New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AuthN Docker RDS Connectivity Issue #175
Comments
That's a new one! A few options to consider:
|
I have created a compose file that is reproducing the problem for me. This file works on my local machine (mac) but fails on EC2 with ubuntu 20.04 AND on an Azure VM running Ubuntu 18.04. I did some searching for Go + Docker connectivity and maybe saw something about Go using different DNS lookup like 8.8.8.8 so it couldn't resolve a non-public endpoint. Not sure if real and even related but an idea. Here's the docker-file that should reproduce the problem:
|
Hi @cainlevy -- thanks for the help.
with the format I see in https://github.com/keratin/authn-server/blob/master/app/data/postgres/db.go#L12,
The example worked. The possible differences I can see are: I'm not sure if that provides any more useful information, but perhaps it give you a clue. Still stumped here. |
That's pretty thorough. Hmm. From what I can discover, this error appears to be coming back from the DNS server while attempting to resolve the domain. I suppose that means we can rule out credentials, ports, and anything else that's part of the actual server connection. So the question I'm pondering is why the DNS service might report a busy error. Does it have some assumption or configuration that AuthN breaks, maybe during its startup routine when it establishes a connection pool. The call to Lines 31 to 37 in b2ee0bc
You don't appear to have an error reporting service configured, so let's back up a step: Lines 44 to 53 in b2ee0bc
Okay that's just logging. I can't see anything that has happened to cause DNS contention. That theory feels like a dead-end. So what if it's ENV variable parsing? Is it possible that this ENV parsing is getting tripped up on a special character? Lines 40 to 45 in b2ee0bc
@kkohrt did you embed the ENV var directly as a string in your test, or did you read it from |
@cainlevy You are faster than me creating a gist! Which I finally did after @xcskier56 & I hacked away a bit more. I used I'll try to pull work in that |
Alas, no luck. I inserted methods from the Keratin source, and called them at the top of the main function (from the gist)
And...its cool; and working--as in, none of those routines seems to be the issue. |
Doesn't seem to be slowing you down! Do I understand that I could reproduce this issue by running the given docker-compose.yml on an isolated EC2 instance? RDS isn't even necessary for the reproduction? |
@cainlevy, with the compose file I posted earlier I reproduced the error on EC2 and Azure VM and it has no external dependencies so you should be able to just run it. No RDS needed |
It seems I'm missing some part of the reproduction. Here's what I tried:
The last log lines I see are a successful boot:
|
@cainlevy, thank you for the detail in how you were able to successfully run the compose file. At this point, I'm pretty convinced that this is some weird issue with Ubuntu + Go/Keratin. I was able to use Amazon Linux 2 to successfully run the compose file. I am going to just sidestep this issue by using Amazon linux 2. Feel free to close this issue if you want, and once again, thank you for your help in debugging this. |
What a journey. Thanks for digging in! |
Hey, I just ran into a weird issue that may be related to this one. My app uses GitHub Actions to launch a docker-compose file to run redis, authn-server, and my app's test suite. It was working fine with authn-server
Now the changelog didn't have any clues for what changed in 1.10.3 so I had to check git and found this commit to bump golang to 1.15. That got me on the right track and with enough searching I figured it was some change to go's DNS resolver causing the problem. Eventually I found a workaround from the documentation in Commenting here in case anyone else ever has a similar issue :) |
Wow excellent sleuthing. Thanks for sharing that. It looks like the cgo resolver is only chosen in specific conditions. Do you think that had something to do with the Docker host? |
Something, yes... but I didn't dig any deeper into this once I found a workaround. |
Hi there, I'm getting the following error when trying to run the AuthN docker image on EC2 Ubuntu 20.04.
I have a fairly simple setup, just an EC2 instance and an RDS instance. I have done the following debugging and am quite certain that it is not a networking issue like security groups.
psql
to the RDS instancedocker exec
to run the AuthN container, installed psql usingapk --update add postgresql-client
and was able to successfully connect to rdsHere is my docker-compose (sensitive items removed)
Thanks in advance
The text was updated successfully, but these errors were encountered: