[英]Connect to azure sql with managed identity python
我在 azure ML 中有一个用于开发的计算。 我正在尝试使用托管身份连接到 azure sql 数据库,但由于返回错误而无法这样做:
Traceback (most recent call last):
File "active_monitoring/dbtester.py", line 8, in <module>
err_mart_conn.open_connection(local=False)
File "/mnt/batch/tasks/shared/LS_root/mounts/clusters/ourrehman2/code/Users/ourrehman/Sweden_cashflow_forecasting_aml/ml_logic/active_monitoring/db_manager.py", line 47, in open_connection
self.conn = pyodbc.connect(self.conn_str)
pyodbc.OperationalError: ('HYT00', '[HYT00] [Microsoft][ODBC Driver 18 for SQL Server]Login timeout expired (0) (SQLDriverConnect)')
这是用户管理的身份:
它链接到我的计算:
用户是在 sql 端创建的,如下所示:
CREATE USER [cluster-xxxxxxxxxx-dev] FROM EXTERNAL PROVIDER
EXEC sp_addrolemember 'db_datareader', 'cluster-xxxxxxxxxx-dev'
EXEC sp_addrolemember 'db_datawriter', 'cluster-xxxxxxxxxx-dev'
此外,在 sql 端,我们有防火墙,但尝试连接的任何 azure 资源都会有例外。 我的计算在 AML 上,我相信它应该被视为 azure 资源。
我已经使用以下代码安装了 sql 驱动程序 18:
if ! [[ "18.04 20.04 22.04" == *"$(lsb_release -rs)"* ]];
then
echo "Ubuntu $(lsb_release -rs) is not currently supported.";
exit;
fi
sudo su
curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
curl https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/prod.list > /etc/apt/sources.list.d/mssql-release.list
exit
sudo apt-get update
sudo ACCEPT_EULA=Y apt-get install -y msodbcsql18
# optional: for bcp and sqlcmd
sudo ACCEPT_EULA=Y apt-get install -y mssql-tools18
echo 'export PATH="$PATH:/opt/mssql-tools18/bin"' >> ~/.bashrc
source ~/.bashrc
# optional: for unixODBC development headers
sudo apt-get install -y unixodbc-dev
我有以下 class连接到数据库:
class DBManager:
def __init__(self, server : str, database : str, driver='{ODBC Driver 18 for SQL Server}'):
self.server = server
self.database = database
self.conn_str = f"Driver={{ODBC Driver 18 for SQL Server}};Server={server};Database={database};Authentication=ActiveDirectoryMsi"
self.logging = Logger().getLogger(__name__)
self.conn = None
self.cursor = None
def open_connection(self, local=True):
if local:
# open connection to local database
pass
else:
print(self.conn_str)
self.conn = pyodbc.connect(self.conn_str)
self.cursor = self.conn.cursor()
try:
self.logging.info('Verifying the connection...')
self.cursor.execute("SELECT getdate()")
_ = self.cursor.fetchone()
self.logging.info("Conection successfull")
except Exception as e:
self.logging.error("Unable to connect: ", str(e))
raise e
def execute_query(self, query):
if query is None:
self.logging.info('Empty query passed.')
调用代码是:
from db_manager import DBManager
server = 'myservername' # parametrize this
database = 'mydatabasename' # parametrize this
err_mart_conn = DBManager(server, database)
err_mart_conn.open_connection(local=False)
我已经创建了 Azure AD 身份验证并为 SQL 服务器登录设置了一个管理员,然后我尝试通过 SSMS 和 Azure AD 通用 MFA 选项通过 SSMS 登录到 Azure Azure 选项,如下所示:-
CREATE USER <managed-identity> FROM EXTERNAL PROVIDER
ALTER ROLE db_datareader ADD MEMBER <managed-identity>
添加托管身份以使用上述查询访问 SQL 数据库:-
使用下面的 Python 代码从托管身份连接到 SQL 服务器,并得到与您的错误代码相同的错误代码,如下所示:-
添加了我的虚拟机的托管标识,或者您可以将集群的 IP 添加到 Azure SQL 服务器的允许列表中,如下所示:-
现在,我登录我的 VM 分配的托管标识并从 VM 运行 python 代码,并且能够连接到 Azure SQL,如下所示:-
您需要连接到您的 ML 集群并从集群运行此命令,而不是集群外部,并将 Cluster Public IP 添加到 Azure SQL Networking 中,并为集群管理身份分配所需的角色。 参考以下:-
此外,在通过您的 ML 集群连接时验证您的连接字符串,如下所示:-
导入pyodbc
def init_connection():
return pyodbc.connect(
"DRIVER={ODBC Driver 17 for SQL Server};SERVER="
+ "<sqlserver>.database.windows.net,1433"
+ ";DATABASE="
+ "<db_name>"
+";auth = ActiveDirectoryMsi"
)
``
或者
import pyodbc
server = '<SQLserver>.database.windows.net,1433'
database = '<db-name>'
auth = 'ActiveDirectoryMsi'
cnxn = pyodbc.connect('DRIVER={ODBC Driver 17 for SQL Server};SERVER='+server+';DATABASE='+database+';ENCRYPT=no;Auth='+auth)
cursor = cnxn.cursor()
参考:-
使用 ODBC Driver 17 通过 Ubuntu 18.04.1 代理服务器 (microsoft.com) 连接到 MS SQL Server 12.0 时登录超时已过期
安装 ODBC 驱动程序运行此命令:
%sh
curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
curl https://packages.microsoft.com/config/ubuntu/16.04/prod.list > /etc/apt/sources.list.d/mssql-release.list
sudo apt-get update
sudo ACCEPT_EULA=Y apt-get -q -y install msodbcsql17
试试这个代码:
import pyodbc
server = '<Server_name>'
database = '<Database_name>'
username = '<User_name>'
password = '<SQL_password>'
conn = pyodbc.connect('DRIVER={ODBC Driver 17 for SQL Server};SERVER=' + server + ';DATABASE='+ database +';UID=' + username + ';PWD='+ password)
Azure 托管标识:无密码连接字符串到 Azure SQL 数据库连接错误
[英]Azure managed identity: Passwordless connection string to Azure SQL database connection error
逻辑应用查询 Azure Table 使用 HTTP 和 Managed Identity 认证
[英]Logic App query Azure Table using HTTP and Managed Identity authentication
MassTransit:无法使用托管标识访问 Azure 服务总线
[英]MassTransit: Cannot access Azure Service Bus using managed Identity
使用托管标识从 Azure Runbook 运行 Get-AzADApplication
[英]Run Get-AzADApplication from an Azure Runbook using a Managed Identity
无法使用托管身份将消息从 Azure API 发布到 Azure 服务总线队列
[英]Unable to post message to Azure Service Bus Queue from Azure API using Managed Identity
如何通过python anaconda jupyter连接Azure sql数据库
[英]How to connect to Azure sql database through python anaconda jupyter
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.