DataIntegrityError: Query returns an unexpected result

sowe1 · May 4, 2023, 5:19pm

1. What is the issue? Please be detailed.
For a few days now, I have been getting the following error message .

 2023-04-27T14:08:18.146208588+02:00 DataIntegrityError: Query returns an unexpected result.
 2023-04-27T14:08:18.146352464+02:00     at async Object.createConnection (/usr/odk/node_modules/slonik/dist/src/factories/createConnection.js:96:18)DataIntegrityError: Query returns an unexpected result.

and

Error: getaddrinfo ENOTFOUND enketo_redis_main

Odk version
versions:
24ee74e5f974a518aa1cc8b06e7addb3be6b4690 (v1.3.3-2-g24ee74e)
5cc6fd79d112ce36d6298c61bb8817689c4c323b client (v1.3.2)
1d1a3a59969e61383da74119e405e67778b7a170 server (v1.3.3)
2. What steps can we take to reproduce this issue?
Complete a form
3. What have you tried to fix the issue?
restart de services and restore the database status

yanokwa · May 4, 2023, 6:47pm

getaddrinfo seems like a network or DNS issue. Has anything been changed on your network or install? I'd get that working first and then see if that addresses the other error.

sowe1 · May 5, 2023, 9:04am

Hi @yanokwa ,
Thanks for your reply !! appreciated. As far as I know we don't change the network, but I'll check it with the sysadmin.

Where are you seeing the network problem? I thought it was a database problem.

yanokwa · May 5, 2023, 4:27pm

It's a network problem that's resulting in a database problem.

getaddrinfo ENOTFOUND usually means that the service (in this case Enketo's main Redis database server) can't resolve its hostname. That's usually because something has gone wrong with Docker's networking or your host machine's networking. If a reboot hasn't helped, talking to IT is a good next step.

The DataIntegrityError may or may not be related, but you have to fix the network problem first before tackling it.

sowe1 · May 31, 2023, 9:25am

Hello @yanokwa ,
Just to say ,yep we found a problem ,it was a DDoS attack on odk-central . I have changed a ningx configuration and we have alleviated the problem, I don't know if you are interested in this modification and I will make you a PR with the configuration.

yanokwa · May 31, 2023, 11:36am

Sure, send in a PR or post the change here. Whichever is easiest for you.

Anup_Thatal · June 13, 2024, 12:36am

Hello sir ,

I have the same issues can you guide me how can I fix it.

sowe1 · July 27, 2024, 4:08pm

Hi @Anup_Thatal ,
Here you have my nginx configuration adjust times

server {
    listen 443 ssl;
    server_name ${CNAME};

    ssl_certificate /etc/${SSL_TYPE}/live/${CNAME}/fullchain.pem;
    ssl_certificate_key /etc/${SSL_TYPE}/live/${CNAME}/privkey.pem;
    ssl_trusted_certificate /etc/${SSL_TYPE}/live/${CNAME}/fullchain.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305';
    ssl_prefer_server_ciphers off;

    ssl_dhparam /etc/dh/nginx.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;

    server_tokens off;

    include /usr/share/odk/nginx/common-headers.conf;

    client_max_body_size 100m;

    # Slowloris
    client_body_timeout 10s;
    client_header_timeout 10s;
    keepalive_timeout 10s 10s;
    send_timeout 10s;

    gzip on;
    gzip_vary on;
    gzip_min_length 1280;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript text/xml text/csv;

    # Rate limiting zone
    limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
    # Limit number of connections per IP
    limit_conn_zone $binary_remote_addr zone=addr:10m;
    # Limit number of connections per IP
    limit_conn conn_limit_per_ip 100;
    # Limit number of connections per IP
    limit_req zone=req_limit_per_ip burst=5 nodelay;

    location = /robots.txt {
        add_header Content-Type text/plain;
        return 200 "User-agent: *\nDisallow: /\n";
    }

    location /- {
        proxy_pass http://enketo:8005;
        proxy_redirect off;
        proxy_set_header Host $host;

        # More lax CSP for enketo-express:
        # Google Maps API: https://developers.google.com/maps/documentation/javascript/content-security-policy
        add_header Content-Security-Policy-Report-Only "default-src 'none'; connect-src 'self' blob: https://maps.googleapis.com/maps/ https://maps.google.com/ https://maps.gstatic.com/mapfiles/ https://fonts.gstatic.com/ https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/; frame-src 'none'; img-src data: blob: jr: 'self' https://maps.google.com/maps/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/; manifest-src 'none'; media-src blob: jr: 'self'; object-src 'none'; script-src 'unsafe-inline' 'self' https://maps.googleapis.com/maps/api/js/ https://maps.google.com/maps/ https://maps.google.com/maps-api-v3/api/js/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/css; style-src-attr 'none'; report-uri /csp-report";
        #
        # Rules set to 'none' here would fallback to default-src if excluded.
        # They are included here to ease interpretation of violation reports.
        #
        # Other security headers are identical to those in common-headers.conf;
        # We can't just include that file here though, as it will set two Content-Security-Policy* headers
        add_header Referrer-Policy same-origin;
        add_header Strict-Transport-Security "max-age=63072000" always;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-Content-Type-Options nosniff;
        
        # Apply rate limiting
        limit_req zone=one burst=20 nodelay;
    }

    location ~ ^/v\d {
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://service:8383;
        proxy_redirect off;

        # buffer requests, but not responses, so streaming out works.
        proxy_request_buffering on;
        proxy_buffering off;
        proxy_read_timeout 2m;

        # Apply rate limiting
        limit_req zone=one burst=20 nodelay;
    }

    location / {
        root /usr/share/nginx/html;

        location /version.txt {
            include /usr/share/odk/nginx/common-headers.conf;
            add_header Cache-Control no-cache;
        }
        location /index.html {
            include /usr/share/odk/nginx/common-headers.conf;
            add_header Cache-Control no-cache;
        }

        # Apply connection limiting
        limit_conn addr 20;
    }

    location /csp-report {
        proxy_pass https://${SENTRY_ORG_SUBDOMAIN}.ingest.sentry.io/api/${SENTRY_PROJECT}/security/?sentry_key=${SENTRY_KEY};
    }
}