terraform-provider-docker icon indicating copy to clipboard operation
terraform-provider-docker copied to clipboard

Published 20 hours ago verified publisher icon kreuzwerker

Having issues connecting the PostgresDB with the containers

Open GNikolov54 opened this issue 1 year ago • 1 comments

Hello,

I am trying to translate docker compose to terraform but I am having issues connecting the DB to the containers.

I was wondering if you have any idea how I can do that?

Terraform (and docker Provider) Version

Terraform v1.2.7 provider registry.terraform.io/kreuzwerker/docker v2.20.2

Code below:

terraform {
  required_providers {
    docker = {
      source  = "kreuzwerker/docker"
      version = "2.20.2"
    }
  }
}
provider "docker" {
  # Configuration options
}
#-------------------------------------
# Networks
#-------------------------------------
resource "docker_network" "local-network" {
  name = "local"
  driver = "overlay"
  ipam_config {
    subnet = "10.0.0.0/16"
  }
}
resource "docker_network" "elasticsearch" {
  name   = "elastic-net"
  driver = "bridge"
}
#-------------------------------------
# Volumes
#-------------------------------------
resource "docker_volume" "postgres" {
  name = "postgres_data"
}
resource "docker_volume" "fusionauth" {
  name = "fa_data"
}
resource "docker_volume" "elasticsearch" {
  name = "es_data"
}
#-------------------------------------
#ElasticSearch
#-------------------------------------
resource "docker_image" "elasticsearch" {
  name         = "docker.elastic.co/elasticsearch/elasticsearch:7.8.1"
  keep_locally = "true"
}
# Start a container
resource "docker_container" "elasticsearch" {
  name = "search"
  #image  = "docker.elastic.co/elasticsearch/elasticsearch:7.8.1"
  image        = docker_image.elasticsearch.latest
  memory       = 1256
  env          = ["cluster.name=fusionauth", "bootstrap.memory_lock=true", "discovery.type=single-node", "ES_JAVA_OPTS=-Xms512m -Xmx512m"]
  network_mode = docker_network.elasticsearch.name
  restart      = "unless-stopped"
  working_dir  = "/usr/share/elasticsearch"
  mounts {
    read_only = false
    source    = "es_data"
    target    = "/usr/share/elasticsearch/data"
    type      = "volume"
  }
  ulimit {
    hard = -1
    name = "memlock"
    soft = -1
  }
}
#-------------------------------------
#fusionauth
#-------------------------------------
resource "docker_image" "fusionauth" {
  name         = "fusionauth/fusionauth-app:1.30.2"
  keep_locally = "true"
}
# Start a container
resource "docker_container" "fusionauth" {
  depends_on = [
    docker_network.elasticsearch,
    docker_container.postgres
  ]
  name = "auth"
  #image  = "fusionauth/fusionauth-app:1.30.2"
  image  = docker_image.fusionauth.latest
  memory = 1024
  env    = ["DATABASE_URL=jdbc:postgresql://postgres-database:5432/fusionauth", "DATABASE_ROOT_USERNAME=kong", "DATABASE_ROOT_PASSWORD=kong", "DATABASE_USERNAME=fusionauth", "DATABASE_PASSWORD=hkaLBM3RVnyYeYeqE3WI1w2e4Avpy0Wd5O3s3", "FUSIONAUTH_APP_MEMORY=512M", "SEARCH_TYPE=elasticsearch", "SEARCH_SERVERS=http://search:9200", "FUSIONAUTH_APP_URL=http://fusionauth:9011"]
  #network_mode = [docker_network.local-network.name,docker_network.elasticsearch.name]
  networks_advanced {
    name = docker_network.local-network.name
  }
  networks_advanced {
    name = docker_network.elasticsearch.name
  }
  ports {
    external = 9011
    internal = 9011
  }
  restart     = "unless-stopped"
  working_dir = "/usr/local/fusionauth"
  mounts {
    read_only = false
    source    = "fa_data"
    target    = "/usr/local/fusionauth/config"
    type      = "volume"
  }
}
#-------------------------------------
#Postgres-Database
#-------------------------------------
resource "docker_image" "postgres" {
  name         = "postgres:11.9-alpine"
  keep_locally = "true"
}
# Start a container
resource "docker_container" "postgres" {
  name  = "post"
  image = docker_image.postgres.latest
  #image = docker_image.postgres.latest
  memory       = 128
  env          = ["POSTGRES_DB=kong", "POSTGRES_USER=kong", "POSTGRES_PASSWORD=kong",]
  network_mode = docker_network.local-network.name
  working_dir  = "/var/lib/postgresql"
  mounts {
    read_only = false
    source    = "postgres_data"
    target    = "/var/lib/postgresql/data"
    type      = "volume"
  }
  healthcheck {
    test     = ["CMD", "pg_isready", "-U", "kong"]
    interval = "10s"
    timeout  = "5s"
    retries  = "5"
  }
  ports {
    external = 5432
    internal = 5432
  }
  restart    = "on-failure"
  ipc_mode   = "private"
  log_driver = "json-file"
}

Expected Behaviour

The containers must communicate with the DB

Actual Behaviour

The containers are up and running, but they are not able to communicate with Postgres DB

GNikolov54 avatar Aug 16 '22 09:08 GNikolov54

I have been experiencing a similar problem with connecting kong with postgres. I pass the env variables as required but, I suppose I am missing something on networking level.

nick-kostov avatar Aug 22 '22 12:08 nick-kostov

Docker networking can be complicated... From what I can see from your terraform code: The postgres container is not attached to any network. You have set network_mode but not specified any network it is attached to (like you did with the fusionauth container). Only containers in the same network can communicate with each other.

And according to https://docs.docker.com/network/overlay/#operations-for-standalone-containers-on-overlay-networks you probably should use attachable = true for your network to use standalone containers.

Additionally, think about using https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/service ?

Closing, as this is not an issue/bug with the provider, but about docker networking.

Junkern avatar Aug 29 '22 12:08 Junkern