https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# azure
s
This message was deleted.
g
You might try running with 
--debug
or 
--debug --logtostderr -v9
to get more details about the error.
e
Copy code
debug: AzureRM Request: 
    debug: GET /subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server?api-version=2017-12-01 HTTP/1.1
    debug: Host: <http://management.azure.com|management.azure.com>
    debug: User-Agent: Go/go1.13.4 (amd64-darwin) go-autorest/v14.0.0 Azure-SDK-For-Go/v40.3.0 postgresql/2017-12-01 HashiCorp Terraform/0.11+compatible (+<https://www.terraform.io>) Terraform Plugin SDK/1.8.0 terraform-provider-azurerm/dev
    debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
    debug: Accept-Encoding: gzip
    debug: 
    debug: 
    debug: AzureRM Response for <https://management.azure.com/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server?api-version=2017-12-01>: 
    debug: HTTP/2.0 200 OK
    debug: Cache-Control: no-cache
    debug: Content-Type: application/json; charset=utf-8
    debug: Date: Wed, 01 Jul 2020 13:02:46 GMT
    debug: Expires: -1
    debug: Pragma: no-cache
    debug: Server: Microsoft-HTTPAPI/2.0
    debug: Strict-Transport-Security: max-age=31536000; includeSubDomains
    debug: Vary: Accept-Encoding
    debug: X-Content-Type-Options: nosniff
    debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
    debug: X-Ms-Ratelimit-Remaining-Subscription-Reads: 11994
    debug: X-Ms-Request-Id: 13e1c739-0dfa-4bf7-8b31-e6902c05d168
    debug: X-Ms-Routing-Request-Id: NORTHCENTRALUS:20200701T130246Z:d2c1ded1-883b-403c-8874-087646c57943
    debug: 
    debug: {"sku":{"name":"GP_Gen5_4","tier":"GeneralPurpose","family":"Gen5","capacity":4},"properties":{"administratorLogin":"psqladmin","storageProfile":{"storageMB":5120,"backupRetentionDays":7,"geoRedundantBackup":"Disabled","storageAutogrow":"Enabled"},"version":"10","sslEnforcement":"Enabled","minimalTlsVersion":"TLSEnforcementDisabled","userVisibleState":"Ready","fullyQualifiedDomainName":"<http://ground-control-db-server.postgres.database.azure.com|ground-control-db-server.postgres.database.azure.com>","earliestRestoreDate":"2020-07-01T13:10:44.667+00:00","replicationRole":"None","masterServerId":"","replicaCapacity":5,"byokEnforcement":"Disabled","privateEndpointConnections":[],"infrastructureEncryption":"Disabled","publicNetworkAccess":"Enabled"},"location":"eastus","tags":{"project":"mercury"},"id":"/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server","name":"ground-control-db-server","type":"Microsoft.DBforPostgreSQL/servers"}
    debug: RegisterResource RPC finished: resource:ground-control-db-server[azure:postgresql/server:Server]; err: null, resp: urn:pulumi:jason-dev::jason-dev::azure:postgresql/server:Server::ground-control-db-server,/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server,administratorLogin,,,psqladmin,administratorLoginPassword,,,Fk0Q4kHyJYJl,fqdn,,,<http://ground-control-db-server.postgres.database.azure.com|ground-control-db-server.postgres.database.azure.com>,id,,,/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server,location,,,eastus,name,,,ground-control-db-server,resourceGroupName,,,RD-FoundationalServices-rg,skuName,,,GP_Gen5_4,sslEnforcement,,,Enabled,storageProfile,,,,,autoGrow,,,Enabled,backupRetentionDays,,7,geoRedundantBackup,,,Disabled,storageMb,,5120,tags,,,,,project,,,mercury,version,,,10,,
