Using the quick start guide for azure, with pretty much the default config, we have spun up a postgres db, the load balancer and the vm scale set. However we are getting an SSL connection is required from the vm when connecting to the database and I cannot find the option in the terraform to tell the vm to use SSL when connecting to the postgres.
Help would be appreciated.
Hi @Chris18 could you share where exactly you are seeing this error? We have developed these modules very recently with these settings enforced from the get go (enforced SSL) and not seen any connection issues like what you have described!
Is there anything custom about the subscription you are working in that could be at play?
Hi @josh, I am seeing this error in the iglu vm scale set when its trying to connect to the iglu postgres.
Like I said we have kept the iglu setup almost at its default besides a password and secret change really but I will give a copy of our terraform tfvars below.
I see there is a SSL config section but according to the docs this is for the load balancer not the vm connecting to the postgres and if I look at the main.tf this looks to be true.
# Will be prefixed to all resource names
# Use this to easily identify the resources created and provide entropy for subsequent environments
prefix = "snowplow"
# The name of the resource group to deploy Iglu into
resource_group_name = "snowplow-rg"
# ID of the dedicated subnet to deploy the load balancer into
subnet_id_lb = "azure subnet for lb"
# ID of the subnet to deploy the actual Iglu Server application into
subnet_id_servers = "azure subnet for server"
# Update this to _your_ IP Address
ssh_ip_allowlist = ["Our IP"]
# Generate a new SSH key locally with `ssh-keygen`
# ssh-keygen -t rsa -b 4096
ssh_public_key = "Our key"
# Iglu Server settings
iglu_db_name = "iglu"
iglu_db_username = "iglu"
# Change and keep this secret!
iglu_db_password = "Our Password"
# Used for API actions on the Iglu Server
# Change this to a new UUID and keep it secret!
iglu_super_api_key = "Our secret"
# NOTE: To push schemas to your Iglu Server, you can use igluctl
# See the docs: https://docs.snowplow.io/docs/understanding-tracking-design/managing-your-data-structures/iglu/
# Telemetry principles: https://docs.snowplow.io/docs/getting-started-on-snowplow-open-source/telemetry/
user_provided_id = ""
telemetry_enabled = true
# SSL Configuration (optional)
ssl_information = {
password = ""
data = ""
enabled = false
}
# Extra Tags to append to created resources (optional)
tags = {}
Last quick check before I go and spin this up myself to verify if anything has changed in Azure - did you use the correct subnet_id for the servers specifically for Iglu?
I just confirmed now, it does definitely look correct.
Hi @Chris18 I have just launched a fresh Iglu Server deployment from quick-start and it has all booted up just fine - where are you seeing the SSL error exactly?
Thats interesting, I am seeing it in the docker logs of the snowplow-iglu-server Virtual machine scale set instance.
Could you share those logs?
Sure, its pretty much the following logs repeated the entire log file.
org.postgresql.util.PSQLException: FATAL: no pg_hba.conf entry for host "4.221.169.131", user "iglu", database "iglu", SSL on
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:659)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:180)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:235)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:247)
at org.postgresql.Driver.makeConnection(Driver.java:434)
at org.postgresql.Driver.connect(Driver.java:291)
at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:138)
at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:364)
at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:206)
at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:476)
at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:561)
at com.zaxxer.hikari.pool.HikariPool.<init>(HikariPool.java:115)
at com.zaxxer.hikari.HikariDataSource.getConnection(HikariDataSource.java:112)
at doobie.util.transactor$Transactor$fromDataSource$FromDataSourceUnapplied.$anonfun$apply$14(transactor.scala:294)
at evalOn @ doobie.util.transactor$Transactor$fromDataSource$FromDataSourceUnapplied.$anonfun$apply$13(transactor.scala:294)
at make @ com.snowplowanalytics.iglu.server.Server$.createThreadPool(Server.scala:162)
at make @ com.snowplowanalytics.iglu.server.Server$.createThreadPool(Server.scala:162)
at use @ doobie.util.transactor$Transactor$$anon$4.apply(transactor.scala:166)
at as @ com.snowplowanalytics.iglu.server.storage.Postgres.ping(Postgres.scala:113)
at ifM$extension @ org.typelevel.log4cats.slf4j.internal.Slf4jLoggerInternal$Slf4jLogger.info(Slf4jLoggerInternal.scala:90)
at uncancelable @ org.http4s.client.ConnectionManager$.pool(ConnectionManager.scala:83)
at as @ com.snowplowanalytics.iglu.server.storage.Postgres.ping(Postgres.scala:113)
at eval @ com.snowplowanalytics.iglu.server.Server$.buildServer(Server.scala:174)
at map @ fs2.internal.CompileScope.interruptibleEval(CompileScope.scala:413)
at flatMap @ fs2.internal.FreeC$.go$1(Algebra.scala:503)
at flatMap @ fs2.internal.FreeC$.$anonfun$compile$7(Algebra.scala:463)
at flatMap @ fs2.internal.FreeC$.go$1(Algebra.scala:460)
at flatMap @ fs2.internal.FreeC$.$anonfun$compile$7(Algebra.scala:463)
at flatMap @ fs2.internal.FreeC$.go$1(Algebra.scala:460)
Suppressed: org.postgresql.util.PSQLException: FATAL: SSL connection is required. Please specify SSL options and retry.
