Hi I’m importing a resource but it’s failing. I’m not sure what the issue is. Can someone point me how to fix this error.
I tried by setting sslmode = "require", got the same error.
my ssl is on in database and force.ssl is off
Terraform v0.12.20
provider.aws v2.58.0
provider.postgresql v1.5.0
Your version of Terraform is out of date! The latest version
My module:
locals.tf:
pgauth_dbs = var.env == "prod" ? var.prod_dbs : var.stage_dbs
variables.tf
variable "stage_dbs" {
type = list(string)
default = ["host_configs", "staging", "staging_preview"]
}
Provider
provider "postgresql" {
version = ">1.4.0"
alias = "pg1"
host = aws_db_instance.name.address
port = aws_db_instance.name.port
username = var.username
password = var.master_password
expected_version = aws_db_instance.name.engine_version
sslmode = "disable"
connect_timeout = 15
}
module:
resource "postgresql_database" "pgauth_dbs" {
provider = postgresql.pg1
for_each = toset(local.pgauth_dbs)
name = each.value
owner = "postgres"
}
Root-Module:
module rds {
source = ../../../../tf_module_rds
username = "postgres"
master_password = data.aws_kms_secrets.secrets_password.plaintext["password"]
engine_version = "11.5"
instance_class = "db.m5.xlarge"
allocated_storage = "300"
storage_type = "gp2"
}
terraform import module.rds.postgresql_database.name_dbs[“host_configs”] host_configs
module.rds.postgresql_database.name_dbs[“host_configs”]: Importing from ID “host_configs”…
module.rds.postgresql_database.name_dbs[“host_configs”]: Import prepared!
Prepared postgresql_database for import
module.rds.postgresql_database.name_dbs[\“host_configs”\]: Refreshing state… [id=host_configs]
Error: could not start transaction: pq: no PostgreSQL user name specified in startup packet
Provider should point to instance's username and not variable
provider "postgresql" {
version = ">1.4.0"
alias = "pg1"
host = aws_db_instance.name.address
port = aws_db_instance.name.port
username = aws_db_instance.name.username
password = aws_db_instance.name.password
database = aws_db_instance.name.name
expected_version = aws_db_instance.name.engine_version
sslmode = "disable"
connect_timeout = 15
}
Related
I am trying to create a docker/posgresql infrastrucure with terraform:
I used the examples in the terraform_postgres_provider
+--modules
| +--docker
| +--main.tf
| +--postgres
| +--main.tf
+--root.tf
this is the code for moduels/docker/main.tf
variable "name" {
default = "postgres"
}
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "2.19.0"
}
}
}
provider "docker" {
host = "unix:///var/run/docker.sock"
}
resource "docker_image" "postgres" {
name = "postgres:latest"
}
resource "docker_container" "postgres" {
image = "${docker_image.postgres.latest}"
name = "${var.name}"
restart = "always"
hostname = "${var.name}"
env=[ "host=localhost","port=5432","POSTGRES_USER=postgres","POSTGRES_PASSWORD:123456"]
ports {
internal = "5432"
external = "5432"
}
}
this is the code for moduels/postgres/main.tf
variable "name" {
default = "postgres"
}
terraform {
required_providers {
postgresql = {
source = "cyrilgdn/postgresql"
version = "1.16.0"
}
}
}
provider "postgresql" {
alias = "pg1"
# host = "${var.name}" // will not work because 'postgres' is only resolved within the docker dns
host = "localhost"
port = 5432
username = "postgres"
password = "123456"
sslmode = "disable"
connect_timeout = 15
}
resource "postgresql_database" "mutualfunds" {
provider = postgresql.pg1
name = "mutualfunds"
}
this is the code for root.tf
module "docker" {
source = "./modules/docker"
name = "postgres"
}
module "postgres" {
source = "./modules/postgres"
name = "postgres"
}
I got the error mentioned in the title above.
in docker the container log shows this error:
connections without a password. This is *not* recommended.
See PostgreSQL documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD to a non-empty value for the
superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
connections without a password. This is *not* recommended.
I'm trying to provision the postgres in the aws also create the database and roles sequentially using the terraform.
