Open seaparks opened 7 years ago
seaparks
commented
7 years ago Update to this. What I wrote above actually doesn't work -- sslmode=require needs to be added to the URI entered at the time of installation. Failure to do that means changing it in the UI won't do anything.
laudares
commented
7 years ago Looks like our solution isn't a good fit after all:
seaparks
commented
7 years ago good eye. can you close this and instead write up a ticket in the agents repo (prefixed with 'csupport') that we have to detect heroku and add sslmode=require to the URL?
laudares
commented
7 years ago I'm not convinced this should be handled in the agents side. From etc/vc-vars.sh we have two points that requires further investigation:
if [[ -z "$DATABASE_URL" ]]; then
echo "Looks like the DATABASE_URL is not set. Run: heroku config:add DATABASE_URL=<your database url>."
exit 1
fiThe value for the variable DATABASE_URL from this agents-dedicated Dyno should be fetched from the application/database Dyno and updated (or checked for updates) constantly - otherwise our monitoring might broken suddenly if the customer's application is migrated to a different host by Heroku itself. I have the impression this is not being done.
Also, we have:
export VC_DRV_MANUAL_HOST_URI="$DATABASE_URL"This is probably a good place to test whether $DATABASE_URL includes 'sslmode=require' in its string and possibly append it as a suffix if not: export VC_DRV_MANUAL_HOST_URI="$DATABASE_URL?sslmode=require"
My proposed workaround for a customer ($ heroku config:set DATABASE_URL=postgres://user>:<password>@<host:
seaparks
commented
7 years ago Oh, whoops - you're right, we can just add it during the assignment to the VC metric.
We can't naively add ?sslmode=require but I'll leave that as an exercise for a developer smarter than me.
Heroku PostgreSQL requires
sslmode=require. We support this simply by flipping on SSL mode in the host credentials dialog and picking 'require', but the instructions here don't mention that.