https://pulumi.com logo
#azure
Title
# azure
e

enough-kite-69616

06/30/2020, 8:51 PM
Getting this error still:
Copy code
postgresql:index:Role (ground-control-db):
    error: Error initializing PostgreSQL client: error detecting capabilities: error PostgreSQL version: pq: Invalid connection parameters specified. Check connection parameters, and try again.
This is the code that's failing:
Copy code
const adminPassword = new random.RandomPassword(name + "-admin-password", {length: 12, special: false}).result;

    let serverName = name + '-server';
    const server = new azure.postgresql.Server(serverName, {
        name: serverName,
        location: resourceGroup.location,
        resourceGroupName: resourceGroup.name,
        administratorLogin: "psqladmin",
        administratorLoginPassword: adminPassword,
        skuName: "GP_Gen5_4",
        version: "10",
        sslEnforcement: `Enabled`,
        storageProfile: {
            storageMb: 5120,
            backupRetentionDays: 7,
            autoGrow: 'Enabled',
        },
        tags: {
            "project": "mercury"
        }
    });

    let dbName = name + '-db';
    const db = new azure.postgresql.Database(dbName,{
        name: dbName,
        resourceGroupName: resourceGroup.name,
        serverName: server.name,
        charset: 'UTF8',
        collation: 'en-US'
    }, {
        dependsOn: server
    });

    const databaseUsersNetworkRule = new azure.postgresql.VirtualNetworkRule("dbusersallowed", {
        resourceGroupName: resourceGroup.name,
        serverName: server.name,
        subnetId: subnet.id,
    });

    const pgProvider = new pgsql.Provider(serverName,{
        username: `${server.administratorLogin}@${serverName}`,
        password: server.administratorLoginPassword,
        host: server.fqdn,
    });

    const userPassword = new random.RandomPassword(name + "-password", {length: 12, special: false}).result;

    const role = new pgsql.Role(name, {login: true, password: userPassword}, {dependsOn: server, provider: pgProvider});
    const schema = new pgsql.Schema(name , {
        owner: name,
        policies: [
            {
                role: role.name,
                usage: true,
                create: true
            }
        ],
    },
        {dependsOn: [server, role, databaseUsersNetworkRule], provider: pgProvider});
g

gentle-diamond-70147

07/01/2020, 4:33 AM
You might try running with
--debug
or
--debug --logtostderr -v9
to get more details about the error.
e

