Giter Club home page Giter Club logo

Comments (18)

buremba avatar buremba commented on June 8, 2024 1

Wow, that's strange. Our HTTPS workloads work maybe because HTTP redirects to HTTPS and we didn't realize it. Let me work on it know, will get back to you in an hour.

from metriql.

AndreasTA-AW avatar AndreasTA-AW commented on June 8, 2024 1

Will test it out. That’s the way I wanted it to be :)

from metriql.

buremba avatar buremba commented on June 8, 2024

Could you please send a screenshot of the connection page? The user is required, here is an example config:

CleanShot 2021-11-28 at 14 16 14@2x

from metriql.

AndreasTA-AW avatar AndreasTA-AW commented on June 8, 2024

That's exactly how I set it up. I have a different username though. Could it be with the loadbalancer in front of it, or something else? I saw that if ssl is terminated before the server, Trino needs this config http-server.process-forwarded=true. I've got no clue, just throwing idéas in the air :)

Seems it didn't work from thoughtspot either, so must be something wrong with my setup I guess.

from metriql.

AndreasTA-AW avatar AndreasTA-AW commented on June 8, 2024

Do you need any more info or do you think it's possible to debug anyway? :) I'll be happy to dig further if you need more info. We are currently running another trial where it would be fun to get metriql up and running.

from metriql.

AndreasTA-AW avatar AndreasTA-AW commented on June 8, 2024

Here is the full stacktrace at least

javax.ws.rs.WebApplicationException: User must be set
io.trino.server.HttpRequestSessionContext.badRequest(HttpRequestSessionContext.java:503)
io.trino.server.HttpRequestSessionContext.assertRequest(HttpRequestSessionContext.java:452)
io.trino.server.HttpRequestSessionContext.buildSessionIdentity(HttpRequestSessionContext.java:223)
io.trino.server.HttpRequestSessionContext.<init>(HttpRequestSessionContext.java:120)
com.metriql.service.jdbc.StatementService.createSessionContext(StatementService.kt:95)
com.metriql.service.jdbc.StatementService.query$lambda-3(StatementService.kt:105)
org.rakam.server.http.RakamHttpRequest.handleBody(RakamHttpRequest.java:250)
org.rakam.server.http.HttpServerHandler.handleBody(HttpServerHandler.java:162)
org.rakam.server.http.HttpServerHandler.channelRead(HttpServerHandler.java:112)
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:366)
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:352)
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:345)
io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:435)
io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:293)
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:267)
io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:250)
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:366)
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:352)
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:345)
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1294)
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:366)
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:352)
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:911)
io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:883)
io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:389)
io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:305)
io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:140)
io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:144)
java.base/java.lang.Thread.run(Unknown Source)

from metriql.

AndreasTA-AW avatar AndreasTA-AW commented on June 8, 2024

If I enter the wrong username I get Authentication failed, so it's getting there, but somehow fails.

from metriql.

AndreasTA-AW avatar AndreasTA-AW commented on June 8, 2024

Thoughtspot prints this in chrome console
"debug":"[\"java.sql.SQLException: Authentication failed: Unauthorized\",\"\"]"
I'm copying what I'm using in the python client.

from metriql.

buremba avatar buremba commented on June 8, 2024

Sorry for the delay, I believe that it's related to load-balancers X-Forwarded-Proto headers but I couldn't reproduce the issue. Let me work on it today and I will get back to you.

from metriql.

AndreasTA-AW avatar AndreasTA-AW commented on June 8, 2024

Seems I get "Authentication failed" instead now with the latest image. Python library still works though.

from metriql.

buremba avatar buremba commented on June 8, 2024

After spending an hour, I still couldn't reproduce the issue. Can you please answer the following questions?

  1. Is the Metriql passwordless or did you set up username & password authentication? If you try running it in passwordless mode, does it work?

  2. How do you set up the load balancer, is it a managed service? I suspect that it might be re-writing all the headers with X-Forwarded- prefix.

  3. How do you use the Python library, can you send the snippet here?

Once you answer the questions, I will deep dive and try to solve the issue tomorrow.

from metriql.

AndreasTA-AW avatar AndreasTA-AW commented on June 8, 2024
  1. It has a password. Not to keen to expose it without actually :)
  2. Now I'm setting up an Nginx and a separate VM for this. UI works, python library works, DBEaver gets unauthorized or that it tries to use http in the next call, instead of https. Depending on what I change. Headers are being proxied with X-Forwarded- indeed, shouldnt that be the case?
import trino

METRIQL_HOST = 'mydomain.com'
METRIQL_PORT = '443'
YOUR_METRIQL_USERNAME = 'username'
YOUR_METRIQL_PASSWORD = 'supersecret'

conn = trino.dbapi.connect(
    http_scheme="HTTPS",
    host=METRIQL_HOST,
    port=METRIQL_PORT,
    user=YOUR_METRIQL_USERNAME,
    catalog='metriql',
    schema='public',
    auth=trino.auth.BasicAuthentication(YOUR_METRIQL_USERNAME, YOUR_METRIQL_PASSWORD),
)
cur = conn.cursor()
all_datasets = cur.execute('SHOW TABLES')
print(cur.fetchall())

cur.execute("""
    select * from "ref('some_table')"
""")

print(cur.fetchall())

from metriql.

AndreasTA-AW avatar AndreasTA-AW commented on June 8, 2024

@buremba If it works for you when you do SSL termination in NGINX in front of a secured MetriQL instance protected with username/password, could you please share that configuration?

from metriql.

AndreasTA-AW avatar AndreasTA-AW commented on June 8, 2024

DBeaver is actually doing things my the look of it when I try to connect, but I still get unauthorized. The metriql logs say

SELECT TYPE_NAME, DATA_TYPE, PRECISION, LITERAL_PREFIX, LITERAL_SUFFIX,
CREATE_PARAMS, NULLABLE, CASE_SENSITIVE, SEARCHABLE, UNSIGNED_ATTRIBUTE,
FIXED_PREC_SCALE, AUTO_INCREMENT, LOCAL_TYPE_NAME, MINIMUM_SCALE, MAXIMUM_SCALE,
SQL_DATA_TYPE, SQL_DATETIME_SUB, NUM_PREC_RADIX
FROM system.jdbc.types
ORDER BY DATA_TYPE

SELECT TABLE_CAT
FROM system.jdbc.catalogs
ORDER BY TABLE_CAT

SELECT TABLE_SCHEM, TABLE_CATALOG
FROM system.jdbc.schemas
ORDER BY TABLE_CATALOG, TABLE_SCHEM

from metriql.

AndreasTA-AW avatar AndreasTA-AW commented on June 8, 2024

Isn't this line messing things up?
https://github.com/metriql/metriql/blob/master/src/main/java/com/metriql/service/jdbc/StatementService.kt#L211

from metriql.

buremba avatar buremba commented on June 8, 2024

@AndreasTA-AW , we don't want to require the Metriql URL as a parameter when you run the serve command and Metriql itself doesn't really support SSL. You need to have a load balancer to support HTTPS in Metriql which passes X-Forwarded-Proto to the Metriql instance. We cover this use-case now, it's in the metriql:latest:
Relevant commit: 4554e2a

from metriql.

buremba avatar buremba commented on June 8, 2024

Can you try and let me know if you run into any issues?

from metriql.

AndreasTA-AW avatar AndreasTA-AW commented on June 8, 2024

Works like a charm

from metriql.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.