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:659)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:180)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:244)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:247)
at org.postgresql.Driver.makeConnection(Driver.java:434)
at org.postgresql.Driver.connect(Driver.java:291)
at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:138)
at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:364)
at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:206)
at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:476)
at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:561)
at com.zaxxer.hikari.pool.HikariPool.<init>(HikariPool.java:115)
at com.zaxxer.hikari.HikariDataSource.getConnection(HikariDataSource.java:112)
at doobie.util.transactor$Transactor$fromDataSource$FromDataSourceUnapplied.$anonfun$apply$14(transactor.scala:294)
at cats.effect.internals.IORunLoop$.cats$effect$internals$IORunLoop$$loop(IORunLoop.scala:104)
at cats.effect.internals.IORunLoop$.restartCancelable(IORunLoop.scala:51)
at cats.effect.internals.IOBracket$BracketStart.run(IOBracket.scala:100)
at cats.effect.internals.Trampoline.cats$effect$internals$Trampoline$$immediateLoop(Trampoline.scala:67)
at cats.effect.internals.Trampoline.startLoop(Trampoline.scala:35)
at cats.effect.internals.TrampolineEC$JVMTrampoline.super$startLoop(TrampolineEC.scala:90)
at cats.effect.internals.TrampolineEC$JVMTrampoline.$anonfun$startLoop$1(TrampolineEC.scala:90)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
at cats.effect.internals.TrampolineEC$JVMTrampoline.startLoop(TrampolineEC.scala:90)
at cats.effect.internals.Trampoline.execute(Trampoline.scala:43)
at cats.effect.internals.TrampolineEC.execute(TrampolineEC.scala:42)
at cats.effect.internals.IOBracket$BracketStart.apply(IOBracket.scala:80)
at cats.effect.internals.IOBracket$BracketStart.apply(IOBracket.scala:58)
at cats.effect.internals.IORunLoop$.cats$effect$internals$IORunLoop$$loop(IORunLoop.scala:183)
at cats.effect.internals.IORunLoop$RestartCallback.signal(IORunLoop.scala:463)
at cats.effect.internals.IORunLoop$RestartCallback.apply(IORunLoop.scala:484)
at cats.effect.internals.IORunLoop$RestartCallback.apply(IORunLoop.scala:422)
at cats.effect.internals.IOShift$Tick.run(IOShift.scala:36)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
org.postgresql.util.PSQLException: FATAL: no pg_hba.conf entry for host "4.221.169.131", user "iglu", database "iglu", SSL on
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:659)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:180)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:235)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:247)
at org.postgresql.Driver.makeConnection(Driver.java:434)
at org.postgresql.Driver.connect(Driver.java:291)
at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:138)
at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:364)
at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:206)
at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:476)
at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:561)
at com.zaxxer.hikari.pool.HikariPool.<init>(HikariPool.java:115)
at com.zaxxer.hikari.HikariDataSource.getConnection(HikariDataSource.java:112)
at doobie.util.transactor$Transactor$fromDataSource$FromDataSourceUnapplied.$anonfun$apply$14(transactor.scala:294)
at evalOn @ doobie.util.transactor$Transactor$fromDataSource$FromDataSourceUnapplied.$anonfun$apply$13(transactor.scala:294)
at make @ com.snowplowanalytics.iglu.server.Server$.createThreadPool(Server.scala:162)
at make @ com.snowplowanalytics.iglu.server.Server$.createThreadPool(Server.scala:162)
at use @ doobie.util.transactor$Transactor$$anon$4.apply(transactor.scala:166)
at as @ com.snowplowanalytics.iglu.server.storage.Postgres.ping(Postgres.scala:113)
at ifM$extension @ org.typelevel.log4cats.slf4j.internal.Slf4jLoggerInternal$Slf4jLogger.info(Slf4jLoggerInternal.scala:90)
at uncancelable @ org.http4s.client.ConnectionManager$.pool(ConnectionManager.scala:83)
at as @ com.snowplowanalytics.iglu.server.storage.Postgres.ping(Postgres.scala:113)
at eval @ com.snowplowanalytics.iglu.server.Server$.buildServer(Server.scala:174)
at map @ fs2.internal.CompileScope.interruptibleEval(CompileScope.scala:413)
at flatMap @ fs2.internal.FreeC$.go$1(Algebra.scala:503)
at flatMap @ fs2.internal.FreeC$.$anonfun$compile$7(Algebra.scala:463)
at flatMap @ fs2.internal.FreeC$.go$1(Algebra.scala:460)
at flatMap @ fs2.internal.FreeC$.$anonfun$compile$7(Algebra.scala:463)
at flatMap @ fs2.internal.FreeC$.go$1(Algebra.scala:460)
Suppressed: org.postgresql.util.PSQLException: FATAL: SSL connection is required. Please specify SSL options and retry.