enough-kite-69616

07/01/2020, 1:38 PM
Copy code
debug: AzureRM Request: 
    debug: GET /subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server?api-version=2017-12-01 HTTP/1.1
    debug: Host: <http://management.azure.com|management.azure.com>
    debug: User-Agent: Go/go1.13.4 (amd64-darwin) go-autorest/v14.0.0 Azure-SDK-For-Go/v40.3.0 postgresql/2017-12-01 HashiCorp Terraform/0.11+compatible (+<https://www.terraform.io>) Terraform Plugin SDK/1.8.0 terraform-provider-azurerm/dev
    debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
    debug: Accept-Encoding: gzip
    debug: 
    debug: 
    debug: AzureRM Response for <https://management.azure.com/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server?api-version=2017-12-01>: 
    debug: HTTP/2.0 200 OK
    debug: Cache-Control: no-cache
    debug: Content-Type: application/json; charset=utf-8
    debug: Date: Wed, 01 Jul 2020 13:02:46 GMT
    debug: Expires: -1
    debug: Pragma: no-cache
    debug: Server: Microsoft-HTTPAPI/2.0
    debug: Strict-Transport-Security: max-age=31536000; includeSubDomains
    debug: Vary: Accept-Encoding
    debug: X-Content-Type-Options: nosniff
    debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
    debug: X-Ms-Ratelimit-Remaining-Subscription-Reads: 11994
    debug: X-Ms-Request-Id: 13e1c739-0dfa-4bf7-8b31-e6902c05d168
    debug: X-Ms-Routing-Request-Id: NORTHCENTRALUS:20200701T130246Z:d2c1ded1-883b-403c-8874-087646c57943
    debug: 
    debug: {"sku":{"name":"GP_Gen5_4","tier":"GeneralPurpose","family":"Gen5","capacity":4},"properties":{"administratorLogin":"psqladmin","storageProfile":{"storageMB":5120,"backupRetentionDays":7,"geoRedundantBackup":"Disabled","storageAutogrow":"Enabled"},"version":"10","sslEnforcement":"Enabled","minimalTlsVersion":"TLSEnforcementDisabled","userVisibleState":"Ready","fullyQualifiedDomainName":"<http://ground-control-db-server.postgres.database.azure.com|ground-control-db-server.postgres.database.azure.com>","earliestRestoreDate":"2020-07-01T13:10:44.667+00:00","replicationRole":"None","masterServerId":"","replicaCapacity":5,"byokEnforcement":"Disabled","privateEndpointConnections":[],"infrastructureEncryption":"Disabled","publicNetworkAccess":"Enabled"},"location":"eastus","tags":{"project":"mercury"},"id":"/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server","name":"ground-control-db-server","type":"Microsoft.DBforPostgreSQL/servers"}
    debug: RegisterResource RPC finished: resource:ground-control-db-server[azure:postgresql/server:Server]; err: null, resp: urn:pulumi:jason-dev::jason-dev::azure:postgresql/server:Server::ground-control-db-server,/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server,administratorLogin,,,psqladmin,administratorLoginPassword,,,Fk0Q4kHyJYJl,fqdn,,,<http://ground-control-db-server.postgres.database.azure.com|ground-control-db-server.postgres.database.azure.com>,id,,,/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server,location,,,eastus,name,,,ground-control-db-server,resourceGroupName,,,RD-FoundationalServices-rg,skuName,,,GP_Gen5_4,sslEnforcement,,,Enabled,storageProfile,,,,,autoGrow,,,Enabled,backupRetentionDays,,7,geoRedundantBackup,,,Disabled,storageMb,,5120,tags,,,,,project,,,mercury,version,,,10,,
    debug: RegisterResource RPC prepared: t=pulumi:providers:postgresql, name=ground-control-db-server
    debug: RegisterResource RPC prepared: t=azure:postgresql/virtualNetworkRule:VirtualNetworkRule, name=dbusersallowed
    debug: RegisterResource RPC prepared: t=azure:postgresql/database:Database, name=ground-control-db-db
    debug: PostgreSQL DSN: `host=<http://ground-control-db-server.postgres.database.azure.com|ground-control-db-server.postgres.database.azure.com> port=5432 dbname=postgres user='Calling [toString] on an [Output<T>] is not supported.
    debug: 
    debug: To get the value of an Output<T> as an Output<string> consider either:
    debug: 1: o.apply(v => `prefix${v}suffix`)
    debug: 2: pulumi.interpolate `prefix${v}suffix`
    debug: 
    debug: See <https://pulumi.io/help/outputs> for more details.
    debug: This function may throw in a future version of @pulumi/pulumi.@ground-control-db-server' password=<redacted> sslmode='' connect_timeout=180 fallback_application_name='Terraform provider'`
    debug: preparing arguments for AzureRM PostgreSQL Database creation.
    debug: AzureRM Request: 
    debug: GET /subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server/databases/ground-control-db-db?api-version=2017-12-01 HTTP/1.1
    debug: Host: <http://management.azure.com|management.azure.com>
    debug: User-Agent: Go/go1.13.4 (amd64-darwin) go-autorest/v14.0.0 Azure-SDK-For-Go/v40.3.0 postgresql/2017-12-01 HashiCorp Terraform/0.11+compatible (+<https://www.terraform.io>) Terraform Plugin SDK/1.8.0 terraform-provider-azurerm/dev
    debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
    debug: Accept-Encoding: gzip
    debug: 
    debug: 
    debug: AzureRM Request: 
    debug: GET /subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server/virtualNetworkRules/dbusersallowedf3175cb4?api-version=2017-12-01 HTTP/1.1
    debug: Host: <http://management.azure.com|management.azure.com>
    debug: User-Agent: Go/go1.13.4 (amd64-darwin) go-autorest/v14.0.0 Azure-SDK-For-Go/v40.3.0 postgresql/2017-12-01 HashiCorp Terraform/0.11+compatible (+<https://www.terraform.io>) Terraform Plugin SDK/1.8.0 terraform-provider-azurerm/dev
    debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
    debug: Accept-Encoding: gzip
    debug: 
    debug: 
    debug: RegisterResource RPC finished: resource:ground-control-db-server[pulumi:providers:postgresql]; err: null, resp: urn:pulumi:jason-dev::jason-dev::pulumi:providers:postgresql::ground-control-db-server,cf349bba-6218-4140-a10c-303bc9e5d6e9,connectTimeout,,,180,database,,,postgres,host,,,<http://ground-control-db-server.postgres.database.azure.com|ground-control-db-server.postgres.database.azure.com>,password,,,Fk0Q4kHyJYJl,port,,,5432,username,,,Calling [toString] on an [Output<T>] is not supported.
    
