terraform-provider-postgresql icon indicating copy to clipboard operation
terraform-provider-postgresql copied to clipboard

Published 20 hours ago verified publisher icon cyrilgdn

Unstable connection to postgres via proxy

Open esulzickis opened this issue 11 months ago • 3 comments

Terraform Version

opentofu 1.8.2

Affected Resource(s)

  • postgresql_role
  • postgresql_grant_role
  • postgresql_database

Terraform Configuration Files

provider "postgresql" {
  host      = var.db_endpoint
  port      = 5432
  database  = "postgres"
  username  = local.db_creds.username
  password  = local.db_creds.password
  sslmode   = "require"
  superuser = false
  #
  max_connections = 0
  connect_timeout = 360
}

Debug Output

https://gist.github.com/esulzickis/25d5e40cf893e4957d1ba0e10d123aef

Expected Behavior

Connecting to postgresql_role resource through tailscale proxy should not show an error

Actual Behavior

Sometimes when connecting through proxy connection works and sometimes not. The behavior is unstable

Steps to Reproduce

  1. export ALL_PROXY="socks5h://localhost:1055"
  2. tofu plan

esulzickis avatar Dec 11 '24 13:12 esulzickis

@esulzickis my team and I are running into this same issue. It's intermittent and frustrating. Have you figured any workaround or stopgap that helps with the intermittent issues? Do you know if the issue is with this provider or is that just a guess?

Gowiem avatar Dec 30 '24 15:12 Gowiem

In our case we use tailscale as a VPN solution. We changed connection type from relay to direct (https://tailscale.com/kb/1257/connection-types) and it helped a little bit. However 2 out of 24 plans still failed. Another thing I have noticed is that when comparing mysql (https://registry.terraform.io/providers/petoju/mysql/latest) and postgresql terraform providers TF logs I saw that mysql provider one has some retry logic each time when it fails to connect to mysql and postgresql is missing that. I was thinking that implementing retry connection logic in postgresql terraform provider could also help

esulzickis avatar Jan 08 '25 07:01 esulzickis

@esulzickis thanks for the follow up! We're going to try to build "Favor Direct Connections" support into our terraform module and see if that helps... 🤞

I do like your callout that this provider lacks connection retry logic. I wonder if we should create a separate ticket to see if that is possible? Or maybe that is what this ticket should morph into?

Gowiem avatar Jan 10 '25 05:01 Gowiem