But getting the below exception and i could not able to create the role/db.
terraform {
required_providers {
# postgresql = {
# source = "cyrilgdn/postgresql"
# version = "1.15.0"
# }
postgresql = {
source = "terraform-providers/postgresql"
version = ">=1.7.2"
}
helm = {
source = "hashicorp/helm"
version = "2.4.1"
}
aws = {
source = "hashicorp/aws"
version = "4.0.0"
}
}
}
resource "aws_db_instance" "database" {
identifier = "dev-test"
allocated_storage = 100
storage_type = "gp2"
engine = "postgres"
engine_version = "13.4"
port = 5432
instance_class = "db.t3.micro"
username = "postgres"
performance_insights_enabled = true
password = "postgres$123"
db_subnet_group_name = "some_name"
vpc_security_group_ids = ["sg_name"]
parameter_group_name = "default.postgres13"
publicly_accessible = true
delete_automated_backups = false
storage_encrypted = true
tags = {
Name = "dev-test"
}
skip_final_snapshot = true
}
#To create the "raw" database
provider "postgresql" {
version = ">=1.4.0"
database = "raw"
host = aws_db_instance.database.address
port = aws_db_instance.database.port
username = aws_db_instance.database.username
password = aws_db_instance.database.password
sslmode = "require"
connect_timeout = 15
superuser = false
expected_version = aws_db_instance.database.engine_version
}
#creation of the role
resource "postgresql_role" "application_role" {
provider = postgresql
name = "test"
login = true
password = "test$123"
encrypted_password = true
create_database = false
depends_on = [aws_db_instance.database]
}
Error -
Error: dial tcp 18.221.183.66:5432: i/o timeout
│
│ with postgresql_role.application_role,
│ on main.tf line 79, in resource "postgresql_role" "application_role":
│ 79: resource "postgresql_role" "application_role" {
│
╵
I noticed few people are saying to include the expected_version attribute in the latest version should work.
Although including the expected version attribute still the issue persist.
I need to provision the postgres in the aws, create the db and roles.
What could be issue with my script ?
As per documentation [1], you are missing the scheme in the postgresql provider:
provider "postgresql" {
scheme = "awspostgres"
database = "raw"
host = aws_db_instance.database.address
port = aws_db_instance.database.port
username = aws_db_instance.database.username
password = aws_db_instance.database.password
sslmode = "require"
connect_timeout = 15
superuser = false
expected_version = aws_db_instance.database.engine_version
}
Additionally, I am not sure if you can use database = raw or it has to be database = "postgres", which is the default value so it does not have to be specified.
One other note: I do not think you need to specify the provider block in every resource. You just define it once in the required_providers block (like you did for aws provider) and then anything related to that provider will assume using the provider defined. In other words, you should remove the version = ">=1.4.0" from the provider "postgres" and provider = postgresql from the resource "postgresql_role" "application_role" and the code should still work.
[1] https://registry.terraform.io/providers/cyrilgdn/postgresql/latest/docs#aws
I have a somewhat basic understanding of Cloud Architecture and thought I would try to spin up a PostgreSQL DB in Terraform. I am using Secret Manager to store credentials...
resource "random_password" "password" {
length = 16
special = true
override_special = "_%#"
}
resource "aws_secretsmanager_secret" "secret" {
name = "admin"
description = "Database admin user password"
}
resource "aws_secretsmanager_secret_version" "version" {
secret_id = aws_secretsmanager_secret.secret.id
secret_string = <<EOF
{
"username": "db_user",
"password": "${random_password.password.result}"
}
EOF
}
locals {
db_credentials = jsondecode(data.aws_secretsmanager_secret_version.credentials.secret_string)
}
And an AuoraDB instance which should be publically accessible with the following code
resource "aws_rds_cluster" "cluster-demo" {
cluster_identifier = "aurora-cluster-demo"
database_name = "test_db"
master_username = local.db_credentials["username"]
master_password = local.db_credentials["password"]
port = 5432
engine = "aurora-postgresql"
engine_version = "12.7"
apply_immediately = true
skip_final_snapshot = "true"
}
// child instances inherit the same config
resource "aws_rds_cluster_instance" "cluster_instance" {
identifier = "aurora-cluster-demo-instance"
cluster_identifier = aws_rds_cluster.cluster-demo.id
engine = aws_rds_cluster.cluster-demo.engine
engine_version = aws_rds_cluster.cluster-demo.engine_version
instance_class = "db.r4.large"
publicly_accessible = true # Remove
}
When I terraform apply this, everything gets created as expected, but when I run psql -h <ENDPOINT_TO_CLUSTER> I get prompted to enter the password for admin. Going to the secrets portal copying the password and entering yields:
FATAL: password authentication failed for user "admin"
Similarily, if I try:
psql --username=db_user --host=<ENDPOINT_TO_CLUSTER> --port=5432
I am prompted as expected, to enter the password for db_user, which yields:
psql: FATAL: database "db_user" does not exist
Edit 1
secrets.tf
resource "random_password" "password" {
length = 16
special = true
override_special = "_%#"
}
resource "aws_secretsmanager_secret" "secret" {
name = "admin"
description = "Database admin user password"
}
resource "aws_secretsmanager_secret_version" "version" {
secret_id = aws_secretsmanager_secret.secret.id
secret_string = <<EOF
{
"username": "db_user",
"password": "${random_password.password.result}"
}
EOF
}
database.tf
resource "aws_rds_cluster" "cluster-demo" {
cluster_identifier = "aurora-cluster-demo"
database_name = "test_db"
master_username = "db_user"
master_password = random_password.password.result
port = 5432
engine = "aurora-postgresql"
engine_version = "12.7"
apply_immediately = true
skip_final_snapshot = "true"
}
// child instances inherit the same config
resource "aws_rds_cluster_instance" "cluster_instance" {
identifier = "aurora-cluster-demo-instance"
cluster_identifier = aws_rds_cluster.cluster-demo.id
engine = aws_rds_cluster.cluster-demo.engine
engine_version = aws_rds_cluster.cluster-demo.engine_version
instance_class = "db.r4.large"
publicly_accessible = true # Remove
}
output "db_user" {
value = aws_rds_cluster.cluster-demo.master_username
}
You're doing a data lookup named data.aws_secretsmanager_secret_version.credentials but you don't show the Terraform code for that. Terraform is going to do that lookup before it updates the aws_secretsmanager_secret_version. So the username and password it is configuring the DB with is going to be pulled from the previous version of the secret, not the new version you are creating when you run apply.