    debug: RegisterResource RPC prepared: t=pulumi:providers:postgresql, name=ground-control-db-server
    debug: RegisterResource RPC prepared: t=azure:postgresql/virtualNetworkRule:VirtualNetworkRule, name=dbusersallowed
    debug: RegisterResource RPC prepared: t=azure:postgresql/database:Database, name=ground-control-db-db
    debug: PostgreSQL DSN: `host=<http://ground-control-db-server.postgres.database.azure.com|ground-control-db-server.postgres.database.azure.com> port=5432 dbname=postgres user='Calling [toString] on an [Output<T>] is not supported.
    debug: 
    debug: To get the value of an Output<T> as an Output<string> consider either:
    debug: 1: o.apply(v => `prefix${v}suffix`)
    debug: 2: pulumi.interpolate `prefix${v}suffix`
    debug: 
    debug: See <https://pulumi.io/help/outputs> for more details.
    debug: This function may throw in a future version of @pulumi/pulumi.@ground-control-db-server' password=<redacted> sslmode='' connect_timeout=180 fallback_application_name='Terraform provider'`
    debug: preparing arguments for AzureRM PostgreSQL Database creation.
    debug: AzureRM Request: 
    debug: GET /subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server/databases/ground-control-db-db?api-version=2017-12-01 HTTP/1.1
    debug: Host: <http://management.azure.com|management.azure.com>
    debug: User-Agent: Go/go1.13.4 (amd64-darwin) go-autorest/v14.0.0 Azure-SDK-For-Go/v40.3.0 postgresql/2017-12-01 HashiCorp Terraform/0.11+compatible (+<https://www.terraform.io>) Terraform Plugin SDK/1.8.0 terraform-provider-azurerm/dev
    debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
    debug: Accept-Encoding: gzip
    debug: 
    debug: 
    debug: AzureRM Request: 
    debug: GET /subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server/virtualNetworkRules/dbusersallowedf3175cb4?api-version=2017-12-01 HTTP/1.1
    debug: Host: <http://management.azure.com|management.azure.com>
    debug: User-Agent: Go/go1.13.4 (amd64-darwin) go-autorest/v14.0.0 Azure-SDK-For-Go/v40.3.0 postgresql/2017-12-01 HashiCorp Terraform/0.11+compatible (+<https://www.terraform.io>) Terraform Plugin SDK/1.8.0 terraform-provider-azurerm/dev
    debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
    debug: Accept-Encoding: gzip
    debug: 
    debug: 
    debug: RegisterResource RPC finished: resource:ground-control-db-server[pulumi:providers:postgresql]; err: null, resp: urn:pulumi:jason-dev::jason-dev::pulumi:providers:postgresql::ground-control-db-server,cf349bba-6218-4140-a10c-303bc9e5d6e9,connectTimeout,,,180,database,,,postgres,host,,,<http://ground-control-db-server.postgres.database.azure.com|ground-control-db-server.postgres.database.azure.com>,password,,,Fk0Q4kHyJYJl,port,,,5432,username,,,Calling [toString] on an [Output<T>] is not supported.
    
    To get the value of an Output<T> as an Output<string> consider either:
    1: o.apply(v => `prefix${v}suffix`)
    2: pulumi.interpolate `prefix${v}suffix`
    
    See <https://pulumi.io/help/outputs> for more details.
    This function may throw in a future version of @pulumi/pulumi.@ground-control-db-server,,
    debug: RegisterResource RPC prepared: t=postgresql:index/role:Role, name=ground-control-db
    debug: AzureRM Response for <https://management.azure.com/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server/virtualNetworkRules/dbusersallowedf3175cb4?api-version=2017-12-01>: 
    debug: HTTP/2.0 404 Not Found
    debug: Content-Length: 186
    debug: Cache-Control: no-cache
    debug: Content-Type: application/json; charset=utf-8
    debug: Date: Wed, 01 Jul 2020 13:02:47 GMT
    debug: Expires: -1
    debug: Pragma: no-cache
    debug: Server: Microsoft-HTTPAPI/2.0
    debug: Strict-Transport-Security: max-age=31536000; includeSubDomains
    debug: X-Content-Type-Options: nosniff
    debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
    debug: X-Ms-Ratelimit-Remaining-Subscription-Reads: 11999
    debug: X-Ms-Request-Id: 78a1903d-cbdd-4f63-bc55-110949fd8dd2
    debug: X-Ms-Routing-Request-Id: NORTHCENTRALUS:20200701T130247Z:08019d4c-614c-4e8f-aa7c-f16e5d8120fa
    debug: 
    debug: {"error":{"code":"ResourceNotFound","message":"The requested resource of type 'Microsoft.DBforPostgreSQL/servers/virtualNetworkRules' with name 'dbusersallowedf3175cb4' was not found."}}
    debug: AzureRM Request: 
    debug: PUT /subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server/virtualNetworkRules/dbusersallowedf3175cb4?api-version=2017-12-01 HTTP/1.1
    debug: Host: <http://management.azure.com|management.azure.com>
    debug: User-Agent: Go/go1.13.4 (amd64-darwin) go-autorest/v14.0.0 Azure-SDK-For-Go/v40.3.0 postgresql/2017-12-01 HashiCorp Terraform/0.11+compatible (+<https://www.terraform.io>) Terraform Plugin SDK/1.8.0 terraform-provider-azurerm/dev
    debug: Content-Length: 258
    debug: Content-Type: application/json; charset=utf-8
    debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
    debug: Accept-Encoding: gzip
    debug: 
    debug: {"properties":{"virtualNetworkSubnetId":"/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.Network/virtualNetworks/vnet69491ef1/subnets/subnete670feb0","ignoreMissingVnetServiceEndpoint":false}}
    debug: AzureRM Response for <https://management.azure.com/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server/databases/ground-control-db-db?api-version=2017-12-01>: 
    debug: HTTP/2.0 404 Not Found
    debug: Content-Length: 174
    debug: Cache-Control: no-cache
    debug: Content-Type: application/json; charset=utf-8
    debug: Date: Wed, 01 Jul 2020 13:02:47 GMT
    debug: Expires: -1
    debug: Pragma: no-cache
    debug: Server: Microsoft-HTTPAPI/2.0
    debug: Strict-Transport-Security: max-age=31536000; includeSubDomains
    debug: X-Content-Type-Options: nosniff
    debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
    debug: X-Ms-Ratelimit-Remaining-Subscription-Reads: 11999
    debug: X-Ms-Request-Id: 5bb596cb-d91b-436d-a207-b550c44633d3
    debug: X-Ms-Routing-Request-Id: NORTHCENTRALUS:20200701T130247Z:5411e506-9c57-479f-a410-ccf35d76f798
    debug: 
    debug: {"error":{"code":"ResourceNotFound","message":"The requested resource of type 'Microsoft.DBforPostgreSQL/servers/databases' with name 'ground-control-db-db' was not found."}}
Getting 404's on the DB
g
Ah... I think you need this:
Copy code
const pgProvider = new pgsql.Provider(serverName,{
        username: pulumi.interpolate`${server.administratorLogin}@${serverName}`,
        password: server.administratorLoginPassword,
        host: server.fqdn,
    });
Note the 
pulumi.interpolate
for the username.
The reason for that is the 
server.administratorLogin
is an output from your 
server
and therefore must be manipulated using 
interpolate
(or one of the other methods such as 
apply
), because it's effectively a "future" value that isn't known until the server is created.
e
I added that and I'm still getting this:
Copy code
postgresql:index:Role (ground-control-role):
    error: Error initializing PostgreSQL client: error detecting capabilities: error PostgreSQL version: pq: no pg_hba.conf entry for host "72.230.231.134", user "psqladmin", database "postgres", SSL on
g
This is a tricky one... I think you need to create a FirewallRule too (https://www.pulumi.com/docs/reference/pkg/azure/postgresql/firewallrule/) for the Pulumi client to be able to connect.
e
Any examples of doing this? Seems like something you should document and maybe do automatically when creating a PostgreSQL server on Azure
For reference, I'm creating an AKS cluster and need those nodes to be able to get to Postgres
g
e
I got that far, but I don't know how to get IPs from my AKS. Any ideas?
Also, I guess I need to add my machine's IP if I'm running this script from home?
Anyone have ideas on how to get the IPs for AKS nodes to set up firewall rules?
b
@enough-kite-69616 it depends how you defined your cluster. by default, it gets node ips from the default azure virtual network
I would look up the virtual network: https://www.pulumi.com/docs/reference/pkg/azure/network/virtualnetwork/#look-up and them create a firewall rule that encompasses the whole range
e
Is there a good way to go from the virtual network 
addressSpaces
to start and end IPs?
b
there's a few js libraries out there that'll help https://www.npmjs.com/package/ip-cidr but you might consider a virtualnetwork rule instead: https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/azure/postgresql/#VirtualNetworkRule
e
Ah, gotcha... But I'm still getting that error, and I think it's because I don't have a rule for my local machine to be able to make calls to the PGSQL database. Is there a way to set up a temporary firewall rule for my local box and have it torn down at the end?
b
this is more of a networking problem I think. can you connect to the pgsql box via the command line? what about using netcat? does it have a public address?
e
I'm creating it using Pulumi and trying to set up a role and schema during build time. It doesn't exist prior to that.
b
Is it inside an azure virtual network? Are you assigning a public ip? I’m wondering if it’s routeable
e
The server is not in a virtual network, I don't think. Here's my code:
Copy code
export function buildPostgres(name: string, resourceGroup: ResourceGroup, subnet: Subnet): DbValues {

    const adminPassword = new random.RandomPassword(name + "-admin-password", {length: 12, special: false}).result;

    let serverName = name + '-server';
    const server = new azure.postgresql.Server(serverName, {
        name: serverName,
        location: resourceGroup.location,
        resourceGroupName: resourceGroup.name,
        administratorLogin: "psqladmin",
        administratorLoginPassword: adminPassword,
        skuName: "GP_Gen5_4",
        version: "10",
        sslEnforcement: `Enabled`,
        storageProfile: {
            storageMb: 5120,
            backupRetentionDays: 7,
            autoGrow: 'Enabled',
        },
        tags: {
            "project": "mercury"
        }
    });

    let vnRuleName = name + "-VNRule";
    const virtualNetworkRule = new azure.postgresql.VirtualNetworkRule(vnRuleName, {
        name: vnRuleName,
        resourceGroupName: resourceGroup.name,
        serverName: server.name,
        subnetId: subnet.id,
        ignoreMissingVnetServiceEndpoint: true
    });

    let dbName = name + '-db';
    const db = new azure.postgresql.Database(dbName,{
        name: dbName,
        resourceGroupName: resourceGroup.name,
        serverName: server.name,
        charset: 'UTF8',
        collation: 'en-US'
    }, {
        dependsOn: server
    });

    let pgProviderUsername = pulumi.interpolate `${server.administratorLogin}@${serverName}`;

    const pgProvider = new pgsql.Provider(serverName,{
        username: pgProviderUsername,
        password: server.administratorLoginPassword,
        host: server.fqdn,
        sslmode: 'require'
    },
        {
            dependsOn: [server, db, virtualNetworkRule]
        });

    pulumi.all([pgProviderUsername, server.fqdn]).apply(all => {
        console.log("pg provider username = " + all[0]);
        console.log("pg provider fqdn = " + all[1]);
    });

    const userPassword = new random.RandomPassword(name + "-password", {length: 12, special: false}).result;

    const role = new pgsql.Role(name + '-role', {login: true, password: userPassword}, {dependsOn: server, provider: pgProvider});
    const schema = new pgsql.Schema(name + '-schema' , {
        owner: role.name,
        policies: [
            {
                role: role.name,
                usage: true,
                create: true
            }
        ],
    },
        {dependsOn: [server, role, virtualNetworkRule], provider: pgProvider});

    return { adminPassword , server, db, role, userPassword, schema };
}
b
subnetId: subnet.id
What does this compute to? Can you look and see what the ip address of the created database is? The postgres provider needs the created instance to be routeable from where the provider is being run. I'm not sure how this works in Azure, but usually the DB will be created on a private network (otherwise it'll be accessible from the world). I'm trying to determine if that's the issue, or it's something else
e
I'm just experimenting right now. This is part of attempt to set up AKS and Postgres then deploy a Helm chart and configure it with the Postgres address. By the provider, do you mean where I'm running Pulumi? It's running on my local box. I didn't see any options for giving the Postgres server a public IP. How should I test to answer your question?
b
run pulumi from an instance in azure, i'm fairly sure it'll work if you do that. generally you need a bastion server if you're running locally
b
Were you able to get the node ips? I’m experiencing the same problem
10 Views
Open in Slack
PreviousNext
Powered by