zeitounator Jul 28 '21 at 08:12
  • @Zeitounator that solved the issue of the password not being set properly. I might need to make a separate question to figure out why python's connection is being refused, but I've confirmed through bash that the password is as expected at least. Would you like to submit your comment as an answer so I can accept it? – Caleb Jay Jul 31 '21 at 10:04
  • well, actually, if i put a sleep() in just to ensure the DB is up for my python code, i still get a cryptography error, indicating perhaps that the password is still wrong from python. how strange – Caleb Jay Jul 31 '21 at 10:16
  • Thanks for your proposition. But I actually voted to close this question as "not reproducible or caused by a typo" before I made my first comment. You are not giving enough information but I'm almost sure you have an other problem:you should not set `MYSQL_USER: root` in your mysql container. See [this answer](https://stackoverflow.com/questions/60021273/why-isnt-my-docker-entrypoint-initdb-d-script-as-specified-in-docker-compose-y/60021761#60021761) – Zeitounator Jul 31 '21 at 10:16
  • 1
    `still get a cryptography error, indicating perhaps that the password is still wrong from python` <= I would bet you are a victim of mysql 8 new `caching_sha2_password` mechanism. This is a pure guess. But it that's the case you either need to tell python to use the correct auth mechanisme (no idea how to do that at this stage) or to configure mysql 8 to turn back to `mysql_native_passwords` in `my.cnf` – Zeitounator Jul 31 '21 at 10:24
  • Thanks, that's helpful. What more information could I give that would be helpful? For what it's worth, it's just a dumb little test project and is entirely available on github: https://github.com/komali2/game-remix-guesser – Caleb Jay Jul 31 '21 at 10:27
  • 1
    Just make your tries, debug, and if you still can't succeed ask a new question with an [MCVE](/help/mcve) – Zeitounator Jul 31 '21 at 10:39

0 Answers0