kong migrations bootstrap failure with postgres 14

[RamanaChowdam]

Is there an existing issue for this?

• I have searched the existing issues

Kong version ($ kong version)

latest

Current Behavior

Error: module 'openssl.rand' not found:No LuaRocks module found for openssl.rand
no field package.preload['openssl.rand']
no file './openssl/rand.lua'
no file './openssl/rand/init.lua'
no file './openssl/rand.lua'
no file './openssl/rand/init.lua'
no file '/usr/local/openresty/site/lualib/openssl/rand.ljbc'
no file '/usr/local/openresty/site/lualib/openssl/rand/init.ljbc'
no file '/usr/local/openresty/lualib/openssl/rand.ljbc'
no file '/usr/local/openresty/lualib/openssl/rand/init.ljbc'
no file '/usr/local/openresty/site/lualib/openssl/rand.lua'
no file '/usr/local/openresty/site/lualib/openssl/rand/init.lua'
no file '/usr/local/openresty/lualib/openssl/rand.lua'
no file '/usr/local/openresty/lualib/openssl/rand/init.lua'
no file './openssl/rand.lua'
no file '/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/openssl/rand.lua'
no file '/usr/local/share/lua/5.1/openssl/rand.lua'
no file '/usr/local/share/lua/5.1/openssl/rand/init.lua'
no file '/usr/local/openresty/luajit/share/lua/5.1/openssl/rand.lua'
no file '/usr/local/openresty/luajit/share/lua/5.1/openssl/rand/init.lua'
no file '/home/kong/.luarocks/share/lua/5.1/openssl/rand.lua'
no file '/home/kong/.luarocks/share/lua/5.1/openssl/rand/init.lua'
no file '/usr/local/openresty/site/lualib/openssl/rand.so'
no file '/usr/local/openresty/lualib/openssl/rand.so'
no file './openssl/rand.so'
no file '/usr/local/lib/lua/5.1/openssl/rand.so'
no file '/usr/local/openresty/luajit/lib/lua/5.1/openssl/rand.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file '/home/kong/.luarocks/lib/lua/5.1/openssl/rand.so'
no file '/usr/local/openresty/site/lualib/openssl.so'
no file '/usr/local/openresty/lualib/openssl.so'
no file './openssl.so'
no file '/usr/local/lib/lua/5.1/openssl.so'
no file '/usr/local/openresty/luajit/lib/lua/5.1/openssl.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file '/home/kong/.luarocks/lib/lua/5.1/openssl.so'

Expected Behavior

No response

Steps To Reproduce

No response

Anything else?

No response

[mayocream]

How do you install Kong? Are building Kong from source? Please provide your method of running Kong.

This can be a problem related to the "missing" luaossl library (pgmoon need it).

luaossl and pgmoon are luarocks libraries.

Please try to install luaossl by using luarocks:

apk add curl git gcc musl-dev
luarocks install luaossl OPENSSL_DIR=/usr/local/kong CRYPTO_DIR=/usr/local/kong

[RamanaChowdam]

How do you install Kong? Are building Kong from source? Please provide your method of running Kong.

This can be a problem related to the "missing" luaossl library (pgmoon need it).

luaossl and pgmoon are luarocks libraries.

Please try to install luaossl by using luarocks:

apk add curl git gcc musl-dev
luarocks install luaossl OPENSSL_DIR=/usr/local/kong CRYPTO_DIR=/usr/local/kong

used kong latest docker image

[mayocream]

@RamanaChowdam Thanks for reporting this. I re-produced this issue.

Steps to re-produce:

version: "3.8"

services:
  kong-migrations:
    image: kong:2.7.0
    command: kong migrations bootstrap
    environment:
      KONG_PROXY_ERROR_LOG: /dev/stderr
      KONG_PG_USER: kong
      KONG_PG_DATABASE: kong
      KONG_PG_PASSWORD: kong
      KONG_PG_HOST: db
    depends_on:
    - db

  db:
    image: postgres:14
    environment:
      POSTGRES_PASSWORD: kong
      POSTGRES_USER: kong

  kong:
    image: kong:2.7.0
    environment:
      KONG_PROXY_ERROR_LOG: /dev/stderr
      KONG_PG_USER: kong
      KONG_PG_DATABASE: kong
      KONG_PG_PASSWORD: kong
      KONG_PG_HOST: db
    depends_on:
    - kong-migrations

Error logs:

$ docker-compose up
[+] Running 3/3
 ⠿ Container 8259-db-1               Recreated                                                                           0.1s
 ⠿ Container 8259-kong-migrations-1  Recreated                                                                           0.1s
 ⠿ Container 8259-kong-1             Recreated                                                                           0.1s
Attaching to 8259-db-1, 8259-kong-1, 8259-kong-migrations-1
8259-db-1               | 
8259-db-1               | PostgreSQL Database directory appears to contain a database; Skipping initialization
8259-db-1               | 
8259-db-1               | 2022-01-04 11:47:28.253 UTC [1] LOG:  starting PostgreSQL 14.1 (Debian 14.1-1.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
8259-db-1               | 2022-01-04 11:47:28.253 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
8259-db-1               | 2022-01-04 11:47:28.253 UTC [1] LOG:  listening on IPv6 address "::", port 5432
8259-db-1               | 2022-01-04 11:47:28.254 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
8259-db-1               | 2022-01-04 11:47:28.257 UTC [26] LOG:  database system was shut down at 2022-01-04 11:44:58 UTC
8259-db-1               | 2022-01-04 11:47:28.260 UTC [1] LOG:  database system is ready to accept connections
8259-kong-migrations-1  | Error: module 'openssl.rand' not found:No LuaRocks module found for openssl.rand
8259-kong-migrations-1  |       no field package.preload['openssl.rand']
8259-kong-migrations-1  |       no file './openssl/rand.lua'
8259-kong-migrations-1  |       no file './openssl/rand/init.lua'
8259-kong-migrations-1  |       no file './openssl/rand.lua'
8259-kong-migrations-1  |       no file './openssl/rand/init.lua'
8259-kong-migrations-1  |       no file '/usr/local/openresty/site/lualib/openssl/rand.ljbc'
8259-kong-migrations-1  |       no file '/usr/local/openresty/site/lualib/openssl/rand/init.ljbc'
8259-kong-migrations-1  |       no file '/usr/local/openresty/lualib/openssl/rand.ljbc'
8259-kong-migrations-1  |       no file '/usr/local/openresty/lualib/openssl/rand/init.ljbc'
8259-kong-migrations-1  |       no file '/usr/local/openresty/site/lualib/openssl/rand.lua'
8259-kong-migrations-1  |       no file '/usr/local/openresty/site/lualib/openssl/rand/init.lua'
8259-kong-migrations-1  |       no file '/usr/local/openresty/lualib/openssl/rand.lua'
8259-kong-migrations-1  |       no file '/usr/local/openresty/lualib/openssl/rand/init.lua'
8259-kong-migrations-1  |       no file './openssl/rand.lua'
8259-kong-migrations-1  |       no file '/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/openssl/rand.lua'
8259-kong-migrations-1  |       no file '/usr/local/share/lua/5.1/openssl/rand.lua'
8259-kong-migrations-1  |       no file '/usr/local/share/lua/5.1/openssl/rand/init.lua'
8259-kong-migrations-1  |       no file '/usr/local/openresty/luajit/share/lua/5.1/openssl/rand.lua'
8259-kong-migrations-1  |       no file '/usr/local/openresty/luajit/share/lua/5.1/openssl/rand/init.lua'
8259-kong-migrations-1  |       no file '/home/kong/.luarocks/share/lua/5.1/openssl/rand.lua'
8259-kong-migrations-1  |       no file '/home/kong/.luarocks/share/lua/5.1/openssl/rand/init.lua'
8259-kong-migrations-1  |       no file '/usr/local/openresty/site/lualib/openssl/rand.so'
8259-kong-migrations-1  |       no file '/usr/local/openresty/lualib/openssl/rand.so'
8259-kong-migrations-1  |       no file './openssl/rand.so'
8259-kong-migrations-1  |       no file '/usr/local/lib/lua/5.1/openssl/rand.so'
8259-kong-migrations-1  |       no file '/usr/local/openresty/luajit/lib/lua/5.1/openssl/rand.so'
8259-kong-migrations-1  |       no file '/usr/local/lib/lua/5.1/loadall.so'