You should never have both a data and a resource in your Terraform that refer to the same thing. Always use the resource if you have it, and only use data for things that aren't being managed by Terraform.
Since you have the resource itself available in your Terraform code (and also the random_password resource), you shouldn't be using a data lookup at all. If you pull the value from one of the resources, then Terraform will handle the order of creation/updates correctly.
For example:
locals {
db_credentials = jsondecode(aws_secretsmanager_secret_version.version.secret_string)
}
resource "aws_rds_cluster" "cluster-demo" {
master_username = local.db_credentials["username"]
master_password = local.db_credentials["password"]
Or just simplify it and get rid of the jsondecode step:
resource "aws_rds_cluster" "cluster-demo" {
master_username = "db_user"
master_password = random_password.password.result
I also suggest adding a few Terraform outputs to help you diagnose this type of issue. The following will let you see exactly what username and password Terraform applied to the database:
output "db_user" {
value = aws_rds_cluster.cluster-demo.master_username
}
output "db_password" {
value = aws_rds_cluster.cluster-demo.master_password
sensitive = true
}
I am trying to create a PostgreSQL RDS instance using Terraform.
Here is how my configuration looks:
resource "aws_db_subnet_group" "postgres" {
name = "postgres-subnets"
subnet_ids = ["mysub1","mysub2"]
}
resource "aws_db_instance" "myrds" {
engine = "postgresql"
engine_version = "12.4"
instance_class = "db.t2.micro"
identifier = "myrds"
username = "myuser"
password = "*******"
allocated_storage = 10
storage_type = "gp2"
db_subnet_group_name = "${aws_db_subnet_group.postgres.id}"
}
It fails with following error:
Error: Error creating DB Instance: InvalidParameterValue: Invalid DB engine
Terraform documentation needs to add the engine names which are supported:
engine = "postgresql" is incorrect. Supported value is "postgres"
I am trying to create a database in the created postgres RDS in AWS with postgresql provider. The terraform script i have created is as following:
resource "aws_db_instance" "test_rds" {
allocated_storage = "" # gigabytes
backup_retention_period = 7 # in days
engine = ""
engine_version = ""
identifier = ""
instance_class = ""
multi_az = ""
name = ""
username = ""
password = ""
port = ""
publicly_accessible = "false"
storage_encrypted = "false"
storage_type = ""
vpc_security_group_ids = ["${aws_security_group.test_sg.id}"]
db_subnet_group_name = "${aws_db_subnet_group.rds_subnet_group.name}"
}
The postgresql provider is as following:
# Create databases in rds
provider "postgresql" {
alias = "alias"
host = "${aws_db_instance.test_rds.address}"
port = 5432
username =
password =
database =
sslmode = "disable"
}
# Create user in rds
resource "postgresql_role" "test_role" {
name =
replication = true
login = true
password =
}
# Create database rds
resource "postgresql_database" "test_db" {
name = testdb
owner = "${postgresql_role.test_role.name}"
lc_collate = "C"
allow_connections = true
provider = "postgresql.alias"
}
Anyway i keep retrieving
Error: Error initializing PostgreSQL client: error detecting capabilities: error PostgreSQL version: pq: SSL is not enabled on the server
Note: the empty fields are already filled and the RDS is successfully created, the problem rises when trying to create the database in the rds with the postgresql provider.
We ran into this issue as well, and the problem was that the password was not defined. It seems that we will get the SSL is not enabled error when it has problems connecting. We also had the same problem when the db host name was missing. You will need to make sure you define all of the fields needed to connect in Terraform (probably database and username too).
Ensuring there was a password set for the postgres user and disabled sslmode, did it for me
sslmode = "disable"