    To get the value of an Output<T> as an Output<string> consider either:
    1: o.apply(v => `prefix${v}suffix`)
    2: pulumi.interpolate `prefix${v}suffix`
    
    See <https://pulumi.io/help/outputs> for more details.
    This function may throw in a future version of @pulumi/pulumi.@ground-control-db-server,,
    debug: RegisterResource RPC prepared: t=postgresql:index/role:Role, name=ground-control-db
    debug: AzureRM Response for <https://management.azure.com/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server/virtualNetworkRules/dbusersallowedf3175cb4?api-version=2017-12-01>: 
    debug: HTTP/2.0 404 Not Found
    debug: Content-Length: 186
    debug: Cache-Control: no-cache
    debug: Content-Type: application/json; charset=utf-8
    debug: Date: Wed, 01 Jul 2020 13:02:47 GMT
    debug: Expires: -1
    debug: Pragma: no-cache
    debug: Server: Microsoft-HTTPAPI/2.0
    debug: Strict-Transport-Security: max-age=31536000; includeSubDomains
    debug: X-Content-Type-Options: nosniff
    debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
    debug: X-Ms-Ratelimit-Remaining-Subscription-Reads: 11999
    debug: X-Ms-Request-Id: 78a1903d-cbdd-4f63-bc55-110949fd8dd2
    debug: X-Ms-Routing-Request-Id: NORTHCENTRALUS:20200701T130247Z:08019d4c-614c-4e8f-aa7c-f16e5d8120fa
    debug: 
    debug: {"error":{"code":"ResourceNotFound","message":"The requested resource of type 'Microsoft.DBforPostgreSQL/servers/virtualNetworkRules' with name 'dbusersallowedf3175cb4' was not found."}}
    debug: AzureRM Request: 
    debug: PUT /subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server/virtualNetworkRules/dbusersallowedf3175cb4?api-version=2017-12-01 HTTP/1.1
    debug: Host: <http://management.azure.com|management.azure.com>
    debug: User-Agent: Go/go1.13.4 (amd64-darwin) go-autorest/v14.0.0 Azure-SDK-For-Go/v40.3.0 postgresql/2017-12-01 HashiCorp Terraform/0.11+compatible (+<https://www.terraform.io>) Terraform Plugin SDK/1.8.0 terraform-provider-azurerm/dev
    debug: Content-Length: 258
    debug: Content-Type: application/json; charset=utf-8
    debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
    debug: Accept-Encoding: gzip
    debug: 
    debug: {"properties":{"virtualNetworkSubnetId":"/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.Network/virtualNetworks/vnet69491ef1/subnets/subnete670feb0","ignoreMissingVnetServiceEndpoint":false}}
    debug: AzureRM Response for <https://management.azure.com/subscriptions/7e01b735-d940-4f45-953c-08f86d80d43f/resourceGroups/RD-FoundationalServices-rg/providers/Microsoft.DBforPostgreSQL/servers/ground-control-db-server/databases/ground-control-db-db?api-version=2017-12-01>: 
    debug: HTTP/2.0 404 Not Found
    debug: Content-Length: 174
    debug: Cache-Control: no-cache
    debug: Content-Type: application/json; charset=utf-8
    debug: Date: Wed, 01 Jul 2020 13:02:47 GMT
    debug: Expires: -1
    debug: Pragma: no-cache
    debug: Server: Microsoft-HTTPAPI/2.0
    debug: Strict-Transport-Security: max-age=31536000; includeSubDomains
    debug: X-Content-Type-Options: nosniff
    debug: X-Ms-Correlation-Request-Id: 5bb8b477-6f25-07fd-108a-8d533ced3220
    debug: X-Ms-Ratelimit-Remaining-Subscription-Reads: 11999
    debug: X-Ms-Request-Id: 5bb596cb-d91b-436d-a207-b550c44633d3
    debug: X-Ms-Routing-Request-Id: NORTHCENTRALUS:20200701T130247Z:5411e506-9c57-479f-a410-ccf35d76f798
    debug: 
    debug: {"error":{"code":"ResourceNotFound","message":"The requested resource of type 'Microsoft.DBforPostgreSQL/servers/databases' with name 'ground-control-db-db' was not found."}}
Getting 404's on the DB
g

