Issue deploying temporal pod with abctl

slack-user-airbyte · October 3, 2024, 6:13am

Summary

The user is facing an issue deploying the temporal pod with abctl due to SSL not being enabled on the server for the SQL database. The error message indicates a compatibility check failure related to SSL.

Question

Hello
I am currently using Airbyte with docker-compose on GCP Compute Engine VM, with Airbyte version 0.63.20 (displayed as 0.63.13 in Airbyte UI), using an external database on GCP Cloud SQL PostgreSQL in PG version 13, reached via the Cloud SQL Proxy.

I would like to migrate to abctl and run below commands:

abctl local install --values=values.yaml --secret=secrets.yaml --chart-version=1.0.0 ```
but it fails on deploying `temporal` pod with below extract warning message:
```2024-10-02T10:40:41.358Z      ERROR   Unable to create SQL database.  {"error": "unable to connect to DB, tried default DB names: postgres,defaultdb, errors: [pq: SSL is not enabled on the server pq: SSL is not enabled on the server]", "logging-call-at": "handler.go:94"}
2024/10/02 10:40:41 Loading config; env=docker,zone=,configDir=config
2024/10/02 10:40:41 Loading config files=[config/docker.yaml]
...
{"level":"warn","ts":"2024-10-02T10:40:41.388Z","msg":"Not using any authorizer and flag `--allow-no-auth` not detected. Future versions will require using the flag `--allow-no-auth` if you do not want to set an authorizer.","logging-call-at":"main.go:178"}
...
[Fx] RUN      provide: go.temporal.io/server/temporal.ServerOptionsProvider()
          [Fx] Error returned: received non-nil error from function "go.temporal.io/server/temporal".ServerOptionsProvider
                /home/builder/temporal/temporal/fx.go:180:
          sql schema version compatibility check failed: pq: SSL is not enabled on the server
          [Fx] ERROR            Failed to initialize custom logger: could not build arguments for function "go.uber.org/fx".(*module).constructCustomLogger.func2
                /go/pkg/mod/go.uber.org/fx@v1.20.0/module.go:251:
          failed to build fxevent.Logger:
          could not build arguments for function "go.temporal.io/server/temporal".init.func8
                /home/builder/temporal/temporal/fx.go:1029:
          failed to build log.Logger:
          received non-nil error from function "go.temporal.io/server/temporal".ServerOptionsProvider
                /home/builder/temporal/temporal/fx.go:180:
          sql schema version compatibility check failed: pq: SSL is not enabled on the server
          Unable to create server. Error: could not build arguments for function "go.uber.org/fx".(*module).constructCustomLogger.func2 (/go/pkg/mod/go.uber.org/fx@v1.20.0/module.go:251): failed to build fxevent.Logger: could not build arguments for function "go.temporal.io/server/temporal".init.func8 (/home/builder/temporal/temporal/fx.go:1029): failed to build log.Logger: received non-nil error from function "go.temporal.io/server/temporal".ServerOptionsProvider (/home/builder/temporal/temporal/fx.go:180): sql schema version compatibility check failed: pq: SSL is not enabled on the server.```
Do you have any idea how to solve it ? :pray:
Thanks a lot :slightly_smiling_face:

<br>

---

This topic has been created from a Slack thread to give it more visibility.
It will be on Read-Only mode here. [Click here](https://airbytehq.slack.com/archives/C021JANJ6TY/p1727866852503529) if you want 
to access the original thread.

[Join the conversation on Slack](https://slack.airbyte.com)

<sub>
["abctl", "temporal-pod", "ssl", "sql-database", "cloud-sql-proxy"]
</sub>

slack-user-airbyte · October 3, 2024, 6:21am

values.yaml content:


postgresql:
  enabled: false

global:
  image:
    tag: "0.63.20"

  auth:
    enabled: false

  database:
    type: external

    # -- Secret name where database credentials are stored
    secretName: "airbyte-config-secrets" # e.g. "airbyte-config-secrets"

    # -- The database host
    host: "172.17.0.1"

    # -- The database port
    port: "5432"

    # -- The database name
    database: "airbyteabctl"

    # -- The database user
    userSecretKey: "database-user" # e.g. "database-user"

    # -- The key within `secretName` where password is stored
    passwordSecretKey: "database-password" # e.g."database-password"```

slack-user-airbyte · October 3, 2024, 6:21am

secrets.yaml content:

kind: Secret
metadata:
  name: airbyte-config-secrets
type: Opaque
stringData:
  # Database Secrets
  database-user: my-user
  database-password: my-password```

slack-user-airbyte · October 3, 2024, 6:21am

I already tried to apply the below command on the CloudSQL instance but with no success:
gcloud sql instances patch y-db-instance --require-ssl

slack-user-airbyte · October 3, 2024, 6:21am

https://cloud.google.com/sdk/gcloud/reference/sql/instances/patch
have you tried to set --ssl-mode as well?
after applying have you rebooted your database instance?

slack-user-airbyte · October 3, 2024, 6:21am

<@U05JENRCF7C> thanks for help!
--require-ssl implies --ssl-mode=TRUSTED_CLIENT_CERTIFICATE_REQUIRED
I tried again just to be sure:
gcloud sql instances patch my-db-instance --require-ssl --ssl-mode=TRUSTED_CLIENT_CERTIFICATE_REQUIRED
and observed conf is OK (cf screenshot)

just also restarted the DB instance, then restarted the Cloud SQL proxy, then relaunch:
abctl local install --values=values.yaml --secret=secrets.yaml --chart-version=1.0.0
and… same error

slack-user-airbyte · October 3, 2024, 6:21am

NB: manually, I am able to connect to the SQL Instance via the Cloud SQL Proxy from the VM:
psql "host=172.17.0.1 port=5432 dbname=airbyteabctl user=my-user@my-gcp-project.iam
→ returns:

Type "help" for help.

airbyteabctl=>```
and `SELECT` in any tables properly works

so the issue probably comes from the way `temporal` is trying to connect to the SQL Instance, which is already using SSL :thinking_face:

slack-user-airbyte · October 3, 2024, 6:21am

is it linked to this issue and then blocked for now ?
https://github.com/airbytehq/airbyte-platform/pull/361

slack-user-airbyte · October 3, 2024, 6:22am

it has worked a few minutes:

disabling SSL on my SQL instance
setting below conf in the values.yaml :

  tls:
    enabled: false```
but after relaunching the same command with NO change over any file:
```abctl local install --values=values.yaml --secret=secrets.yaml --chart-version=1.0.0```
.... it failed again with same SSL error :exploding_head:

