Temporal worker connection on self-hosted Retool

Workflows
1

Hello!

I am running into a TransportError: Failed to call GetSystemInfo when trying to enable Workflows on my self-hosted Retool instance with a self-hosted Temporal cluster.

Here are the steps I have taken:

  1. Created a new root CA via AWS (CN = app.tmprl-sa.cloud)

  2. Created and exported a new certificate via AWS (domain = app.tmprl-sa.cloud)

  3. Created a new namespace on Temporal

  4. Confirmed I can run the following command successfully:

curl -v --cert ./certificate.txt --key ./private_key.txt https://<temporal-namespace>.tmprl.cloud:7233

This prompts me to enter my passphrase and then successfully pings Temporal.

I also created a no-password version of the private_key using

openssl pkcs8 --in private_key.txt --out private_key_nopass.txt --passin pass:<passphrase>

and am able to succesfully curl temporal without a passphrase using:

curl -v --cert ./certificate.txt --key ./private_key_nopass.txt https://<temporal-namespace>.tmprl.cloud:7233
  1. Updated my existing helm chart at retool/values.yaml:
    workflows.enabled: true
    workflows.temporal.enabled: true
    workflows.temporal.host: <temporal-namespace>.tmprl.cloud
    workflows.temporal.port: 7233
    workflows.temporal.namespace: <temporal-namespace>
    workflows.temporal.sslEnabled: sslEnabled
    workflows.temporal.sslCert: <base64 encoded certificate.txt>
    workflows.temporal.sslKeySecretName: <eks secret name>
    workflows.temporal.sslKeySecretKey: <eks secret key>

For the <eks secret key>, I've tried setting the value in EKS secrets to 4 different variations:

  • private_key.txt
  • private_key.txt | base64
  • private_key_nopass.txt
  • private_key_nopass.txt | base64
  • random_private_key_i_created.txt | base64

I am consistently seeing this error for all options:

{"level":"info","message":"creating temporal worker connection","timestamp":"2024-07-11T22:16:30.621Z"}
/node_modules/@temporalio/worker/lib/connection.js:55
                throw new core_bridge_1.TransportError(err.message);
                      ^

TransportError: Failed to call GetSystemInfo: status: Unknown, message: "transport error", details: [], metadata: MetadataMap { headers: {} }
    at NativeConnection.connect (/node_modules/@temporalio/worker/lib/connection.js:55:23)
    at async $x (/retool_backend/bundle/main.js:3942:12795)
    at async Hbe (/retool_backend/bundle/main.js:4362:8671)
    at async Object.d53 (/retool_backend/bundle/main.js:4362:9994)

Node.js v18.18.2

The current version in my helm chart is image.tag: "3.33.20-stable"

Thank you for your help!

2

Hi @rishab_tandem,

Thanks for reaching out! Apologies for the delay here; have you been able to move forward yet?

Is the sslEnabled set to true or false?

3

No I am still experiencing the same issue. sslEnabled is set to true.

4

Hey @rishab_tandem,

When you look at the raw value of the eks secret key, is it double base64 encoded?

Also, can you confirm what version of the helm chart you're using?

For 4 in the steps you've taken, can you confirm: Are you able to successfully curl temporal from the container where you're seeing this issue?