gentle-diamond-70147

07/01/2020, 6:05 PM
Ah... I think you need this:
Copy code
const pgProvider = new pgsql.Provider(serverName,{
        username: pulumi.interpolate`${server.administratorLogin}@${serverName}`,
        password: server.administratorLoginPassword,
        host: server.fqdn,
    });
Note the
pulumi.interpolate
for the username.
The reason for that is the
server.administratorLogin
is an output from your
server
and therefore must be manipulated using
interpolate
(or one of the other methods such as
apply
), because it's effectively a "future" value that isn't known until the server is created.
e

enough-kite-69616

07/01/2020, 6:16 PM
I added that and I'm still getting this:
Copy code
postgresql:index:Role (ground-control-role):
    error: Error initializing PostgreSQL client: error detecting capabilities: error PostgreSQL version: pq: no pg_hba.conf entry for host "72.230.231.134", user "psqladmin", database "postgres", SSL on
g

gentle-diamond-70147

07/01/2020, 7:30 PM
This is a tricky one... I think you need to create a FirewallRule too (https://www.pulumi.com/docs/reference/pkg/azure/postgresql/firewallrule/) for the Pulumi client to be able to connect.
e

enough-kite-69616

07/02/2020, 2:08 PM
Any examples of doing this? Seems like something you should document and maybe do automatically when creating a PostgreSQL server on Azure
For reference, I'm creating an AKS cluster and need those nodes to be able to get to Postgres
g

gentle-diamond-70147

07/02/2020, 3:16 PM
e

enough-kite-69616

07/02/2020, 6:12 PM
I got that far, but I don't know how to get IPs from my AKS. Any ideas?
Also, I guess I need to add my machine's IP if I'm running this script from home?
Anyone have ideas on how to get the IPs for AKS nodes to set up firewall rules?
b

billowy-army-68599

07/06/2020, 2:05 PM
@enough-kite-69616 it depends how you defined your cluster. by default, it gets node ips from the default azure virtual network
I would look up the virtual network: https://www.pulumi.com/docs/reference/pkg/azure/network/virtualnetwork/#look-up and them create a firewall rule that encompasses the whole range
e

enough-kite-69616

07/06/2020, 2:31 PM
Is there a good way to go from the virtual network
addressSpaces
to start and end IPs?
b

billowy-army-68599

07/06/2020, 2:39 PM
there's a few js libraries out there that'll help https://www.npmjs.com/package/ip-cidr but you might consider a virtualnetwork rule instead: https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/azure/postgresql/#VirtualNetworkRule
e

enough-kite-69616

07/06/2020, 3:41 PM
Ah, gotcha... But I'm still getting that error, and I think it's because I don't have a rule for my local machine to be able to make calls to the PGSQL database. Is there a way to set up a temporary firewall rule for my local box and have it torn down at the end?
b

billowy-army-68599

07/06/2020, 3:45 PM
this is more of a networking problem I think. can you connect to the pgsql box via the command line? what about using netcat? does it have a public address?
e