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:659)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:180)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:244)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:247)
at org.postgresql.Driver.makeConnection(Driver.java:434)
at org.postgresql.Driver.connect(Driver.java:291)
at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:138)
at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:364)
at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:206)
at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:476)
at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:561)
at com.zaxxer.hikari.pool.HikariPool.<init>(HikariPool.java:115)
at com.zaxxer.hikari.HikariDataSource.getConnection(HikariDataSource.java:112)
at doobie.util.transactor$Transactor$fromDataSource$FromDataSourceUnapplied.$anonfun$apply$14(transactor.scala:294)
at cats.effect.internals.IORunLoop$.cats$effect$internals$IORunLoop$$loop(IORunLoop.scala:104)
at cats.effect.internals.IORunLoop$.restartCancelable(IORunLoop.scala:51)
at cats.effect.internals.IOBracket$BracketStart.run(IOBracket.scala:100)
at cats.effect.internals.Trampoline.cats$effect$internals$Trampoline$$immediateLoop(Trampoline.scala:67)
at cats.effect.internals.Trampoline.startLoop(Trampoline.scala:35)
at cats.effect.internals.TrampolineEC$JVMTrampoline.super$startLoop(TrampolineEC.scala:90)
at cats.effect.internals.TrampolineEC$JVMTrampoline.$anonfun$startLoop$1(TrampolineEC.scala:90)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
at cats.effect.internals.TrampolineEC$JVMTrampoline.startLoop(TrampolineEC.scala:90)
at cats.effect.internals.Trampoline.execute(Trampoline.scala:43)
at cats.effect.internals.TrampolineEC.execute(TrampolineEC.scala:42)
at cats.effect.internals.IOBracket$BracketStart.apply(IOBracket.scala:80)
at cats.effect.internals.IOBracket$BracketStart.apply(IOBracket.scala:58)
at cats.effect.internals.IORunLoop$.cats$effect$internals$IORunLoop$$loop(IORunLoop.scala:183)
at cats.effect.internals.IORunLoop$RestartCallback.signal(IORunLoop.scala:463)
at cats.effect.internals.IORunLoop$RestartCallback.apply(IORunLoop.scala:484)
at cats.effect.internals.IORunLoop$RestartCallback.apply(IORunLoop.scala:422)
at cats.effect.internals.IOShift$Tick.run(IOShift.scala:36)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
NOTE: Picked up JDK_JAVA_OPTIONS: -XX:InitialRAMPercentage=75 -XX:MaxRAMPercentage=75
org.postgresql.util.PSQLException: FATAL: no pg_hba.conf entry for host "4.221.169.131", user "iglu", database "iglu", SSL on
So that tells me that the VM cannot access the deployed Postgres instance at all - its a weird error message but that’s almost always what it means. The reason I asked about which subnet_id you had used is that we have to setup a specific pathway in that subnet to allow for this connection to take place:
But if you have confirmed you are using the iglu1 subnet then I am not entirely sure why it would not be able to connect to the deployed instance.
Have you already tried destroying + redeploying?
I have not tried destroying and re-applying. I can try that now but would that not the pipeline config?
Hi @josh, I did re-apply the iglu terraform but the issue turned out to be the fact that we had switched the subnet_id’s around.
Thanks for all your help!
Glad it was the subnets! I was wracking my brain trying to figure out what else could have gone wrong - hope the rest is smoother sailing!