slack-user-airbyte · October 4, 2024, 6:23am

Did you try and set the type to be internal?

slack-user-airbyte · October 16, 2024, 6:21am

with internal db it works
but I want an external DB which already exists (to migrate)

slack-user-airbyte · October 17, 2024, 6:21am

The wording of that flag is confusing, it just forces temporals db connection to be over TLS. It does not force you to use the postgres instance provided by the Helm Chart.

Topic		Replies	Views
Error Deploying Temporal Pod with abctl API, Terraform and Other Topics deploy , gcp , docker-compose , abctl , cloud-sql	0	39	January 7, 2025
Issue deploying Airbyte to Kubernetes with external Postgres and rds.force_ssl enabled Platform Questions kubernetes , platform , airbyte , question , external-postgres	0	53	June 20, 2024
Error deploying Airbyte 1.0.0 on Kubernetes with external Postgres Platform Questions kubernetes , platform , airbyte-platform , bug , external-postgres	0	41	October 4, 2024
Issue deploying Airbyte on Kubernetes cluster with Temporal pod unable to connect to external Postgres database Platform Questions platform , airbyte , bug , kubernetes-cluster , temporal-pod	5	119	May 14, 2024
[Kubernetes] Temporal deployment failling to connect with External Azure Postgres DB Platform, Deploy & Infra Issues kubernetes , deploy , azure , temporal , databases	6	1674	May 28, 2023

Issue deploying temporal pod with abctl

Summary

Question

Related topics