I can grpcurl my server but temporal cli and tctl fail

Shawn_Jones · August 16, 2024, 8:36pm

this returns data:

❯ grpcurl -d '{
  "execution": {
    "workflowId": "myWorkflowId"
  },
  "namespace": "default"
}' temporal-server.internal.mydomain.com:443 temporal.api.workflowservice.v1.WorkflowService/DescribeWorkflowExecution

but temporal cli and tctl both fail:

❯ export TEMPORAL_ADDRESS=temporal-server.internal.mydomain.com:443
❯ temporal workflow describe --workflow-id=myWorkflowId
time=2024-08-16T13:23:09.169 level=ERROR msg="failed reaching server: context deadline exceeded"

❯ tctl --address temporal-server.internal.myDomain.com:443 workflow describe --workflow_id myWorkflowId
Error: Describe workflow execution failed
Error Details: rpc error: code = Unavailable desc = connection error: desc = "error reading server preface: http2: frame too large"

Any idea what could be wrong here? The https cert is a normal, publically-available CA cert. 443 is mapped to 7233 and the temporal client (typescript) we use has no issues talking to temporal on this address at 443.

Chad_Retz · August 16, 2024, 10:06pm

TLS is disabled by default, try --tls setting for temporal

Shawn_Jones · August 17, 2024, 3:59am

Thanks, unfortunately I’m seeing the same error:

❯ temporal workflow describe --tls --workflow-id=myWorkflowId
time=2024-08-16T20:57:35.482 level=ERROR msg="failed reaching server: context deadline exceeded"

Shawn_Jones · August 26, 2024, 6:33pm

Any other way I can debug this? I’d really like to stop using grpcurl and use the official temporal cli

Shawn_Jones · September 25, 2024, 6:38pm

Still looking for some help here

Things I’ve tried:

changing my ALB listener from port 443 to 7233
changing from a *.mydomain.com cert to a cert that exactly matches the temporal-server url

export TEMPORAL_ADDRESS=temporal-server.myDomain.net:7233

temporal workflow describe --tls --tls-disable-host-verification   --workflow-id=myWorkflowId
time=2024-09-25T11:36:16.196 level=ERROR msg="failed reaching server: context deadline exceeded"

temporal workflow --tls describe --workflow-id=myWorkflowId
time=2024-09-25T11:59:20.830 level=ERROR msg="failed reaching server: context deadline exceeded"

temporal workflow describe --workflow-id=myWorkflowId
time=2024-09-25T11:59:30.373 level=ERROR msg="failed reaching server: context deadline exceeded"

meanwhile grpcurl has no issues, but as stated above it’s pretty cumbersome

Topic		Replies	Views
Having issue getting tctl to work? Community Support matching-service	1	922	August 9, 2020
Can't connect workers/clients to temporal-cloud namespace Community Support typescript-sdk , temporal-cloud	2	920	November 17, 2022
Temporal web cannot access temporal server via ssl endpoint Community Support web-ui	12	1997	December 10, 2021
How to enable SSL in Temporal Web? Community Support web-ui	6	2104	March 30, 2021
Tctl won't use TLS config specified in env Community Support tls , tctl	7	1695	July 6, 2022

I can grpcurl my server but temporal cli and tctl fail

Related topics