Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can't connect from azure resource to Azure database for postgres server

I can't connect from azure resource (aks node) to Azure postgres using pgcli. I also tried directly from node and got the same error message:

FATAL: Client from Azure Virtual Networks is not allowed to access the server. Please make sure your Virtual Network is correctly configured.

Firewall rules in the resource are on: Allow access to Azure services: ON

Running the same pgcli login command on my computer and on another azure resource seems to work fine.

Adding Firewall rules to all IPs return the same error.

Curl from the problematic server (host:5432) returns a reply, so it's not an outbound issue.

like image 440
Amityo Avatar asked Jun 06 '18 08:06

Amityo


People also ask

Could not connect to Postgres server connection refused?

“Could not connect to server: Connection refused” To be sure that PostgreSQL is running, you can also restart it with systemctl restart postgresql. If this does not fix the problem, the most likely cause of this error is that PostgreSQL is not configured to allow TCP/IP connections.


2 Answers

What does the error mean?

A VM where the connection originates from is deployed to a virtual network subnet where Microsoft.Sql service endpoint is turned on. Per documentation:

If Microsoft.Sql is enabled in a subnet, it indicates that you only want to use VNet rules to connect. Non-VNet firewall rules of resources in that subnet will not work.

For connection to succeed there must be a VNet rule added on PostgreSQL side. At the time the question was asked VNet Service Endpoints for Azure Database for PostgreSQL just got to public preview so I assume it might not have been available for the OP.

Solution

As of November 2020, Service Endpoints for Postgres is GA and instead of disabling the service endpoint one can add a missing VNet rule to the PostgreSQL server instance and reference the service endpoint-enabled subnet. It can be done via Portal or Azure CLI

like image 192
Max Ivanov Avatar answered Sep 30 '22 16:09

Max Ivanov


Apparently, the vm is part of a vnet that a service endpoint tag Microsoft.sql was enabled.

I found this answer. To solve the problem I disabled the service endpoint and added the public IP to the Connection Security section.

like image 41
Amityo Avatar answered Sep 30 '22 17:09

Amityo