8259-kong-migrations-1  |       no file '/home/kong/.luarocks/lib/lua/5.1/openssl/rand.so'
8259-kong-migrations-1  |       no file '/usr/local/openresty/site/lualib/openssl.so'
8259-kong-migrations-1  |       no file '/usr/local/openresty/lualib/openssl.so'
8259-kong-migrations-1  |       no file './openssl.so'
8259-kong-migrations-1  |       no file '/usr/local/lib/lua/5.1/openssl.so'
8259-kong-migrations-1  |       no file '/usr/local/openresty/luajit/lib/lua/5.1/openssl.so'
8259-kong-migrations-1  |       no file '/usr/local/lib/lua/5.1/loadall.so'
8259-kong-migrations-1  |       no file '/home/kong/.luarocks/lib/lua/5.1/openssl.so'
8259-kong-migrations-1  | 
8259-kong-migrations-1  |   Run with --v (verbose) or --vv (debug) for more details
8259-kong-migrations-1 exited with code 1
8259-kong-1             | 2022/01/04 11:47:30 [warn] 1#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /usr/local/kong/nginx.conf:6
8259-kong-1             | nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /usr/local/kong/nginx.conf:6
8259-kong-1             | 2022/01/04 11:47:30 [error] 1#0: init_by_lua error: /usr/local/share/lua/5.1/pgmoon/init.lua:273: module 'openssl.rand' not found:No LuaRocks module found for openssl.rand
8259-kong-1             |       no field package.preload['openssl.rand']
8259-kong-1             |       no file './openssl/rand.lua'
8259-kong-1             |       no file './openssl/rand/init.lua'
8259-kong-1             |       no file '/usr/local/openresty/site/lualib/openssl/rand.ljbc'
8259-kong-1             |       no file '/usr/local/openresty/site/lualib/openssl/rand/init.ljbc'
8259-kong-1             |       no file '/usr/local/openresty/lualib/openssl/rand.ljbc'
8259-kong-1             |       no file '/usr/local/openresty/lualib/openssl/rand/init.ljbc'
8259-kong-1             |       no file '/usr/local/openresty/site/lualib/openssl/rand.lua'
8259-kong-1             |       no file '/usr/local/openresty/site/lualib/openssl/rand/init.lua'
8259-kong-1             |       no file '/usr/local/openresty/lualib/openssl/rand.lua'
8259-kong-1             |       no file '/usr/local/openresty/lualib/openssl/rand/init.lua'
8259-kong-1             |       no file '/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/openssl/rand.lua'
8259-kong-1             |       no file '/usr/local/share/lua/5.1/openssl/rand.lua'
8259-kong-1             |       no file '/usr/local/share/lua/5.1/openssl/rand/init.lua'
8259-kong-1             |       no file '/usr/local/openresty/luajit/share/lua/5.1/openssl/rand.lua'
8259-kong-1             |       no file '/usr/local/openresty/luajit/share/lua/5.1/openssl/rand/init.lua'
8259-kong-1             |       no file '/home/kong/.luarocks/share/lua/5.1/openssl/rand.lua'
8259-kong-1             |       no file '/home/kong/.luarocks/share/lua/5.1/openssl/rand/init.lua'
8259-kong-1             |       no file '/usr/local/openresty/site/lualib/openssl/rand.so'
8259-kong-1             |       no file '/usr/local/openresty/lualib/openssl/rand.so'
8259-kong-1             |       no file './openssl/rand.so'
8259-kong-1             |       no file '/usr/local/lib/lua/5.1/openssl/rand.so'
8259-kong-1             |       no file '/usr/local/openresty/luajit/lib/lua/5.1/openssl/rand.so'
8259-kong-1             |       no file '/usr/local/lib/lua/5.1/loadall.so'
8259-kong-1             |       no file '/home/kong/.luarocks/lib/lua/5.1/openssl/rand.so'
8259-kong-1             |       no file '/usr/local/openresty/site/lualib/openssl.so'
8259-kong-1             |       no file '/usr/local/openresty/lualib/openssl.so'
8259-kong-1             |       no file './openssl.so'
8259-kong-1             |       no file '/usr/local/lib/lua/5.1/openssl.so'
8259-kong-1             |       no file '/usr/local/openresty/luajit/lib/lua/5.1/openssl.so'
8259-kong-1             |       no file '/usr/local/lib/lua/5.1/loadall.so'
8259-kong-1             |       no file '/home/kong/.luarocks/lib/lua/5.1/openssl.so'
8259-kong-1             | stack traceback:
8259-kong-1             |       [C]: in function 'require'
8259-kong-1             |       /usr/local/share/lua/5.1/pgmoon/init.lua:273: in function 'auth'
8259-kong-1             |       /usr/local/share/lua/5.1/pgmoon/init.lua:213: in function 'connect'
8259-kong-1             |       .../share/lua/5.1/kong/db/strategies/postgres/connector.lua:216: in function 'connect'
