datomic

walterl 2025-05-14T11:35:03.435079Z

Hi there. 👋 Is it possible to override the transactor host name in a Datomic connection URI? We're running Datomic in a Kubernetes cluster where the (PostgreSQL) storage and transactor are running in separate pods. Everything works in the cluster, but we are unable to connect to Datomic from external networks, even though both the PostgreSQL storage server and Datomic transactor is network accessible. The cause appears to be that Datomic stores its Kubernetes-internal host name datomic.app.svc.cluster.local as its alt-host, while it is externally accessible only via a different name. If I could specify this transactor's external hostname in the connection URI, everything should work. Or are there alternative solutions to this?

favila 2025-05-14T11:53:04.205739Z

Is there a reason why you can’t set host= the internal host name and alt-host= the external one?

walterl 2025-05-14T12:43:22.758939Z

When we do that I can connect from external network, but internally peers fail with errors like this:

Error communicating with HOST datomic.app.svc.cluster.local or ALT_HOST staging-app-transactor on PORT 4334

favila 2025-05-14T12:52:48.574489Z

So what name should internal Peet’s use?

walterl 2025-05-14T12:55:32.432489Z

datomic.app.svc.cluster.local

walterl 2025-05-14T12:55:44.278549Z

staging-app-transactor is external

favila 2025-05-14T13:02:26.175119Z

So the first one is what you want in a connection uri as an override?

favila 2025-05-14T13:02:40.814249Z

Looks like it wouldn’t work even if you could?

walterl 2025-05-14T13:06:02.682439Z

See as its my dev env (REPL) client in external network that needs to connect to the transactor, I would like to specify the transactor's host name staging-app-transactor in the connection URI.

walterl 2025-05-14T13:07:18.651189Z

I can connect to it from host directly to that host on port 4334, but storage reports alt-host as the internal host name (`datomic.app.svc.cluster.local)`, which doesn't exist outside the k8s cluster

favila 2025-05-14T13:11:33.896579Z

> See as its my dev env (REPL) client in external network that needs to connect to the transactor, I would like to specify the transactor's host name staging-app-transactor in the connection URI. I understand that. So I asked why you can't configure the transactor to host=datomic.app.svc.cluster.local and alt-host=staging-app-transactor, and you said because the peers (= internal clients) would get the error Error communicating with HOST datomic.app.svc.cluster.local or ALT_HOST staging-app-transactor on PORT 4334, which is the error peers would get if it could not use either of those host names.

favila 2025-05-14T13:12:09.952589Z

can you confirm what ip datomic.app.svc.cluster.local resolves to on peers and the transactor itself?

walterl 2025-05-14T13:13:03.507559Z

Not easily. AFAIU that is set and shared between the pods by k8s itself

walterl 2025-05-14T13:13:44.875319Z

But we also know that the host name is correct, because when alt-host is set to it (and host to 0.0.0.0), then everything works on the internal network

favila 2025-05-14T13:13:51.091079Z

Just for background: the transactor resolves host, and binds to the IP it resolves to, and writes both host and alt-host to storage. The peers read storage then try both host and alt-host.

favila 2025-05-14T13:14:33.234459Z

if host=internal hostname and alt-host=external hostname, can external peers connect to the transactor?

walterl 2025-05-14T13:16:31.191239Z

Yes, but not internal ones.

favila 2025-05-14T13:17:13.285629Z

so could datomic.app.svc.cluster.local resolve to a different ip address on a transactor pod vs another pod in the network?

favila 2025-05-14T13:17:27.542129Z

perhaps one that internal traffic is not routed to?

walterl 2025-05-14T13:23:14.366469Z

I guess it's possible, but highly unlikely.

favila 2025-05-14T13:23:16.983929Z

Fundamentally host= must be some value that resolves to an IP (not name) on the transactor that k8s will route traffic to from any source, internal or external.

walterl 2025-05-14T13:24:01.625499Z

OK, let me experiment a bit more and get back to you. Thanks for the assistance! gratitude

walterl 2025-05-14T13:38:01.616469Z

Fundamentally, though, this strikes me as a bit of an odd design decision for Datomic (to relay transactor hostname exclusively via storage). This is because there are a plethora of networking setups where the chosen solution could be problematic. OTOH the connecting client (my computer) has all the networking information it needs to connect to both the storage and the transactor, only this design choice means Datomic won't let me.

favila 2025-05-14T13:39:20.851039Z

Transactors come and go, storage is forever

💡 1
favila 2025-05-14T13:40:14.819849Z

Consider also HA cases where there are multiple transactors, and you may not know which one is the active one.

walterl 2025-05-14T14:04:18.435379Z

That certainly makes sense, but something like HA could be a counterpoint too: the client may have better information about which transactor is more appropriate for it, given its network setup. Having the current behavior is fine as a default, but I'd really expect to be able to override it.

favila 2025-05-14T14:06:59.761799Z

I think host= represents an expectation that hostnames should be stably-resolvable (especially in the one-network environment peers+transactors should run in). alt-host= is already a concession to the reality that network topologies are bonkers

favila 2025-05-14T14:07:37.367689Z

fwiw I only ever encounter hostname problems like this with k8s networking, which I think says more about k8s networking than datomic

walterl 2025-05-14T14:07:39.643509Z

> network topologies are bonkers This is the big thing at play, yes 😅

favila 2025-05-14T14:09:57.901359Z

> which transactor is more appropriate for it, given its network setup. To be clear, there's only one active transcator, and peers don't get to choose.

👍 1
favila 2025-05-14T14:10:06.494269Z

HA is a hot-spare/failover situation

walterl 2025-05-14T14:10:14.525569Z

> fwiw I only ever encounter hostname problems like this with k8s networking, which I think says more about k8s networking than datomic Respectfully, I disagree. k8s may be a common scenario for this to crop up in, but I can easily contrive others. But regardless, it is really Datomic that's the odd one out here, in a sea of other servers that don't prescribe network level details like this. And I would bet that many of them avoid solutions like Datomic's precisely because "network topologies are bonkers". The point I'm trying to make: Datomic should not care about the network its topology.