Channels
#azure
Title
# azure
e
enough-kite-69616
06/30/2020, 8:51 PMGetting this error still:
Copy code
postgresql:index:Role (ground-control-db):
error: Error initializing PostgreSQL client: error detecting capabilities: error PostgreSQL version: pq: Invalid connection parameters specified. Check connection parameters, and try again. Copy code
const adminPassword = new random.RandomPassword(name + "-admin-password", {length: 12, special: false}).result;
let serverName = name + '-server';
const server = new azure.postgresql.Server(serverName, {
name: serverName,
location: resourceGroup.location,
resourceGroupName: resourceGroup.name,
administratorLogin: "psqladmin",
administratorLoginPassword: adminPassword,
skuName: "GP_Gen5_4",
version: "10",
sslEnforcement: `Enabled`,
storageProfile: {
storageMb: 5120,
backupRetentionDays: 7,
autoGrow: 'Enabled',
},
tags: {
"project": "mercury"
}
});
let dbName = name + '-db';
const db = new azure.postgresql.Database(dbName,{
name: dbName,
resourceGroupName: resourceGroup.name,
serverName: server.name,
charset: 'UTF8',
collation: 'en-US'
}, {
dependsOn: server
});
const databaseUsersNetworkRule = new azure.postgresql.VirtualNetworkRule("dbusersallowed", {
resourceGroupName: resourceGroup.name,
serverName: server.name,
subnetId: subnet.id,
});
const pgProvider = new pgsql.Provider(serverName,{
username: `${server.administratorLogin}@${serverName}`,
password: server.administratorLoginPassword,
host: server.fqdn,
});
const userPassword = new random.RandomPassword(name + "-password", {length: 12, special: false}).result;
const role = new pgsql.Role(name, {login: true, password: userPassword}, {dependsOn: server, provider: pgProvider});
const schema = new pgsql.Schema(name , {
owner: name,
policies: [
{
role: role.name,
usage: true,
create: true
}
],
},
{dependsOn: [server, role, databaseUsersNetworkRule], provider: pgProvider});g
gentle-diamond-70147
07/01/2020, 4:33 AMYou might try running with
--debug--debug --logtostderr -v9e
enough-kite-69616
07/01/2020, 1:38 PM Copy code
debug: AzureRM Request:
debug: GET /subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server?api-version=2017-12-01 HTTP/1.1
debug: Host: <http://management.azure.com|management.azure.com>
debug: User-Agent: Go/go1.13.4 (amd64-darwin) go-autorest/v14.0.0 Azure-SDK-For-Go/v40.3.0 postgresql/2017-12-01 HashiCorp Terraform/0.11+compatible (+<https://www.terraform.io>) Terraform Plugin SDK/1.8.0 terraform-provider-azurerm/dev
debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
debug: Accept-Encoding: gzip
debug:
debug:
debug: AzureRM Response for <https://management.azure.com/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server?api-version=2017-12-01>:
debug: HTTP/2.0 200 OK
debug: Cache-Control: no-cache
debug: Content-Type: application/json; charset=utf-8
debug: Date: Wed, 01 Jul 2020 13:02:46 GMT
debug: Expires: -1
debug: Pragma: no-cache
debug: Server: Microsoft-HTTPAPI/2.0
debug: Strict-Transport-Security: max-age=31536000; includeSubDomains
debug: Vary: Accept-Encoding
debug: X-Content-Type-Options: nosniff
debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
debug: X-Ms-Ratelimit-Remaining-Subscription-Reads: 11994
debug: X-Ms-Request-Id: 13e1c739-0dfa-4bf7-8b31-e6902c05d168
debug: X-Ms-Routing-Request-Id: NORTHCENTRALUS:20200701T130246Z:d2c1ded1-883b-403c-8874-087646c57943
debug:
debug: {"sku":{"name":"GP_Gen5_4","tier":"GeneralPurpose","family":"Gen5","capacity":4},"properties":{"administratorLogin":"psqladmin","storageProfile":{"storageMB":5120,"backupRetentionDays":7,"geoRedundantBackup":"Disabled","storageAutogrow":"Enabled"},"version":"10","sslEnforcement":"Enabled","minimalTlsVersion":"TLSEnforcementDisabled","userVisibleState":"Ready","fullyQualifiedDomainName":"<http://ground-control-db-server.postgres.database.azure.com|ground-control-db-server.postgres.database.azure.com>","earliestRestoreDate":"2020-07-01T13:10:44.667+00:00","replicationRole":"None","masterServerId":"","replicaCapacity":5,"byokEnforcement":"Disabled","privateEndpointConnections":[],"infrastructureEncryption":"Disabled","publicNetworkAccess":"Enabled"},"location":"eastus","tags":{"project":"mercury"},"id":"/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server","name":"ground-control-db-server","type":"Microsoft.DBforPostgreSQL/servers"}
