Restore to Remote Database Access Failed - Access Denied Even When User can Access Remotely

Frappe Framework Bug
1

Setup:

  1. epnext installed on app server running Ubuntu
    education 0.0.1
    erpnext 14.32.1
    frappe 14.42.0
    hrms 14.8.0
    lms 1.0.0
    payments 0.0.1

  2. Mariadb installed on separate server running Ubuntu

  3. Bench config output
    Site apps.frontiertowersphilippines.com
    ±----------------------------------------------±-----------------------------------------------------------------------+
    | Config | Value |
    ±----------------------------------------------±-----------------------------------------------------------------------+
    | background_workers | 1 |
    | db_host | 10.148.0.2 |
    | db_port | 3306 |
    | dns_multitenant | True |
    | file_watcher_port | 6787 |
    | frappe_user | frappe |
    | gunicorn_workers | 9 |
    | live_reload | True |
    | maintenance_mode | 0 |
    | pause_scheduler | 0 |
    | rebase_on_pull | False |
    | redis_cache | redis://localhost:13000 |
    | redis_queue | redis://localhost:11000 |
    | redis_socketio | redis://localhost:12000 |
    | restart_supervisor_on_update | True |
    | restart_systemd_on_update | False |
    | serve_default_site | True |
    | shallow_clone | True |
    | socketio_port | 9000 |
    | use_redis_auth | False |
    | webserver_port | 8000 |
    | db_name | _995a5a1213d4962d |
    | db_password | |
    | db_type | mariadb |
    | domains | [“apps.frontiertowersphilippines.com”] |
    | encryption_key | |
    | ssl_certificate | /etc/letsencrypt/live/apps.frontiertowersphilippines.com/fullchain.pem |
    | ssl_certificate_key | /etc/letsencrypt/live/apps.frontiertowersphilippines.com/privkey.pem |
    | user_type_doctype_limit.employee_self_service | 20 |
    ±----------------------------------------------±-----------------------------------------------------------------------+

  4. DB user erpnxtadm created in MariaDB, can access the database remotely from webapp server. See output:

    image
    image857×223 9.33 KB

  5. After running bench restore, getting access denied error even when the user can interactively login to the database remotely:

image
image2340×106 10.5 KB

Servers are VM’s hosted on Google Cloud Platform. All servers are temporarily public facing (no firewall). The frustrating part is that we can interactively login remotely with no issue (1st check to pass).

Does anyone know where to find the script generated by Bench Restore command to understand how it is connecting to the remote database?

Please help as this is business critical issue. Much thanks!

Chris Phoa

2

I see you tried to change the password, but you used the password in your command

I prefer to create another DB user to remotely only

3

@msiam Well the user account I’m using is separate from the user account used to create the site ( that is defaulted to root? ), so I need to specify the db user and db password.

but that brings up a point maybe it’s not accepting the password I’m putting in even though it’s a valid parameter. I’ll try running it without specifying a password and maybe it will ask me for it. Much thanks!

4

OK solved it. Do NOT use the --db-root-password parameter. I made the script ask me for it interactively and it finally worked.