Search code examples
djangoamazon-web-servicesamazon-rdscloud-foundry

Cloud Foundry Django app `cf push` logs the error `port 5432 failed: Connection refused`

I am deploying a basic Django app with Cloud Foundry. The app appears to be unable to connect to or authenticate with the database.

I encounter the error after I run the cf push -f manifest.yml command. It returns Start unsuccessful and suggests I look at the logs with the cf logs app-name-1 --recent command. The logs contain this error:

ERR django.db.utils.OperationalError: connection to server at "server-name.region-name.rds.amazonaws.com" (ip.redacted), port 5432 failed: Connection refused
ERR Is the server running on that host and accepting TCP/IP connections?

The app's repo contains a manifest.yml that specifies an application name app-name-1 and a service service-name-psql-db.

This app exists, as you can see from the output of the cf apps command:

Getting apps in org org-name / space space-name as user-name..

name         requested state   processes   routes
app-name-1   started           web:0/1     app-name-1.app.domain.com

Further, the app is hooked up to a database service as you can see from the output of the cf services command:

Getting services in org org-name / space space-name as user-name...

name                   service   plan         bound apps   last operation     broker        upgrade available
service-name-psql-db   aws-rds   micro-psql   app-name-1   update succeeded   aws-broker

The credentials I am trying to use to connect to the database seem correct to me. As I understand it, these two facts should line up the credentials needed to authenticate:

  • The return of cf env app-name-1 contains a key named aws-rds which further contains db_name, password, username, port, etc., with plausible-looking values
  • These values match the output of cf service-key service-name-psql-db testkey

Is this an authentication problem? Or is the database service not being located at all? The error is so generic I'm having a hard time coming up with next steps.

Solution

  • The answer was about security groups and egress. Commenter @daniel-mikusa was on the right track: I had to work with my CF operators to find how to set an egress appropriate for trusted local networks. This Cloud.gov documentation helped with my particular CF operators. (Your org may differ, reader.)