8259-kong-1             |       .../share/lua/5.1/kong/db/strategies/postgres/connector.lua:516: in function 'query'
8259-kong-1             |       .../share/lua/5.1/kong/db/strategies/postgres/connector.lua:284: in function 'init'
8259-kong-1             |       /usr/local/share/lua/5.1/kong/db/init.lua:141: in function 'init_connector'
8259-kong-1             |       /usr/local/share/lua/5.1/kong/init.lua:503: in function 'init'
8259-kong-1             |       init_by_lua:3: in main chunk
8259-kong-1             | nginx: [error] init_by_lua error: /usr/local/share/lua/5.1/pgmoon/init.lua:273: module 'openssl.rand' not found:No LuaRocks module found for openssl.rand
8259-kong-1             |       no field package.preload['openssl.rand']
8259-kong-1             |       no file './openssl/rand.lua'
8259-kong-1             |       no file './openssl/rand/init.lua'
8259-kong-1             |       no file '/usr/local/openresty/site/lualib/openssl/rand.ljbc'
8259-kong-1             |       no file '/usr/local/openresty/site/lualib/openssl/rand/init.ljbc'
8259-kong-1             |       no file '/usr/local/openresty/lualib/openssl/rand.ljbc'
8259-kong-1             |       no file '/usr/local/openresty/lualib/openssl/rand/init.ljbc'
8259-kong-1             |       no file '/usr/local/openresty/site/lualib/openssl/rand.lua'
8259-kong-1             |       no file '/usr/local/openresty/site/lualib/openssl/rand/init.lua'
8259-kong-1             |       no file '/usr/local/openresty/lualib/openssl/rand.lua'
8259-kong-1             |       no file '/usr/local/openresty/lualib/openssl/rand/init.lua'
8259-kong-1             |       no file '/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/openssl/rand.lua'
8259-kong-1             |       no file '/usr/local/share/lua/5.1/openssl/rand.lua'
8259-kong-1             |       no file '/usr/local/share/lua/5.1/openssl/rand/init.lua'
8259-kong-1             |       no file '/usr/local/openresty/luajit/share/lua/5.1/openssl/rand.lua'
8259-kong-1             |       no file '/usr/local/openresty/luajit/share/lua/5.1/openssl/rand/init.lua'
8259-kong-1             |       no file '/home/kong/.luarocks/share/lua/5.1/openssl/rand.lua'
8259-kong-1             |       no file '/home/kong/.luarocks/share/lua/5.1/openssl/rand/init.lua'
8259-kong-1             |       no file '/usr/local/openresty/site/lualib/openssl/rand.so'
8259-kong-1             |       no file '/usr/local/openresty/lualib/openssl/rand.so'
8259-kong-1             |       no file './openssl/rand.so'
8259-kong-1             |       no file '/usr/local/lib/lua/5.1/openssl/rand.so'
8259-kong-1             |       no file '/usr/local/openresty/luajit/lib/lua/5.1/openssl/rand.so'
8259-kong-1             |       no file '/usr/local/lib/lua/5.1/loadall.so'
8259-kong-1             |       no file '/home/kong/.luarocks/lib/lua/5.1/openssl/rand.so'
8259-kong-1             |       no file '/usr/local/openresty/site/lualib/openssl.so'
8259-kong-1             |       no file '/usr/local/openresty/lualib/openssl.so'
8259-kong-1             |       no file './openssl.so'
8259-kong-1             |       no file '/usr/local/lib/lua/5.1/openssl.so'
8259-kong-1             |       no file '/usr/local/openresty/luajit/lib/lua/5.1/openssl.so'
8259-kong-1             |       no file '/usr/local/lib/lua/5.1/loadall.so'
8259-kong-1             |       no file '/home/kong/.luarocks/lib/lua/5.1/openssl.so'
8259-kong-1             | stack traceback:
8259-kong-1             |       [C]: in function 'require'
8259-kong-1             |       /usr/local/share/lua/5.1/pgmoon/init.lua:273: in function 'auth'
8259-kong-1             |       /usr/local/share/lua/5.1/pgmoon/init.lua:213: in function 'connect'
8259-kong-1             |       .../share/lua/5.1/kong/db/strategies/postgres/connector.lua:216: in function 'connect'
8259-kong-1             |       .../share/lua/5.1/kong/db/strategies/postgres/connector.lua:516: in function 'query'
8259-kong-1             |       .../share/lua/5.1/kong/db/strategies/postgres/connector.lua:284: in function 'init'
8259-kong-1             |       /usr/local/share/lua/5.1/kong/db/init.lua:141: in function 'init_connector'
8259-kong-1             |       /usr/local/share/lua/5.1/kong/init.lua:503: in function 'init'
8259-kong-1             |       init_by_lua:3: in main chunk
8259-kong-1 exited with code 1

