https://linen.dev logo
Join Slack
Powered by
<@U04SE163WC8> I'm getting error "SSL off" when th...
# ask-ai
a
@kapa.ai I'm getting error "SSL off" when the temporal pod is running. Extra variables have been set to enable TLS.
k
To resolve the "SSL off" error when the Temporal pod is running, you need to ensure that the correct environment variables are set to enable TLS. Based on the knowledge sources, here are the steps you can follow: 1. Update the 
values.yaml
for Helm Chart Deployment: Ensure that the following environment variables are set in your 
values.yaml
file to enable TLS for the Temporal DB connection:
Copy code
yaml    temporal:      extraEnv:        - name: SQL_TLS          value: "true"        - name: SQL_TLS_ENABLED          value: "true"        - name: SQL_TLS_DISABLE_HOST_VERIFICATION          value: "true"        - name: SQL_HOST_VERIFICATION          value: "false"
This configuration has been reported to resolve SSL encryption problems for Temporal ([source](https://github.com/airbytehq/airbyte/issues/32980)). 2. Update the 
docker-compose.yaml
for Docker Deployment: If you are using Docker, you need to update the 
docker-compose.yaml
file for the 
airbyte-temporal
service to include the necessary environment variables:
Copy code
yaml    airbyte-temporal:      image: airbyte/temporal:${VERSION}      logging: *default-logging      container_name: airbyte-temporal      restart: unless-stopped      environment:        - DB=postgresql        - DB_PORT=${DATABASE_PORT}        - DYNAMIC_CONFIG_FILE_PATH=config/dynamicconfig/development.yaml        - LOG_LEVEL=${LOG_LEVEL}        - POSTGRES_PWD=${DATABASE_PASSWORD}        - POSTGRES_SEEDS=${DATABASE_HOST}        - POSTGRES_USER=${DATABASE_USER}        - SQL_TLS=true        - SQL_TLS_DISABLE_HOST_VERIFICATION=true        - SQL_TLS_ENABLED=true        - SQL_HOST_VERIFICATION=false      volumes:        - ./temporal/dynamicconfig:/etc/temporal/config/dynamicconfig      networks:        - airbyte_internal
This setup ensures that the Temporal service uses TLS for its database connections ([source](https://github.com/airbytehq/airbyte/issues/11157)). 3. Check PostgreSQL Configuration: If you are using AWS RDS for PostgreSQL, ensure that the 
rds.force_ssl
parameter is set to 
0
(off). This can be a requirement for some versions of PostgreSQL and cloud providers ([source](https://github.com/airbytehq/airbyte/discussions/30482)). By following these steps, you should be able to resolve the "SSL off" error and ensure that TLS is properly enabled for your Temporal DB connections. If you continue to face issues, please provide more details about your deployment setup for further assistance.
a
@kapa.ai All required TLS variables are correctly set. But temporal still fails with SSL off error.
k
A message from kapa.ai
If all required TLS variables are correctly set but Temporal still fails with an "SSL off" error, there might be an issue with how the connection URL is being constructed or additional parameters required by your PostgreSQL setup. Here are a few steps you can take to troubleshoot and resolve the issue: 1. Ensure Full 
DATABASE_URL
is Used: According to the maintainer's comment, the root cause might be that the 
docker-compose.yaml
file for 
airbyte-temporal
should use a full 
DATABASE_URL
variable instead of individual parameters. This ensures that URL extra parameters such as 
sslmode=require
are taken into account. Update your 
docker-compose.yaml
to include the full `DATABASE_URL`:
Copy code
yaml    airbyte-temporal:      image: airbyte/temporal:${{VERSION}}      logging: *default-logging      container_name: airbyte-temporal      restart: unless-stopped      environment:        - DATABASE_URL=jdbc:<postgresql://your-postgres-host/dbname?sslmode=require>        - DYNAMIC_CONFIG_FILE_PATH=config/dynamicconfig/development.yaml        - LOG_LEVEL=${{LOG_LEVEL}}        - POSTGRES_PWD=${{DATABASE_PASSWORD}}        - POSTGRES_SEEDS=${{DATABASE_HOST}}        - POSTGRES_USER=${{DATABASE_USER}}      volumes:        - ./temporal/dynamicconfig:/etc/temporal/config/dynamicconfig      networks:        - airbyte_internal
This ensures that the 
sslmode=require
parameter is included in the connection string ([source](https://github.com/airbytehq/airbyte/discussions/30482)). 2. Check PostgreSQL Configuration: If you are using AWS RDS for PostgreSQL, ensure that the 
rds.force_ssl
parameter is set to 
0
(off). This can be a requirement for some versions of PostgreSQL and cloud providers. You can find more details in the AWS documentation: [Amazon RDS PostgreSQL SSL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.html). 3. Verify Environment Variables: Double-check that all environment variables are correctly set and there are no typos or formatting issues in your configuration files. By following these steps, you should be able to resolve the "SSL off" error and ensure that TLS is properly enabled for your Temporal DB connections. If you continue to face issues, please provide more details about your deployment setup for further assistance.
