temporalio
Helm chart Temporal Connection to RDS
Expected Behavior
Deploy Temporal using RDS connection.
Actual Behavior
Temporal can´t connect to RDS
sql schema version compatibility check failed: unable to read DB schema version keyspace/database: temporal error: no usable database connection found
apiVersion: v1
data:
config_template.yaml: |-
log:
stdout: true
level: "debug,info"
persistence:
defaultStore: default
visibilityStore: visibility
numHistoryShards: 512
datastores:
default:
sql:
pluginName: "postgres12"
driverName: "postgres12"
databaseName: "temporal"
connectAddr: "XXXXXXXXXXXXXXXX.us-east-1.rds.amazonaws.com:5432"
connectProtocol: "tcp"
user: temporal
password: {{ .Env.TEMPORAL_STORE_PASSWORD | quote }}
maxConnLifetime: 1h
maxConns: 20
secretName: ""
visibility:
sql:
pluginName: "postgres12"
driverName: "postgres12"
databaseName: "temporal_visibility"
connectAddr: "XXXXXXXXXXXXXXXX.us-east-1.rds.amazonaws.com:5432"
connectProtocol: "tcp"
user: "temporal"
password: {{ .Env.TEMPORAL_VISIBILITY_STORE_PASSWORD | quote }}
maxConnLifetime: 1h
maxConns: 20
secretName: ""
I am able to deploy using the following docker-compose
version: "3.5"
services:
temporal:
container_name: temporal
environment:
- DBNAME=temporal
- VISIBILITY_DBNAME=temporal_visibility # it creates the database automatically
- DB=postgres12
- DB_PORT=5432
- POSTGRES_USER=temporal
- POSTGRES_PWD=XXXXXXXXXXXXXX
- POSTGRES_SEEDS=XXXXXXXXXXXXXX.us-east-1.rds.amazonaws.com
- DYNAMIC_CONFIG_FILE_PATH=config/dynamicconfig/development-sql.yaml
- TEMPORAL_ADDRESS=temporal:7233
- TEMPORAL_CLI_ADDRESS=temporal:7233
### Added variables
- POSTGRES_TLS_ENABLED=true
- POSTGRES_TLS_DISABLE_HOST_VERIFICATION=true
- SQL_TLS_ENABLED=true
- SQL_HOST_VERIFICATION=false
image: temporalio/auto-setup:${TEMPORAL_VERSION}
networks:
- temporal-network
ports:
- 7233:7233
volumes:
- ./dynamicconfig:/etc/temporal/config/dynamicconfig
# I use the auto-setup.sh script.
# temporal-admin-tools:
# container_name: temporal-admin-tools
# depends_on:
# - temporal
# environment:
# - TEMPORAL_ADDRESS=temporal:7233
# - TEMPORAL_CLI_ADDRESS=temporal:7233
# image: temporalio/admin-tools:${TEMPORAL_ADMINTOOLS_VERSION}
# networks:
# - temporal-network
# stdin_open: true
# tty: true
temporal-ui:
container_name: temporal-ui
depends_on:
- temporal
environment:
- TEMPORAL_ADDRESS=temporal:7233
- TEMPORAL_CORS_ORIGINS=http://localhost:3000
image: temporalio/ui:${TEMPORAL_UI_VERSION}
networks:
- temporal-network
ports:
- 8080:8080
networks:
temporal-network:
driver: bridge
name: temporal-network
Specifications
- Version: 0.52.0 (helm chart)
- Platform: kubernetes
I am able to deploy temporal if rds.force_ssl=0. I see several open issues with the same problem. How to setup temporal with RDS and TLS enabled.
Related: https://github.com/airbytehq/airbyte/issues/39636
Try adding the following TLS configuration:
datastores:
default:
sql:
pluginName: "postgres12"
...
tls:
enabled: true
enableHostVerification: false
For more details: https://docs.temporal.io/references/configuration#tls-1
@thatmlopsguy can you confirm that the recommendation above fixes your issue?
I imported the AWS CA certificate also to work.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
IIUC we can close the issue since the proposed configuration works as expected. @thatmlopsguy please reopen if you are unsatisfied with the resolution.