[mayocream]

I fixed it by installing luaossl library.
It's a workaround for you @RamanaChowdam. I will be working this problem, seems something went wrong with pgmoon.
https://github.com/mayocream/kong-tests/blob/f6396b97e231ee409edf9bb75084dff2237219ab/issues/8259/docker-compose.yml

Add below parts to docker-compose.yml, restoring normal.

    user: root
    command: >
      bash -c "apk add --no-cache curl git gcc musl-dev
      && luarocks install luaossl OPENSSL_DIR=/usr/local/kong CRYPTO_DIR=/usr/local/kong
      && kong start"

[fffonion]

Looks like we need to add luaossl as dependency to pgmoon https://github.com/Kong/pgmoon/blob/kong-dev/pgmoon-2.2.0-1.rockspec#L17 🤔

[RamanaChowdam]

I fixed it by installing luaossl library. It's a workaround for you @RamanaChowdam. I will be working this problem, seems something went wrong with pgmoon. https://github.com/mayocream/kong-tests/blob/f6396b97e231ee409edf9bb75084dff2237219ab/issues/8259/docker-compose.yml

Add below parts to docker-compose.yml, restoring normal.

    user: root
    command: >
      bash -c "apk add --no-cache curl git gcc musl-dev
      && luarocks install luaossl OPENSSL_DIR=/usr/local/kong CRYPTO_DIR=/usr/local/kong
      && kong start"

and getting auth failure with Postgres 14 DB , when creating kong container

Error: don't know how to auth: 10

[mayocream]

@fffonion Or we can replace openssl.rand with resty-openssl maybe?

[mayocream]

Can you post all related logs here?

[RamanaChowdam]

Can you post all related logs here?

just got these logs only
Error: don't know how to auth: 10

[mayocream]

I think it's a known issue here leafo/pgmoon#108. But I can't re-produced it :(

[dndx]

@fffonion We intentionally removed luaossl because of the issues we encountered so adding it back would not be the best idea. Do we know why pgmoon is using luaossl and can we get around it with lua-resty-openssl instead?

