Connect to snappy data with aws external IP address - snappydata

I am using Tibco ComputeDB, which is new to me. It uses sparkDB and snappyData. I can start both Spark and SnappyData and connect to snappydata using command connect client '127.0.0.1:1527' or with internal IP of aws server. But when I try to connect it with aws external IP using above command it do not work. Also I am not able to connect to snappyData from client like sql workbench/J. I have all required drives installed on local machine and server and also all ports are open on aws server. I can access dashboard using http://externalip:5050.
I also edited conf/locators and conf/servers file as explained in below link and also hostfile entry seems fine.
=> https://snappydatainc.github.io/snappydata/howto/connect_to_the_cluster_from_external_clients/
Lines were as below
=> "Private IP" -client-bind-address="Private IP" -hostname-for-clients="Public IP"
=> "Private IP" -client-bind-address="Private IP" -client-port=1555 -hostname-for-clients="Public IP"
I follow below document to connect with JDBC.
=> https://snappydatainc.github.io/snappydata/howto/connect_using_jdbc_driver/
But still not able to connect with external IP.
=> connect client 'externalIP:1527'; should work before I can connect to snappydata from any client using external IP?
Can someone guide that what setting should be made to connect snappydata from aws external IP and with any sql client.

Are the ports open for the public IP of the AWS instance itself? Right now that is needed if you connect using the public IP, even if you are trying to connect from the same AWS instance via connect client ... command.
Thumb rule is that ports (e.g. 1527-1528) must be open for the client's IP in the security group. So, if the client is in the same AWS instance, then ports must be open for it's public IP.
If this doesn't help, can you paste the content of files locators, servers and leads which are present under conf/ directory? You can remove/strike sensitive information in them, if any.
Also please paste the error messages you see.
We have refined the steps to set up the cluster on AWS here that could clear a few things: https://snappydatainc.github.io/snappydata/install/setting_up_cluster_on_amazon_web_services/#usingawsmgmtconsole

Related

How to port forward/proxy Cloud SQL connection to access from the internet?

Is there a way to proxy/ port forward GCP Cloud SQL so that we can connect to it via the internet?
I don't want to do an SSH port forward via a Virtual Machine. Instead, I'm looking for a way such that we could connect to CloudSQL from a public IP of either a Virtual Machine or a Kubernetes service.
I don't want to connect directly from the public IP of the CloudSQL instance as it requires us to whitelist the user's IP address. We have also tried the Cloud SQL proxy but faced speed and performance issues.
Hence, now I'm looking for a solution to proxy the CloudSQL connection from a VM or Kubernetes service
I have tried using Stunnel to proxy the connection as described in this documentation.
output=/tmp/stunnel.log
CAfile=/tmp/mysql-server-ca.pem
client=yes
pid=/var/run/stunnel.pid
verifyChain=yes
sslVersion=TLSv1.2
[mysqls]
accept=0.0.0.0:3307
connect=private-ip:3306
But, I get an error while connecting to the MySQL server:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 104
Edit:
Stunnel runs on a Virtual Machine on Google Cloud
Stunnel connects to CloudSQL via Private IP (Both VM and CloudSQL share the same subnet)
MySQL can be connected from the VM using the private IP
Stunnel Logs:
2022.09.22 10:53:17 LOG5[2]: Service [mysqls] accepted connection from 127.0.0.1:37014
2022.09.22 10:53:17 LOG5[2]: s_connect: connected <mysql-private-ip>:3306
2022.09.22 10:53:17 LOG5[2]: Service [mysqls] connected remote server from 10.128.0.53:53302
2022.09.22 10:53:17 LOG3[2]: SSL_connect: ../ssl/record/ssl3_record.c:331: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
2022.09.22 10:53:17 LOG5[2]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
To access a Cloud SQL from a Compute Engine VM try the following, you can use either the Cloud SQL Auth proxy (with public or private IP), or connect directly using a private IP address
From the client machine or Compute Engine VM instance, use What's my
IP to see the IP address of the client machine.
Copy that IP address. In the Google Cloud console, go to the Cloud
SQL Instances page.
Go to Cloud SQL Instances
To open the Overview page of an instance, click the instance name.
Select Connections from the SQL navigation menu.
In the Authorized networks section, click Add network and enter the
IP address of the machine where the client is installed. Note: The IP
address of the instance and the MySQL client IP address you authorize
must be the same IP version: either IPv4 or IPv6
Click Done. Then click Save at the bottom of the page to save your
changes. Connect to your instance, either with SSL or without SSL.
To access a Cloud SQL instance from an application running in Google Kubernetes Engine, you can use either the Cloud SQL Auth proxy (with public or private IP), or connect directly using a private IP address. To connect to Cloud SQL you must have:
A GKE cluster, with the kubectl command-line tool installed and
configured to communicate with the cluster. For help getting started
with GKE, see the Quickstart.
Check the document for steps on how to configure without SSL
For Public IP-configured instances, a public-facing IPv4 address may
be enabled, allowing users outside the GCP project and VPC network to
connect to the instance.
Check the similar example here.