enough-kite-69616

07/06/2020, 3:49 PM
I'm creating it using Pulumi and trying to set up a role and schema during build time. It doesn't exist prior to that.
b

billowy-army-68599

07/06/2020, 4:10 PM
Is it inside an azure virtual network? Are you assigning a public ip? I’m wondering if it’s routeable
e

enough-kite-69616

07/06/2020, 4:25 PM
The server is not in a virtual network, I don't think. Here's my code:
Copy code
export function buildPostgres(name: string, resourceGroup: ResourceGroup, subnet: Subnet): DbValues {

    const adminPassword = new random.RandomPassword(name + "-admin-password", {length: 12, special: false}).result;

    let serverName = name + '-server';
    const server = new azure.postgresql.Server(serverName, {
        name: serverName,
        location: resourceGroup.location,
        resourceGroupName: resourceGroup.name,
        administratorLogin: "psqladmin",
        administratorLoginPassword: adminPassword,
        skuName: "GP_Gen5_4",
        version: "10",
        sslEnforcement: `Enabled`,
        storageProfile: {
            storageMb: 5120,
            backupRetentionDays: 7,
            autoGrow: 'Enabled',
        },
        tags: {
            "project": "mercury"
        }
    });

    let vnRuleName = name + "-VNRule";
    const virtualNetworkRule = new azure.postgresql.VirtualNetworkRule(vnRuleName, {
        name: vnRuleName,
        resourceGroupName: resourceGroup.name,
        serverName: server.name,
        subnetId: subnet.id,
        ignoreMissingVnetServiceEndpoint: true
    });

    let dbName = name + '-db';
    const db = new azure.postgresql.Database(dbName,{
        name: dbName,
        resourceGroupName: resourceGroup.name,
        serverName: server.name,
        charset: 'UTF8',
        collation: 'en-US'
    }, {
        dependsOn: server
    });

    let pgProviderUsername = pulumi.interpolate `${server.administratorLogin}@${serverName}`;

    const pgProvider = new pgsql.Provider(serverName,{
        username: pgProviderUsername,
        password: server.administratorLoginPassword,
        host: server.fqdn,
        sslmode: 'require'
    },
        {
            dependsOn: [server, db, virtualNetworkRule]
        });

    pulumi.all([pgProviderUsername, server.fqdn]).apply(all => {
        console.log("pg provider username = " + all[0]);
        console.log("pg provider fqdn = " + all[1]);
    });

    const userPassword = new random.RandomPassword(name + "-password", {length: 12, special: false}).result;

    const role = new pgsql.Role(name + '-role', {login: true, password: userPassword}, {dependsOn: server, provider: pgProvider});
    const schema = new pgsql.Schema(name + '-schema' , {
        owner: role.name,
        policies: [
            {
                role: role.name,
                usage: true,
                create: true
            }
        ],
    },
        {dependsOn: [server, role, virtualNetworkRule], provider: pgProvider});

    return { adminPassword , server, db, role, userPassword, schema };
}
b

billowy-army-68599

07/06/2020, 4:32 PM
subnetId: subnet.id
What does this compute to? Can you look and see what the ip address of the created database is? The postgres provider needs the created instance to be routeable from where the provider is being run. I'm not sure how this works in Azure, but usually the DB will be created on a private network (otherwise it'll be accessible from the world). I'm trying to determine if that's the issue, or it's something else
e

enough-kite-69616

07/06/2020, 4:57 PM
I'm just experimenting right now. This is part of attempt to set up AKS and Postgres then deploy a Helm chart and configure it with the Postgres address. By the provider, do you mean where I'm running Pulumi? It's running on my local box. I didn't see any options for giving the Postgres server a public IP. How should I test to answer your question?
b

billowy-army-68599

07/06/2020, 5:11 PM
run pulumi from an instance in azure, i'm fairly sure it'll work if you do that. generally you need a bastion server if you're running locally
b

breezy-cricket-40277

07/31/2020, 1:50 PM
Were you able to get the node ips? I’m experiencing the same problem
10 Views