a
@kapa.ai All required TLS environment variables are set configured. The deployment method is helm and Kubernetes. Why is sslmode=require not working for the temporal pod?
k
A message from kapa.ai
If all required TLS environment variables are correctly set and you are deploying using Helm and Kubernetes, but 
sslmode=require
is still not working for the Temporal pod, it might be due to how the connection URL is being constructed. Temporal might not be using the 
jdbcUrl
directly and instead constructing its own connection string from individual parameters. Here are the steps to ensure that 
sslmode=require
is correctly applied: 1. Update 
values.yaml
for Helm Chart Deployment: Ensure that the following environment variables are set in your 
values.yaml
file to enable TLS for the Temporal DB connection:
Copy code
yaml    temporal:      extraEnv:        - name: SQL_TLS          value: "true"        - name: SQL_TLS_ENABLED          value: "true"        - name: SQL_TLS_DISABLE_HOST_VERIFICATION          value: "true"        - name: SQL_HOST_VERIFICATION          value: "false"
This configuration has been reported to resolve SSL encryption problems for Temporal ([source](https://github.com/airbytehq/airbyte/issues/32980)). 2. Ensure Full 
DATABASE_URL
is Used: According to the maintainer's comment, the root cause might be that the Temporal service should use a full 
DATABASE_URL
variable instead of individual parameters. This ensures that URL extra parameters such as 
sslmode=require
are taken into account. Unfortunately, the Helm chart might not support setting a full 
DATABASE_URL
directly. However, you can try to override the Temporal image or modify the Helm chart to ensure the full connection string is used. 3. Check PostgreSQL Configuration: If you are using AWS RDS for PostgreSQL, ensure that the 
rds.force_ssl
parameter is set to 
0
(off). This can be a requirement for some versions of PostgreSQL and cloud providers ([source](https://github.com/airbytehq/airbyte/discussions/30482)). 4. Verify Environment Variables: Double-check that all environment variables are correctly set and there are no typos or formatting issues in your configuration files. By following these steps, you should be able to resolve the "SSL off" error and ensure that 
sslmode=require
is properly applied for your Temporal DB connections. If you continue to face issues, please provide more details about your deployment setup for further assistance.
a
I've found the solution to this problem. The correct TLS variable name is POSTGRES_TLS_ENABLED
@kapa.ai I've found the solution to this problem. The correct TLS variable name is POSTGRES_TLS_ENABLED
k
A message from kapa.ai
Great to hear that you've found the solution! For others facing the same issue, here is the correct configuration to enable TLS for the Temporal pod in a Helm and Kubernetes deployment: Ensure that you set the 
POSTGRES_TLS_ENABLED
environment variable in your 
values.yaml
file:
Copy code
yaml temporal:   extraEnv:     - name: POSTGRES_TLS_ENABLED       value: "true"     - name: SQL_TLS       value: "true"     - name: SQL_TLS_ENABLED       value: "true"     - name: SQL_TLS_DISABLE_HOST_VERIFICATION       value: "true"     - name: SQL_HOST_VERIFICATION       value: "false"
This configuration ensures that the Temporal pod correctly uses TLS for its database connections. For more details on similar issues and solutions, you can refer to the following sources: - [Helm Chart: 
Running the launcher replication-orchestrator failed
after upgrade](https://github.com/airbytehq/airbyte/issues/32203) - [Can't use Azure Database for PostgreSQL as Airbyte internal DB](https://github.com/airbytehq/airbyte/issues/24201) - [Helm Chart: make temporal and temporal_visibility databases configurable](https://github.com/airbytehq/airbyte/issues/11157) - [DATABASE_URL ignored by Temporal pods](https://github.com/airbytehq/airbyte/issues/32980) By setting the correct environment variables, you should be able to resolve the "SSL off" error and ensure that TLS is properly enabled for your Temporal DB connections.
a
@kapa.ai Solution. You also need to set POSTGRES_TLS_DISABLE_HOST_VERIFICATION to "true" in values.yml
k
A message from kapa.ai
To resolve the "SSL off" error when the Temporal pod is running, you need to ensure that the correct environment variables are set to enable TLS. Based on the knowledge sources and your findings, here are the steps you can follow: 1. Update the 
values.yaml
for Helm Chart Deployment: Ensure that the following environment variables are set in your 
values.yaml
file to enable TLS for the Temporal DB connection:
Copy code
yaml    temporal:      extraEnv:        - name: POSTGRES_TLS_ENABLED          value: "true"        - name: SQL_TLS          value: "true"        - name: SQL_TLS_ENABLED          value: "true"        - name: SQL_TLS_DISABLE_HOST_VERIFICATION          value: "true"        - name: SQL_HOST_VERIFICATION          value: "false"
This configuration ensures that the Temporal service uses TLS for its database connections. 2. Ensure Full 
DATABASE_URL
is Used: According to the maintainer's comment, the root cause might be that the Temporal service should use a full 
DATABASE_URL
variable instead of individual parameters. This ensures that URL extra parameters such as 
sslmode=require
are taken into account. Unfortunately, the Helm chart might not support setting a full 
DATABASE_URL
directly. However, you can try to override the Temporal image or modify the Helm chart to ensure the full connection string is used. 3. Check PostgreSQL Configuration: If you are using AWS RDS for PostgreSQL, ensure that the 
rds.force_ssl
parameter is set to 
0
(off). This can be a requirement for some versions of PostgreSQL and cloud providers. 4. Verify Environment Variables: Double-check that all environment variables are correctly set and there are no typos or formatting issues in your configuration files. By following these steps, you should be able to resolve the "SSL off" error and ensure that 
sslmode=require
is properly applied for your Temporal DB connections. If you continue to face issues, please provide more details about your deployment setup for further assistance. For more details, you can refer to the [Temporal auto-setup script](https://github.com/temporalio/docker-builds/blob/main/docker/auto-setup.sh#L38).
