🎄 Happy Holidays! 🥳

Most of Solace is closed December 24–January 1 so our employees can spend time with their families. We will re-open Thursday, January 2, 2024. Please expect slower response times during this period and open a support ticket for anything needing immediate assistance.

Happy Holidays!

Please note: most of Solace is closed December 25–January 2, and will re-open Tuesday, January 3, 2023.

What is the correct broker URL to use in a Terraform configuration for connecting to a Message VPN

swapnil_mahajan
swapnil_mahajan Member Posts: 51 ✭✭✭
edited August 8 in PubSub+ Event Broker #1

While running GitLab CICD pipeline using terraform for message VPN below configuration get used for solace provider

# Configure the   provider
provider "solacebroker" 
{ 
 username = var.broker_username  
password = var.broker_password  
url      = var.broker_url
}

What is the correct URL is it

PORT 943

Message VPN https://mr-connection-XXXXXXXX.messaging.solace.cloud:943/

or

REST API URL Port 9443

https://mr-connection-XXXXXXXXX.messaging.solace.cloud:9443

As per my knowledge it should be with port 943

Answers

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 963 admin

    Hi @swapnil_mahajan,

    Assuming you are using the default ports then yes, 943 is what you are using. Since you're using Solace Cloud it's the SEMP URL you should be using which can be found under the "Manage" tab in your Messaging Service.

    Hope that helps!

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭
    edited August 7 #3

    Hey @marc ,

    You mean to use full URL-

    https://mr-connection-XXXXXXXXXXXXX.messaging.solace.cloud:943/SEMP/v2/config

    Current port 943 URL default one is not working. Pipeline run timeout issue I am facing. You are already present on question-Gitlab: Terraform script timeout.

    Do you feel any link between both? 🤔

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭

    Unfortunately The full URL from SEMP REST API also giving same kind of timeout error

    2098Error: Broker check failed20992100│ with solacebroker_msg_vpn_client_username.test_solace-cloud-client,2101│ on main.tf line 111, in resource "solacebroker_msg_vpn_client_username" "test_solace-cloud-client":2102│ 111: resource "solacebroker_msg_vpn_client_username" "test_solace-cloud-client" {21032104│ context deadline exceeded (Client.Timeout exceeded while awaiting headers)

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 963 admin

    Do you feel any link between both? 🤔

    yes, it seems like these are both the same issue. For some reason you just don't seem to be able to connect to the broker. I see @Balazs is helping you on the other discussion so I imagine once that is resolved it will also be fixed here.

    In addition I have opened an issue on the github repo to make sure the proper URL is clear in the docs to avoid this problem in the future:

    https://github.com/SolaceProducts/terraform-provider-solacebroker/issues/77

  • Balazs
    Balazs Member, Employee Posts: 12 Solace Employee
    edited August 8 #6

    So @swapnil_mahajan , the URL you should try is https://mr-connection-XXXXXXXXXXXXX.messaging.solace.cloud:943

    To verify, this URL shall bring you to the Web Manager login page if you paste it into a browser.

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭

    Here are the analysis from my internal expertise for Gitlab CICD pipeline

    1. Verify how Solace provider exposes their system into the internet.
    2. I am using the shared runners in the Gitlab pipeline, and that DNS mr-connection-xxxxxxxx.messaging.solace.cloud is not resolvable.
    3. You might be in some dedicated network where this is setup for you.

  • Balazs
    Balazs Member, Employee Posts: 12 Solace Employee

    Hi @swapnil_mahajan , the analysis is correct, either the GitLab runner has limited external connection and its DNS services are restricted to an internal network or the Solace PubSub+ test broker is not publicly accessible.

    Can you verify if you can access the broker SEMP service (Web Manager login page) from your local computer (assuming it has no restriction to this internet address)? I expect this Solace Cloud address is public:
    https://mr-connection-XXXXXXXXXXXXX.messaging.solace.cloud:943

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭
    edited August 9 #10

    @Balazs Yes I am able to connect with

    https://mr-connection-XXXXXXXXXXXXX.messaging.solace.cloud:943

    Yes Solace Event Broker Instance do have Hybrid Connectivity. Generally I click on Message VPN and Redirect to Web Portal Manager.

    Even with pasting Web Portal Manager URL in browser and login with credentials also takes me to Portal. I am not sure what you are checking with this 🤔

  • Balazs
    Balazs Member, Employee Posts: 12 Solace Employee

    Hi @swapnil_mahajan , I don't know how the GitLab runner is configured. It will only work if it is able to reach the broker SEMP service.

    The goal of the prev test was to verify that the SEMP service is at least up and reachable somehow. Now the next step is to check if it is reachable from your GitLab runner. To test that, add this script before the Terraform test job and try to run it:

    curl https://mr-connection-xxxxxxxxxxxxx.messaging.solace.cloud:943/

    where the URL is the same that worked for you in the prev step.

    If it fails (seems expected) then you would need to configure the GitLab runner to be able to reach this domain. The Terraform test will fail as long as this test fails.

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭

    Hi @Balazs

    I added below stage in my yml file

    test: 

    stage: test 

    image: $TF_IMAGE 

    script:   

    - echo "Broker URL test"   

    - curl https://mr-connection-xxxxxxxxxxxxxxx.messaging.solace.cloud:943   

    - echo "content"   

    - exit 0

    I see Job succeeded with below message-

    % Total % Received % Xferd Average Speed Time Time Time Current25 Dload Upload Total Spent Left Speed26100 1457 100 1457 0 0 12212 0 --:--:-- --:--:-- --:--:-- 12347

    I am attaching log file for more details.

    Still pipeline is running. I will post the result of apply stage(which was timeout in all previous runs)

  • Balazs
    Balazs Member, Employee Posts: 12 Solace Employee

    Hi @swapnil_mahajan, any chance the runner is using an http proxy or some other indirect way to reach the broker?

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭
    edited August 12 #14

    Hi @Balazs Yes. Below variables I am using in YML file for http proxy


    variables: 

    TF_STATE_NAME: default 

    TF_CACHE_KEY: default 

    TF_ROOT: terraform 

    http_proxy: $CODE_PROXY 

    https_proxy: $CODE_PROXY 

    no_proxy: $CODE_NO_PROXY 

    HTTP_PROXY: $http_proxy 

    HTTPS_PROXY: $http_proxy 

    NO_PROXY: $no_proxy 

  • Balazs
    Balazs Member, Employee Posts: 12 Solace Employee

    Yes, this is the issue then: the current version of the provider doesn't support http proxy

    Watch this space for updates.

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭

    ``Hi @Balazs Did you get a chance to look into the issue.

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭

    Hi @Balazs awaiting updates for

    the current version of the provider doesn't support http proxy

  • Balazs
    Balazs Member, Employee Posts: 12 Solace Employee

    Hi @swapnil_mahajan , the next provider release is planned to include support for http proxy, will update when we know the date.

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭
  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭

    @Balazs Any updates for provider release which includes support for http proxy.

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭

    @Balazs Any updates on provide release.

  • swapnil_mahajan
    swapnil_mahajan Member Posts: 51 ✭✭✭

    @Balazs

    Any updates for provider release which includes support for http proxy.

  • Aaron
    Aaron Member, Administrator, Moderator, Employee Posts: 644 admin

    Hi @swapnil_mahajan, I just checked internally, and apparently this feature is currently in QA. So dev done, testing now. Hopefully will be released within a couple weeks. I'll ask the team to update this thread when it's out.

  • Balazs
    Balazs Member, Employee Posts: 12 Solace Employee

    Hi @swapnil_mahajan , PubSub+ Terraform provider release v1.1.0 is now available with HTTP proxy support: https://registry.terraform.io/providers/SolaceProducts/solacebroker/1.1.0

    For documentation, refer to

    https://registry.terraform.io/providers/SolaceProducts/solacebroker/latest/docs#http-proxy-support

This Week's Leaders