Connecting to Postgres database secret engine using jdbc connection url throwing error

[Elizabeth]

Hi, 

    We r using Vault 0.10.1. We have been using postgresql as a database secret engine for a while with a single postgres. And it has been working fine. 

On adding HA to postgres (that works in master  slave mode)  we needed to change the connection url to postgres from :

postgresql://{{username}}:{{password}}@<DB IP>:5432/postgres?sslmode=disable

TO

jdbc:postgresql://{{username}}:{{password}}@<DB IP>:5432/postgres?sslmode=disable&targetServerType=master

Ever since that Vault throws the error :

{"errors":["1 error occurred:\n\n* pq: Could not detect default username. Please provide one explicitly"]}

So what is the problem here - is it the jdbc URL or is there a different way to handle redundant postgres DBs or something else? Please help - this is a bit urgent as we run the risk of the feature being dropped. from our release.....

Appreciate any response on a Fri at this hour!!!

thanks,

Elizabeth

[Jeff Mitchell]

Hi Elizabeth,

JDBC URLs are only valid for JDBC. Given that the JDBC URI you're
giving doesn't actually work, why do you think you need to change the
original one?

Best,
Jeff

> --
> This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/157c95d8-c368-494b-92e8-d8eb8aa46fb8%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Shanthi Koikkara]

To support redundant Postgres Db instances....

You received this message because you are subscribed to a topic in the Google Groups "Vault" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/vault-tool/C5B94XrblnI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAORe8GHMDcOPR_JdgVQaVwB9frNoZfm6pffF%3DiVkKQxM_biJxg%40mail.gmail.com.

[Jeff Mitchell]

Hi,

Can you explain why that requires a jdbc URL?

Thanks,

Jeff

To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAM6%3DKiSo9Ei-Rayk59XbLX4Nt_0LVTUCJqN5WvQyTj4gov27fw%40mail.gmail.com.

[Shanthi Koikkara]

Not the Db expert...but when I dug into why the jdbc url wasnt working I discovered that it was only in postgres release 10.0 that multiple connection strings are supported i.e. in the form postgres://ip1:port, ip2:port db.

Hence the switch to the jdbc urls that support multiple connection strings.

So i wonder how vault could be used w multiple Postgres instances if u are not on postgres 10. 

To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAORe8GGwNHf-8sgKNFXGy%3DrpFSiJLdjr_SD4GMHh1xAaXHsH%3DA%40mail.gmail.com.

[Jeff Mitchell]

Hi Shanthi,

It sounds like you need Postgres 10.0 to do what you want.

Best,
Jeff

> To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAM6%3DKiSub1cuKtL-TTRneJXvt92X6ejiKU8QMbdfmPtpFkk5pg%40mail.gmail.com.