Migrating from an Azure Database for PostgreSQL Single Server (deprecated in 2025) to a Flexible Server.
An unknown (unknowable?) IP address needs to be added to the firewall rules in order to create a new user.
Update The issue seems to be fixed by downloading the DigiCert Global Root CA
lined to from this Microsoft page and providing the local path to it to the Provider
.
- Install the project with, for example,
poetry install; poetry shell
.
- Choose Single Server with
pulumi config set SINGLE_OR_FLEXI SINGLE
. - Set your IP address for the firewall with
pulumi config set MY_IP <your-ip-address>
. - Run
pulumi up
. - Connect as the new user with
psql --username=carebear@single-server-8765 --host=single-server-8765.postgres.database.azure.com --dbname=postgres
. - Use the password printed to console during the
pulumi up
step.
- Choose Flexible Server with
pulumi config set SINGLE_OR_FLEXI FLEXI
. - Run
pulumi up
. - Get an error (see below)
Diagnostics:
postgresql:index:Role (dev-role):
error: 1 error occurred:
* error detecting capabilities: error PostgreSQL version: read tcp 10.10.8.16:51843->20.108.54.30:5432: read: connection reset by peer
- Download this DigiCertGlobalRootCA.crt.pem file.
- Set the path to it with
pulumi config set DB_ROOT_CERT_PATH /path/to/your/downloaded/DigiCertGlobalRootCA.crt.pem
. - Run
pulumi up
- Connect as the new user with
psql --username=carebear --host=flexi-server-8765.postgres.database.azure.com --dbname=postgres
. - Use the password printed to console during the
pulumi up
step.