search

pgpool / pgpool2_on_k8s

57 stars 36 forks source link

Only using env var ? #6

Closed christopheblin closed 3 years ago

christopheblin commented 3 years ago

I try to create a pod in k8s to be able to port-forward it to my machine (in order to reach the db which is NOT opened on the internet but only reachable through k8s)

apiVersion: v1
kind: Pod
metadata:
    name: pgproxy
spec:
    containers:
    - name: pgpool
      image: pgpool/pgpool:4.2.2
      env:
      - name: POSTGRES_USERNAME
        value: correctusername
      - name: POSTGRES_PASSWORD
        value: correctpassword
      - name: PGPOOL_PARAMS_BACKEND_HOSTNAME0
        value: "xxx.privatelink.postgres.database.azure.com"
      - name: PGPOOL_PARAMS_BACKEND_FLAG0
        value: "ALWAYS_PRIMARY|DISALLOW_TO_FAILOVER"
      - name: PGPOOL_PARAMS_BACKEND_HOSTNAME1
        value: "xxx.privatelink.postgres.database.azure.com"
      - name: PGPOOL_PARAMS_BACKEND_FLAG1
        value: "ALWAYS_PRIMARY|DISALLOW_TO_FAILOVER"
---

The pod is starting correctly and the port-forward 9999 is also working correctly

However, when I try to use localhost:9999 with the same username and password, the pgpool logs indicate

2021-05-12 11:35:12: pid 20: LOG:  Backend status file /tmp/pgpool_status does not exist
2021-05-12 11:35:12: pid 20: LOG:  health_check_stats_shared_memory_size: requested size: 12288
2021-05-12 11:35:12: pid 20: LOG:  memory cache initialized
2021-05-12 11:35:12: pid 20: DETAIL:  memcache blocks :64
2021-05-12 11:35:12: pid 20: LOG:  allocating (136555320) bytes of shared memory segment
2021-05-12 11:35:12: pid 20: LOG:  allocating shared memory segment of size: 136555320 
2021-05-12 11:35:12: pid 20: LOG:  health_check_stats_shared_memory_size: requested size: 12288
2021-05-12 11:35:12: pid 20: LOG:  health_check_stats_shared_memory_size: requested size: 12288
2021-05-12 11:35:12: pid 20: LOG:  memory cache initialized
2021-05-12 11:35:12: pid 20: DETAIL:  memcache blocks :64
2021-05-12 11:35:12: pid 20: LOG:  pool_discard_oid_maps: discarded memqcache oid maps
2021-05-12 11:35:12: pid 20: LOG:  Setting up socket for 0.0.0.0:9999
2021-05-12 11:35:12: pid 20: LOG:  Setting up socket for :::9999
2021-05-12 11:35:12: pid 20: LOG:  find_primary_node_repeatedly: waiting for finding a primary node
2021-05-12 11:35:12: pid 55: LOG:  process started
2021-05-12 11:35:12: pid 54: LOG:  PCP process: 54 started
2021-05-12 11:35:12: pid 57: LOG:  process started
2021-05-12 11:35:12: pid 56: LOG:  process started
2021-05-12 11:35:12: pid 20: LOG:  pgpool-II successfully started. version 4.2.2 (chichiriboshi)
2021-05-12 11:35:12: pid 20: LOG:  node status[0]: 0
2021-05-12 11:35:12: pid 20: LOG:  node status[1]: 0
2021-05-12 12:14:09: pid 50: ERROR:  clear text password authentication failed
2021-05-12 12:14:09: pid 50: DETAIL:  unable to get the password

I double-checked the username and password are correct by connecting to the pod through another docker:

% kubectl run db-client --rm -it \           
  --restart='Never' --image docker.io/bitnami/postgresql:11 \
  --command bash

If you don't see a command prompt, try pressing enter.
I have no name!@db-client:/$ psql -h xxx.privatelink.postgres.database.azure.com -U correctusername -W dbname
Password: 
psql (11.11, server 11.6)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Type "help" for help.

message=>

I also checked that the psql command works from the pgproxy pod itself

% kubectl exec -it pgproxy -- /bin/bash 
bash-5.0$ psql -h xxx.privatelink.postgres.database.azure.com -U correctusername -W dbname
Password: 
psql (12.6, server 11.6)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Type "help" for help.

message=> exit

So basically, I think there is a problem with my env vars to provide the password to pgpool, but I do not understand what I should do ...

christopheblin commented 3 years ago

If that can help the diagnostic : when I look at the file pool_passwd, it contains the user

% kubectl exec -it pgproxy -- /bin/bash
bash-5.0$ cat /opt/pgpool-II/etc/pool_passwd
user@host:md5xxxx

note : I removed the real values

I had a lok to pgpool source code, the error seems to be that the user in this file is not "matched" from the frontend (but I am 100% sure to use the same username)

christopheblin commented 3 years ago

I finally used haproxy

apiVersion: v1
kind: ConfigMap
metadata:
  name: pgproxy-config  
data:
  haproxy.cfg: |
    global

    daemon
    maxconn 1

    defaults
    mode tcp

    frontend tcp-in
    bind *:5432
    default_backend servers

    backend servers
    server server1 xxx.privatelink.postgres.database.azure.com:5432 maxconn 1
---
apiVersion: v1
kind: Pod
metadata:
    name: pgproxy
spec:
    containers:
    - name: pgpool
      image: haproxytech/haproxy-alpine      
      volumeMounts:
      - name: config-volume
        mountPath: /usr/local/etc/haproxy/
    volumes:
    - name: config-volume
      configMap:
        name: pgproxy-config
---