What is the correct broker URL to use in a Terraform configuration for connecting to a Message VPN

While running GitLab CICD pipeline using terraform for message VPN below configuration get used for solace provider

# Configure the   provider
provider "solacebroker" 
{ 
 username = var.broker_username  
password = var.broker_password  
url      = var.broker_url
}

What is the correct URL is it

PORT 943

Message VPN https://mr-connection-XXXXXXXX.messaging.solace.cloud:943/

or

REST API URL Port 9443

https://mr-connection-XXXXXXXXX.messaging.solace.cloud:9443

As per my knowledge it should be with port 943

Hi @swapnil_mahajan ,

Assuming you are using the default ports then yes, 943 is what you are using. Since you’re using Solace Cloud it’s the SEMP URL you should be using which can be found under the “Manage” tab in your Messaging Service.

image.png1666×192 9.58 KB

Hope that helps!

Hey @marc.dipasquale ,

You mean to use full URL-

https://mr-connection-XXXXXXXXXXXXX.messaging.solace.cloud:943/SEMP/v2/config

Current port 943 URL default one is not working. Pipeline run timeout issue I am facing. You are already present on question- Gitlab: Terraform script timeout .

Do you feel any link between both? ?

Unfortunately The full URL from SEMP REST API also giving same kind of timeout error

2098 │ Error: Broker check failed 2099 │ 2100 │ with solacebroker_msg_vpn_client_username.test_solace-cloud-client, 2101 │ on main.tf line 111, in resource “solacebroker_msg_vpn_client_username” “test_solace-cloud-client”: 2102 │ 111: resource “solacebroker_msg_vpn_client_username” “test_solace-cloud-client” { 2103 │ 2104 │ context deadline exceeded (Client.Timeout exceeded while awaiting headers)

Do you feel any link between both? ?

yes, it seems like these are both the same issue. For some reason you just don’t seem to be able to connect to the broker. I see @Balazs is helping you on the other discussion so I imagine once that is resolved it will also be fixed here.

In addition I have opened an issue on the github repo to make sure the proper URL is clear in the docs to avoid this problem in the future:

So @swapnil_mahajan , the URL you should try is https://mr-connection-XXXXXXXXXXXXX.messaging.solace.cloud:943

To verify, this URL shall bring you to the Web Manager login page if you paste it into a browser.

Hey @Balazs Yes I am already using below URL. But I am facing Timeout issue.

https://mr-connection-XXXXXXXXXXXXX.messaging.solace.cloud:943

Here are the analysis from my internal expertise for Gitlab CICD pipeline

1. Verify how Solace provider exposes their system into the internet.
2. I am using the shared runners in the Gitlab pipeline, and that DNS mr-connection-xxxxxxxx.messaging.solace.cloud is not resolvable.
3. You might be in some dedicated network where this is setup for you.

Hi @swapnil_mahajan , the analysis is correct, either the GitLab runner has limited external connection and its DNS services are restricted to an internal network or the Solace PubSub+ test broker is not publicly accessible.

Can you verify if you can access the broker SEMP service (Web Manager login page) from your local computer (assuming it has no restriction to this internet address)? I expect this Solace Cloud address is public:
https://mr-connection-XXXXXXXXXXXXX.messaging.solace.cloud:943

@Balazs Yes I am able to connect with

https://mr-connection-XXXXXXXXXXXXX.messaging.solace.cloud:943

image.png1647×839 21.5 KB

Yes Solace Event Broker Instance do have Hybrid Connectivity. Generally I click on Message VPN and Redirect to Web Portal Manager.

image.png1621×563 58.4 KB

Even with pasting Web Portal Manager URL in browser and login with credentials also takes me to Portal. I am not sure what you are checking with this ?

Hi @swapnil_mahajan , I don’t know how the GitLab runner is configured. It will only work if it is able to reach the broker SEMP service.

The goal of the prev test was to verify that the SEMP service is at least up and reachable somehow. Now the next step is to check if it is reachable from your GitLab runner. To test that, add this script before the Terraform test job and try to run it:

curl https://mr-connection-xxxxxxxxxxxxx.messaging.solace.cloud:943/

where the URL is the same that worked for you in the prev step.

If it fails (seems expected) then you would need to configure the GitLab runner to be able to reach this domain. The Terraform test will fail as long as this test fails.

Hi @Balazs

I added below stage in my yml file

test:

stage: test

image: $TF_IMAGE

script:

- echo "Broker URL test"

- curl https://mr-connection-xxxxxxxxxxxxxxx.messaging.solace.cloud:943

- echo "content"

- exit 0

I see Job succeeded with below message-

% Total % Received % Xferd Average Speed Time Time Time Current 25 Dload Upload Total Spent Left Speed 26 100 1457 100 1457 0 0 12212 0 --:–:-- --:–:-- --:–:-- 12347

I am attaching log file for more details.

job.log (4.09 KB)

Still pipeline is running. I will post the result of apply stage(which was timeout in all previous runs)

job.log (4.09 KB)

Hi @swapnil_mahajan , any chance the runner is using an http proxy or some other indirect way to reach the broker?

Hi @Balazs Yes. Below variables I am using in YML file for http proxy

variables:

TF_STATE_NAME: default

TF_CACHE_KEY: default

TF_ROOT: terraform

http_proxy: $CODE_PROXY

https_proxy: $CODE_PROXY

no_proxy: $CODE_NO_PROXY

HTTP_PROXY: $http_proxy

HTTPS_PROXY: $http_proxy

NO_PROXY: $no_proxy

Yes, this is the issue then: the current version of the provider doesn’t support http proxy

Watch this space for updates.

``Hi @Balazs Did you get a chance to look into the issue.

Hi @Balazs awaiting updates for

the current version of the provider doesn’t support http proxy

Hi @swapnil_mahajan , the next provider release is planned to include support for http proxy, will update when we know the date.

Thanks @Balazs I will wait for the update.

@Balazs Any updates for provider release which includes support for http proxy.