[fffonion]

@dndx I don't think there's a reason pgmoon can't use lua-resty-openssl, it's just our intial scope is just to replace luaossl from Kong. Because at that time, we were not using our own fork of pgmoon.
We can do that for our pgmoon fork as well, but the part of luaossl (digest, kdf, rand) in pgmoon is low risk and is okay if we want to keep it as is.

[JamesRamm]

also coming across this issue with Kong 2.7.0 (and lower versions) with postgres 14.x.
All is OK with postgres 13.x

I would just add that before the lua errors (which are the same) I am getting this:

Error: [PostgreSQL error] failed to retrieve PostgreSQL server_version_num: connection refused

[bungle]

@JamesRamm, I suppose you are using somekind of authentication method in Postgres? If yes, then what?

[mayocream]

@JamesRamm, I suppose you are using somekind of authentication method in Postgres? If yes, then what?

Since Postgres 14.0, the default password_encryption is scram-sha-256, in this case pgmoon requires luaossl.

See:

• https://github.com/postgres/postgres/blob/86a4dc1e6f29d1992a2afa3fac1a0b0a6e84568c/src/backend/utils/misc/postgresql.conf.sample#L96
• https://github.com/leafo/pgmoon/blob/d84c082426048f52f13ce047b0fcb885070d0794/pgmoon/init.lua#L307-L310

[slallema]

we had this issue and I confirm that setting password_encryption to md5 on our postgres server + updating the password (very important to have it encrypted in md5) works as a workaround.

[mayocream]

we had this issue and I confirm that setting password_encryption to md5 on our postgres server + updating the password (very important to have it encrypted in md5) works as a workaround.

Thanks for sharing. But I wanna mention that it can affect the security of db since md5 is not safe enough. And yes it's a workaround.
I think we've find out what the problem is and will fix soon.

[JamesRamm]

@bungle
Yes, we are using the default auth method.
Is md5 the previous default (hence it works as a work around?).

[globaljavaprogrammer]

Does anyone know if there will be an update to address this error? We are using docker with the latest kong image.

Error: module 'openssl.rand' not found:No LuaRocks module found for openssl.rand
no field package.preload['openssl.rand']
no file './openssl/rand.lua'
no file './openssl/rand/init.lua'
no file './openssl/rand.lua'
no file './openssl/rand/init.lua'

[bungle]

Yes, ultimately we want no dependency to luaossl and we have removed it from Kong, thus we have this issue. We look how to get this back working without luaossl.

[bungle]

There is now a fix waiting for a review / merge in pgmoon (after which we need a new release of it too):
leafo/pgmoon#117

Meanwhile we can think about other ways to fix this, but ultimately we would refer it to be merged in upstream project.

[rlogiacco]

this issue still affects docker image 2.8.0-alpine

[mayocream]

Reopen this issue to track the process.

Reason: #8533 (comment)

The master branch still contains the fix:

• chore(deps) bump pgmoon from 1.13.0 to 1.14.0 #8429

We will close this issue when a release contains the fix.

[akanass]

Impossible to launch kong-gateway and kong migrations bootstrap with kong:2.8.1-alpine and latest postgres but with postgres:13-alpine all is working

[MissakaI-ObjectOne]

Tried installing Kong with Helm and I too am getting the module 'openssl.rand' not found:No LuaRocks module found for openssl.rand error for the init container wait-for-db which uses image: kong:2.8 which is at the moment of writing is kong:2.8.1-alpine

Need help with a work around until this is fixed and released.

we had this issue and I confirm that setting password_encryption to md5 on our postgres server + updating the password (very important to have it encrypted in md5) works as a workaround.

Impossible to launch kong-gateway and kong migrations bootstrap with kong:2.8.1-alpine and latest postgres but with postgres:13-alpine all is working

Both of the above are not a viable solution for me as the Database is managed separately and it involves changes to be made in the DB server.