debug: RegisterResource RPC finished: resource:ground-control-db-server[azure:postgresql/server:Server]; err: null, resp: urn:pulumi:jason-dev::jason-dev::azure:postgresql/server:Server::ground-control-db-server,/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server,administratorLogin,,,psqladmin,administratorLoginPassword,,,Fk0Q4kHyJYJl,fqdn,,,<http://ground-control-db-server.postgres.database.azure.com|ground-control-db-server.postgres.database.azure.com>,id,,,/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server,location,,,eastus,name,,,ground-control-db-server,resourceGroupName,,,RD-FoundationalServices-rg,skuName,,,GP_Gen5_4,sslEnforcement,,,Enabled,storageProfile,,,,,autoGrow,,,Enabled,backupRetentionDays,,7,geoRedundantBackup,,,Disabled,storageMb,,5120,tags,,,,,project,,,mercury,version,,,10,,
debug: RegisterResource RPC prepared: t=pulumi:providers:postgresql, name=ground-control-db-server
debug: RegisterResource RPC prepared: t=azure:postgresql/virtualNetworkRule:VirtualNetworkRule, name=dbusersallowed
debug: RegisterResource RPC prepared: t=azure:postgresql/database:Database, name=ground-control-db-db
debug: PostgreSQL DSN: `host=<http://ground-control-db-server.postgres.database.azure.com|ground-control-db-server.postgres.database.azure.com> port=5432 dbname=postgres user='Calling [toString] on an [Output<T>] is not supported.
debug:
debug: To get the value of an Output<T> as an Output<string> consider either:
debug: 1: o.apply(v => `prefix${v}suffix`)
debug: 2: pulumi.interpolate `prefix${v}suffix`
debug:
debug: See <https://pulumi.io/help/outputs> for more details.
debug: This function may throw in a future version of @pulumi/pulumi.@ground-control-db-server' password=<redacted> sslmode='' connect_timeout=180 fallback_application_name='Terraform provider'`
debug: preparing arguments for AzureRM PostgreSQL Database creation.
debug: AzureRM Request:
debug: GET /subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server/databases/ground-control-db-db?api-version=2017-12-01 HTTP/1.1
debug: Host: <http://management.azure.com|management.azure.com>
debug: User-Agent: Go/go1.13.4 (amd64-darwin) go-autorest/v14.0.0 Azure-SDK-For-Go/v40.3.0 postgresql/2017-12-01 HashiCorp Terraform/0.11+compatible (+<https://www.terraform.io>) Terraform Plugin SDK/1.8.0 terraform-provider-azurerm/dev
debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
debug: Accept-Encoding: gzip
debug:
debug:
debug: AzureRM Request:
debug: GET /subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server/virtualNetworkRules/dbusersallowedf3175cb4?api-version=2017-12-01 HTTP/1.1
debug: Host: <http://management.azure.com|management.azure.com>
debug: User-Agent: Go/go1.13.4 (amd64-darwin) go-autorest/v14.0.0 Azure-SDK-For-Go/v40.3.0 postgresql/2017-12-01 HashiCorp Terraform/0.11+compatible (+<https://www.terraform.io>) Terraform Plugin SDK/1.8.0 terraform-provider-azurerm/dev
debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
debug: Accept-Encoding: gzip
debug:
debug:
debug: RegisterResource RPC finished: resource:ground-control-db-server[pulumi:providers:postgresql]; err: null, resp: urn:pulumi:jason-dev::jason-dev::pulumi:providers:postgresql::ground-control-db-server,cf349bba-6218-4140-a10c-303bc9e5d6e9,connectTimeout,,,180,database,,,postgres,host,,,<http://ground-control-db-server.postgres.database.azure.com|ground-control-db-server.postgres.database.azure.com>,password,,,Fk0Q4kHyJYJl,port,,,5432,username,,,Calling [toString] on an [Output<T>] is not supported.
To get the value of an Output<T> as an Output<string> consider either:
1: o.apply(v => `prefix${v}suffix`)
2: pulumi.interpolate `prefix${v}suffix`
See <https://pulumi.io/help/outputs> for more details.
This function may throw in a future version of @pulumi/pulumi.@ground-control-db-server,,
debug: RegisterResource RPC prepared: t=postgresql:index/role:Role, name=ground-control-db
debug: AzureRM Response for <https://management.azure.com/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server/virtualNetworkRules/dbusersallowedf3175cb4?api-version=2017-12-01>:
debug: HTTP/2.0 404 Not Found
debug: Content-Length: 186
debug: Cache-Control: no-cache
debug: Content-Type: application/json; charset=utf-8
debug: Date: Wed, 01 Jul 2020 13:02:47 GMT
debug: Expires: -1
debug: Pragma: no-cache
debug: Server: Microsoft-HTTPAPI/2.0
debug: Strict-Transport-Security: max-age=31536000; includeSubDomains
debug: X-Content-Type-Options: nosniff
debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
debug: X-Ms-Ratelimit-Remaining-Subscription-Reads: 11999
debug: X-Ms-Request-Id: 78a1903d-cbdd-4f63-bc55-110949fd8dd2
debug: X-Ms-Routing-Request-Id: NORTHCENTRALUS:20200701T130247Z:08019d4c-614c-4e8f-aa7c-f16e5d8120fa
debug:
debug: {"error":{"code":"ResourceNotFound","message":"The requested resource of type 'Microsoft.DBforPostgreSQL/servers/virtualNetworkRules' with name 'dbusersallowedf3175cb4' was not found."}}
debug: AzureRM Request:
debug: PUT /subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server/virtualNetworkRules/dbusersallowedf3175cb4?api-version=2017-12-01 HTTP/1.1
debug: Host: <http://management.azure.com|management.azure.com>
debug: User-Agent: Go/go1.13.4 (amd64-darwin) go-autorest/v14.0.0 Azure-SDK-For-Go/v40.3.0 postgresql/2017-12-01 HashiCorp Terraform/0.11+compatible (+<https://www.terraform.io>) Terraform Plugin SDK/1.8.0 terraform-provider-azurerm/dev
debug: Content-Length: 258
debug: Content-Type: application/json; charset=utf-8
debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
debug: Accept-Encoding: gzip
debug:
debug: {"properties":{"virtualNetworkSubnetId":"/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.Network/virtualNetworks/vnet69491ef1/subnets/subnete670feb0","ignoreMissingVnetServiceEndpoint":false}}
debug: AzureRM Response for <https://management.azure.com/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server/databases/ground-control-db-db?api-version=2017-12-01>:
debug: HTTP/2.0 404 Not Found
debug: Content-Length: 174
debug: Cache-Control: no-cache
debug: Content-Type: application/json; charset=utf-8
debug: Date: Wed, 01 Jul 2020 13:02:47 GMT
debug: Expires: -1
debug: Pragma: no-cache
debug: Server: Microsoft-HTTPAPI/2.0
debug: Strict-Transport-Security: max-age=31536000; includeSubDomains
debug: X-Content-Type-Options: nosniff
debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
debug: X-Ms-Ratelimit-Remaining-Subscription-Reads: 11999
debug: X-Ms-Request-Id: 5bb596cb-d91b-436d-a207-b550c44633d3
debug: X-Ms-Routing-Request-Id: NORTHCENTRALUS:20200701T130247Z:5411e506-9c57-479f-a410-ccf35d76f798
debug:
debug: {"error":{"code":"ResourceNotFound","message":"The requested resource of type 'Microsoft.DBforPostgreSQL/servers/databases' with name 'ground-control-db-db' was not found."}}Getting 404's on the DB
g
gentle-diamond-70147
07/01/2020, 6:05 PMAh... I think you need this:
Copy code
const pgProvider = new pgsql.Provider(serverName,{
username: pulumi.interpolate`${server.administratorLogin}@${serverName}`,
password: server.administratorLoginPassword,
host: server.fqdn,
});pulumi.interpolateThe reason for that is the
server.administratorLoginserverinterpolateapplyMore details on the output concept is at https://www.pulumi.com/docs/intro/concepts/programming-model/#outputs
e
enough-kite-69616
07/01/2020, 6:16 PMI added that and I'm still getting this:
Copy code
postgresql:index:Role (ground-control-role):
error: Error initializing PostgreSQL client: error detecting capabilities: error PostgreSQL version: pq: no pg_hba.conf entry for host "72.230.231.134", user "psqladmin", database "postgres", SSL ong
gentle-diamond-70147
07/01/2020, 7:30 PMThis is a tricky one... I think you need to create a FirewallRule too (https://www.pulumi.com/docs/reference/pkg/azure/postgresql/firewallrule/) for the Pulumi client to be able to connect.
Ringo posted a more complete explanation at https://github.com/terraform-providers/terraform-provider-postgresql/issues/47#issuecomment-593326014.
👍 1
e
enough-kite-69616
07/02/2020, 2:08 PMAny examples of doing this? Seems like something you should document and maybe do automatically when creating a PostgreSQL server on Azure
For reference, I'm creating an AKS cluster and need those nodes to be able to get to Postgres
g
gentle-diamond-70147
07/02/2020, 3:16 PMThere's a postgresql FirewallRule example at https://www.pulumi.com/docs/reference/pkg/azure/postgresql/firewallrule/#ip-range.
e
enough-kite-69616
07/02/2020, 6:12 PMI got that far, but I don't know how to get IPs from my AKS. Any ideas?
Also, I guess I need to add my machine's IP if I'm running this script from home?