A message from kapa.ai
To resolve the "SSL off" error when the Temporal pod is running, you need to ensure that the correct environment variables are set to enable TLS. Based on the knowledge sources and your findings, here are the steps you can follow: 1. Update the 
values.yaml
for Helm Chart Deployment: Ensure that the following environment variables are set in your 
values.yaml
file to enable TLS for the Temporal DB connection:
Copy code
yaml    temporal:      extraEnv:        - name: POSTGRES_TLS_ENABLED          value: "true"        - name: POSTGRES_TLS_DISABLE_HOST_VERIFICATION          value: "true"        - name: SQL_TLS          value: "true"        - name: SQL_TLS_ENABLED          value: "true"        - name: SQL_TLS_DISABLE_HOST_VERIFICATION          value: "true"        - name: SQL_HOST_VERIFICATION          value: "false"
This configuration ensures that the Temporal service uses TLS for its database connections. 2. Ensure Full 
DATABASE_URL
is Used: According to the maintainer's comment, the root cause might be that the Temporal service should use a full 
DATABASE_URL
variable instead of individual parameters. This ensures that URL extra parameters such as 
sslmode=require
are taken into account. Unfortunately, the Helm chart might not support setting a full 
DATABASE_URL
directly. However, you can try to override the Temporal image or modify the Helm chart to ensure the full connection string is used. 3. Check PostgreSQL Configuration: If you are using AWS RDS for PostgreSQL, ensure that the 
rds.force_ssl
parameter is set to 
0
(off). This can be a requirement for some versions of PostgreSQL and cloud providers. 4. Verify Environment Variables: Double-check that all environment variables are correctly set and there are no typos or formatting issues in your configuration files. By following these steps, you should be able to resolve the "SSL off" error and ensure that 
sslmode=require
is properly applied for your Temporal DB connections. If you continue to face issues, please provide more details about your deployment setup for further assistance. For more details, you can refer to the [Temporal auto-setup script](https://github.com/temporalio/docker-builds/blob/main/docker/auto-setup.sh#L38).
A message from kapa.ai
To resolve the "SSL off" error when the Temporal pod is running, you need to ensure that the correct environment variables are set to enable TLS. Based on the knowledge sources and your findings, here is the solution: 1. Update the 
values.yaml
for Helm Chart Deployment: Ensure that the following environment variables are set in your 
values.yaml
file to enable TLS for the Temporal DB connection:
Copy code
yaml    temporal:      extraEnv:        - name: POSTGRES_TLS_ENABLED          value: "true"        - name: POSTGRES_TLS_DISABLE_HOST_VERIFICATION          value: "true"        - name: SQL_TLS          value: "true"        - name: SQL_TLS_ENABLED          value: "true"        - name: SQL_TLS_DISABLE_HOST_VERIFICATION          value: "true"        - name: SQL_HOST_VERIFICATION          value: "false"
This configuration ensures that the Temporal service uses TLS for its database connections. 2. Ensure Full 
DATABASE_URL
is Used: According to the maintainer's comment, the root cause might be that the Temporal service should use a full 
DATABASE_URL
variable instead of individual parameters. This ensures that URL extra parameters such as 
sslmode=require
are taken into account. Unfortunately, the Helm chart might not support setting a full 
DATABASE_URL
directly. However, you can try to override the Temporal image or modify the Helm chart to ensure the full connection string is used. 3. Check PostgreSQL Configuration: If you are using AWS RDS for PostgreSQL, ensure that the 
rds.force_ssl
parameter is set to 
0
(off). This can be a requirement for some versions of PostgreSQL and cloud providers. 4. Verify Environment Variables: Double-check that all environment variables are correctly set and there are no typos or formatting issues in your configuration files. By following these steps, you should be able to resolve the "SSL off" error and ensure that 
sslmode=require
is properly applied for your Temporal DB connections. If you continue to face issues, please provide more details about your deployment setup for further assistance. For more details, you can refer to the [Temporal auto-setup script](https://github.com/temporalio/docker-builds/blob/main/docker/auto-setup.sh#L38).
Open in Slack
PreviousNext
Powered by