[nick-0101]

Impossible to launch kong-gateway and kong migrations bootstrap with kong:2.8.1-alpine and latest postgres but with postgres:13-alpine all is working

This got it working for me, thank you.

[JihadMotii-REISys]

I'm also getting the following error message: /docker-entrypoint.sh: line 57: exec: kong migrations bootstrap: not found

Here is my current environment:

Trying to run the image kong/kong-gateway (Free plan) and not OSS image kong/kong since these 2 are different and I want to use the Kong Manager GUI as part of the free plan.

• RDS PosgtreSQL 14.x but I can downgrade it to 13.x or anything else if that solves the problem.
• Running the image kong/kong-gateway:2.8.1.1-alpine with cmd kong migrations bootstrap as instructed here https://docs.konghq.com/gateway/latest/install-and-run/docker/?_ga=2.93060377.587790092.1654707172-1802109339.1654610211#prepare-the-database

Any help would be appreciated!

[MissakaI-ObjectOne]

Can we get a tentative timeline on when will be there a release with this fix.

[sthongurdt]

I fixed that by adding to each service restart: on-failure. Because the containers run almost in parallel, this problem is generated.

This is the .yml I used:
`version: '3.9'

networks:
kong-net:
driver: bridge

services:

kong-database:
image: postgres:9.6
networks:
- kong-net
environment:
- POSTGRES_USER=kong
- POSTGRES_DB=kong
- POSTGRES_PASSWORD=kongpass
ports:
- 5432:5432
restart: on-failure

kong-migrations:
image: kong/kong-gateway:2.8.1.4-alpine
command: kong migrations bootstrap -v
depends_on:
- kong-database
networks:
- kong-net
environment:
- KONG_DATABASE=postgres
- KONG_PG_HOST=kong-database
- KONG_PG_PASSWORD=kongpass
- KONG_PASSWORD=test
restart: on-failure

kong-gateway:
image: kong/kong-gateway:2.8.1.4-alpine
depends_on:
- kong-migrations
networks:
- kong-net
environment:
- KONG_DATABASE=postgres
- KONG_PG_HOST=kong-database
- KONG_PG_USER=kong
- KONG_PG_PASSWORD=kongpass
- KONG_PROXY_ACCESS_LOG=/dev/stdout
- KONG_ADMIN_ACCESS_LOG=/dev/stdout
- KONG_PROXY_ERROR_LOG=/dev/stderr
- KONG_ADMIN_ERROR_LOG=/dev/stderr
- KONG_ADMIN_LISTEN=0.0.0.0:8001
ports:
- 8000:8000
- 8443:8443
- 8001:8001
- 8444:8444
- 8002:8002
- 8445:8445
- 8003:8003
- 8004:8004
restart: on-failure`

[nick-kostov]

Hi everyone,
How would I deal with this when using helm?
I am trying to understand how I could fix this. As far as I understand there is a missing package.
Anyone with any tips on creating a custom helm chart derived from Kong's official one?

[WallysonRomeiro]

Hi everyone!!

I managed to kong migration with Postgres 14, with the following command.

docker run --rm -e "KONG_DATABASE=postgres" -e "KONG_PG_HOST=HOST_ADDRESS" -e "KONG_PG_PASSWORD=PASS" kong/kong-gateway:3.0.0.0-alpine kong migrations bootstrap

[nick-kostov]

Hi everyone!!

I managed to kong migration with Postgres 14, with the following command.

docker run --rm -e "KONG_DATABASE=postgres" -e "KONG_PG_HOST=HOST_ADDRESS" -e "KONG_PG_PASSWORD=PASS" kong/kong-gateway:3.0.0.0-alpine kong migrations bootstrap

Can someone from kong verify if this has been resolved? In kong/kong-gateway:3.0.0.0-alpine

[tyler-ball]

Verified that Kong 3.0.0 and Kong EE 3.0.0.0 (in traditional and hybrid mode) can bootstrap against Postgres 14. Closing this

[kfirfer]

We're using postgresql 12+pgpool(ha) with kong 2.8.1
And we're getting the 'openssl.rand' error

SELECT version();
PostgreSQL 12.13 on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit