Postgress DB correct URL example request

[poyaskov]

Is your feature request related to a problem?

I can't connect Conjur-OSS container to the external Postgres DB.

I'm using:

HELM_ARGS="--set dataKey=$DATA_KEY \
    --set image.tag=1.11.1 \
    --set image.pullPolicy=IfNotPresent \
    --set ssl.hostname="conjure.compamy.com" \
    --set database.url="conjuredb@postgres-conjur-svc.databases.svc.cluster.local:5432/conjur"
    --set database.password="Bl@Bl@Bl@" \
    --set postgres.persistentVolume.create=true \
    --set postgres.persistentVolume.size=1Gi \
    --set postgres.persistentVolume.storageClass=px-sc"

Getting an error:

$ kubectl --namespace crdsc-conjur logs $POD_NAME --container=conjur-oss
..............................error: Database is still unavailable. Aborting!

Describe the solution you would like

Could you please help with correct DB URL for the external DB use case?

[BradleyBoutcher]

Hi @poyaskov !

Thanks for using our helm chart! It's hard to diagnose this issue with the information given. Can you use kubectl describe to get the deployment status for your database? Thank you!

[poyaskov]

Thank you for the quick response.

I just curios about correct DB URL.. definitely I'm using wrong for now, which is:

--set database.url="conjuredb@postgres-conjur-svc.databases.svc.cluster.local:5432/conjur"

thanks

[poyaskov]

I guess, it can be helpful for corporate users, who is not allowed to use postgres pod, provided in the chart as well

[diverdane]

Hi @poyaskov,

For connecting to an external Postgres database, the database.url should be a Postgres connection string that has the general form:

postgres://[user[:password]@][netloc][:port][,...][/dbname][?param1=value1&...]

(Ref: https://www.postgresql.org/docs/10/libpq-connect.html#LIBPQ-CONNSTRING)

Based on the database.url value that you're trying, it appears that your external Postgres database is inside your Kubernetes cluster. If this is the case, then the database.url value should be of the form:

postgres://<pg-user>:<pg-password>@<pg-kube-service>/<pg-kube-namespace>.svc.cluster.local/<dbname>?sslmode=require

The sslmode=require indicates to the Postgres database server that SSL is required between Conjur and Postgres.

I don't know if the Postgres password value that you listed is the actual password value that you're using, but Postgres passwords usually have restrictions, i.e.:

• Password must only contain the following:
  • Digits (0-9)
  • Letters (A-Z,a-z)
  • The special characters: ["-", ".", "_", or "~"]
• Password length must be less than or equal to 64 characters.

So assuming that I have your Kubernetes service/namespace and Postgres user correct, I believe what should work for you is this (replace <pg-password> with your actual password that conforms to the above):

HELM_ARGS="--set dataKey=$DATA_KEY \
    --set image.tag=1.11.1 \
    --set image.pullPolicy=IfNotPresent \
    --set ssl.hostname="conjure.compamy.com" \
    --set database.url="postgres://conjuredb:<pg-password>@postgres-conjur-svc.databases.svc.cluster.local:5432/conjur"

Note that because you're explicitly setting database.url, then all of the other database.XXX and postgres.XXX settings will be ignored (they're only used when you want the Conjur OSS Helm chart to set up a Postgres database for you, instead of providing your own):

    --set database.password="Bl@Bl@Bl@" \
    --set postgres.persistentVolume.create=true \
    --set postgres.persistentVolume.size=1Gi \
    --set postgres.persistentVolume.storageClass=px-sc"

These settings ^^^ are ignored when database.url is set explicitly.

If the above doesn't work for you, let us know, and we'll figure out the next round of things to try.

[poyaskov]

@diverdane Thank you for update, it is working now

all the best!