Anyone have ideas on how to get the IPs for AKS nodes to set up firewall rules?
b
billowy-army-68599
07/06/2020, 2:05 PM
@enough-kite-69616 it depends how you defined your cluster. by default, it gets node ips from the default azure virtual network
I would look up the virtual network:
https://www.pulumi.com/docs/reference/pkg/azure/network/virtualnetwork/#look-up
and them create a firewall rule that encompasses the whole range
e
enough-kite-69616
07/06/2020, 2:31 PMIs there a good way to go from the virtual network
addressSpacesb
billowy-army-68599
07/06/2020, 2:39 PM
there's a few js libraries out there that'll help
https://www.npmjs.com/package/ip-cidr
but you might consider a virtualnetwork rule instead: https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/azure/postgresql/#VirtualNetworkRule
e
enough-kite-69616
07/06/2020, 3:41 PMAh, gotcha... But I'm still getting that error, and I think it's because I don't have a rule for my local machine to be able to make calls to the PGSQL database. Is there a way to set up a temporary firewall rule for my local box and have it torn down at the end?
b
billowy-army-68599
07/06/2020, 3:45 PM
this is more of a networking problem I think. can you connect to the pgsql box via the command line? what about using netcat?
does it have a public address?
e
enough-kite-69616
07/06/2020, 3:49 PMI'm creating it using Pulumi and trying to set up a role and schema during build time. It doesn't exist prior to that.
b
billowy-army-68599
07/06/2020, 4:10 PM
Is it inside an azure virtual network? Are you assigning a public ip? I’m wondering if it’s routeable
e
enough-kite-69616
07/06/2020, 4:25 PMThe server is not in a virtual network, I don't think. Here's my code:
Copy code
export function buildPostgres(name: string, resourceGroup: ResourceGroup, subnet: Subnet): DbValues {
const adminPassword = new random.RandomPassword(name + "-admin-password", {length: 12, special: false}).result;
let serverName = name + '-server';
const server = new azure.postgresql.Server(serverName, {
name: serverName,
location: resourceGroup.location,
resourceGroupName: resourceGroup.name,
administratorLogin: "psqladmin",
administratorLoginPassword: adminPassword,
skuName: "GP_Gen5_4",
version: "10",
sslEnforcement: `Enabled`,
storageProfile: {
storageMb: 5120,
backupRetentionDays: 7,
autoGrow: 'Enabled',
},
tags: {
"project": "mercury"
}
});
let vnRuleName = name + "-VNRule";
const virtualNetworkRule = new azure.postgresql.VirtualNetworkRule(vnRuleName, {
name: vnRuleName,
resourceGroupName: resourceGroup.name,
serverName: server.name,
subnetId: subnet.id,
ignoreMissingVnetServiceEndpoint: true
});
let dbName = name + '-db';
const db = new azure.postgresql.Database(dbName,{
name: dbName,
resourceGroupName: resourceGroup.name,
serverName: server.name,
charset: 'UTF8',
collation: 'en-US'
}, {
dependsOn: server
});
let pgProviderUsername = pulumi.interpolate `${server.administratorLogin}@${serverName}`;
const pgProvider = new pgsql.Provider(serverName,{
username: pgProviderUsername,
password: server.administratorLoginPassword,
host: server.fqdn,
sslmode: 'require'
},
{
dependsOn: [server, db, virtualNetworkRule]
});
pulumi.all([pgProviderUsername, server.fqdn]).apply(all => {
console.log("pg provider username = " + all[0]);
console.log("pg provider fqdn = " + all[1]);
});
const userPassword = new random.RandomPassword(name + "-password", {length: 12, special: false}).result;
const role = new pgsql.Role(name + '-role', {login: true, password: userPassword}, {dependsOn: server, provider: pgProvider});
const schema = new pgsql.Schema(name + '-schema' , {
owner: role.name,
policies: [
{
role: role.name,
usage: true,
create: true
}
],
},
{dependsOn: [server, role, virtualNetworkRule], provider: pgProvider});
return { adminPassword , server, db, role, userPassword, schema };
}b
billowy-army-68599
07/06/2020, 4:32 PM
subnetId: subnet.ide
enough-kite-69616
07/06/2020, 4:57 PMI'm just experimenting right now. This is part of attempt to set up AKS and Postgres then deploy a Helm chart and configure it with the Postgres address. By the provider, do you mean where I'm running Pulumi? It's running on my local box. I didn't see any options for giving the Postgres server a public IP. How should I test to answer your question?
b
billowy-army-68599
07/06/2020, 5:11 PM
run pulumi from an instance in azure, i'm fairly sure it'll work if you do that. generally you need a bastion server if you're running locally
b
breezy-cricket-40277
07/31/2020, 1:50 PMWere you able to get the node ips? I’m experiencing the same problem
10 Views