PostgreSQL-HA: SSL connection problem

[ZuSe]

Which chart: postgresql-ha (pgpool 4.2.2-debian-10-r77)

Describe the bug The chart seems to have problems with terminating SSL connections. I configured the chart to use a self-signed ssl certificates (2048 key length)

Every second to third ssl-connections is throwing the following ERROR/WARNING, resulting in timeouts or connection exceptions.

2021-05-17 19:55:20: pid 1: LOG: child process with pid: 31110 exits with status 256 2021-05-17 19:55:20: pid 1: LOG: fork a new child process with pid: 8388 2021-05-17 19:57:04: pid 30347: LOG: pool_ssl: "SSL_read": "uninitialized" 2021-05-17 19:57:04: pid 30347: ERROR: unable to read data from frontend 2021-05-17 19:57:04: pid 30347: DETAIL: socket read failed with error "Success"

The behavior occurs with Django (psqycopg2 driver) and PowerBI (npsql) I first thought that the client library is damaged but seem more that pgpooler-II has an invalid SSL connection handler. I try to debug further.

To Reproduce

Setup the latest version of the chart on Kubernetes Make sure to setup a secret for TLS Add make use of the secret/certs (don't use client-cert-authentication)

Expected behavior No problems with SSL

Version of Helm and Kubernetes:

• Output of helm version:

version.BuildInfo{Version:"v3.1.2", GitCommit:"d878d4d45863e42fd5cff6743294a11d28a9abce", GitTreeState:"clean", GoVersion:"go1.13.8"}

• Output of kubectl version:

Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.4", GitCommit:"e87da0bd6e03ec3fea7933c4b5263d151aafd07c", GitTreeState:"clean", BuildDate:"2021-02-18T16:12:00Z", GoVersion:"go1.15.8", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:15:20Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}

Additional context

My Cluster is running on OVH (OpenStack). My service is configured as Load Balancer. From what I can see is that i doesn't matter if the connection is made to the external or ClusterIP. However, if I use non-ssl-connections (at least for the internal endpoint) everything works fine and smooth.

[migruiz4]

Hi @ZuSe,

I've made some research regarding this issue and there seem to be other users having similar problems with PgPool-II depending on the application. In this case, with MagicStack/asyncpg: https://github.com/MagicStack/asyncpg/issues/573

The behavior occurs with Django (psqycopg2 driver) and PowerBI (npsql) As you describe you are facing this issue with other applications everything aims this problem is caused by Pgpool-II.

According to this comment, a potential fix may be coming with the next version of PgPool-II (4.2.3): https://github.com/MagicStack/asyncpg/issues/573#issuecomment-801700329

[ZuSe]

Hi @migruiz4

thanks for the link. Is there any ETA when it will arrive on bitnami?

[migruiz4]

As soon as PgPool-II releases a new version we will work to release a new image, so expect it to be ready within the next day after the release.

[AntonOfTheWoods]

Deployed!

[migruiz4]

Awesome! Thank you very much @AntonOfTheWoods for the heads up.

@ZuSe the latest version of the chart (7.5.3) was updated with the new Pgpool-II version 3 days ago. Could you please let us know if it fixes your issue?

[ZuSe]

Hi guys,

i just updated it on our cluster. Will tell you the outcome in some hours

[github-actions[bot]]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[migruiz4]

Hi @ZuSe,

Following up on this. Did updating the chart to v7.5.3+ fix your issue?

[ZuSe]

Seems to work, thanks a lot!