issues connecting to AWS production database

I've been working in a local and staging database (hosted on AWS) for this app I'm working on with no issues viewing and seeding data in both environments. However, when I try connecting to the production environment to either view or seed data, I get the following error:
mysqli_real_connect(): (HY000/2002): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
I've double checked that the credentials I used matches the credentials of the production environment and I retyped out the credentials also to ensure no whitespace characters accidentally got copied over.
I thought maybe I was having an issue with the administrative tool so I switched from phpMyAdmin to DBeaver which also didn't seem to work.
Disabling my firewall also didn't help out.
After some research online I followed this guide to authorize RDP traffic to my computer's public IPv4 address, but after following these steps I still get the above error.
my phpMyAdmin config file looks like this
/*
* Production Server
*/
$i++;
$cfg['Servers'][$i]['host'] = 'host';
$cfg['Servers'][$i]['user'] = 'user';
$cfg['Servers'][$i]['password'] = 'password';
/*
* End of servers configuration
*/
?>
Using XAMPP v3.2.3 with server version MySQL 5.7.26-log and the platform runs on AWS is PHP 7.2 running on 64bit Amazon Linux/2.8.12
I'm using a Windows 10 machine and I wanted to note that my coworkers are on a Mac and had no issues connecting to the AWS instance in a remote location from me. Neither coworkers added their IPv4 to the security group.
Can anyone point me to the right direction of where the problem could be occurring? I'm stumped on this one...
RDP and RDS are completely different. RDP is remote desktop protocol and is therefore a method to log onto a Windows machine. RDS is AWSes managed Database service which allow you to connect to a database flavour (in this case I expect you've chosen MySQL).
If you want to connect from your local PC to RDS then ensure that you've enabled traffic from your public IP via tcp/3306 in the security group that RDS is using.
If you want to connect from RDS to your own local MySQL instance then you'll probably need to set up a NAT on your local router which maps from it's public ip and tcp/3306 to the appropriate private ip and tcp/3306 but if you do that it's really important to ensure you restrict incoming traffic from the appropriate source IP only.
By the way, is it possible that the person on a Mac is tunnelling through an SSH session to get to the database?

not able to login in google cloud storage sql instance

I made instance in Google Cloud > Storage > SQL > MYSQL. Now I have to import database in it so I am trying to connect to MYSQL
using adminer, but it gives following error
SQLSTATE[HY000] [2002] Operation timed out
I also tried via HeidiSQL > MariaDB or MYSQL (SSL Tunnel) but here also it does not connect and gives error
https://prnt.sc/o58in0
I am mentioning
Host: Public Ip of SQL instance
Username: root
Any suggestions, what could be the fix?
Your error typically means that a firewall blocked your connection attempt.
For Cloud SQL, this typically means that you have not enabled instance-level access.
Since your error is 10060, which is a Windows WinSock error message, I am assuming that you are running on Windows. The steps are similar for Linux.
There are two methods to enable access to Cloud SQL:
Cloud SQL Proxy
This is the recommended method and is secure. Download and install the Cloud SQL Proxy to your the computer that you want to connect from. If you have set up the Cloud SDK (gcloud), Cloud SQL Proxy will use your Cloud SDK credentials. If not, then you will need to create and download a service account with (usually) the Cloud SQL Client role.
You will need the "instance connection name" from Cloud SQL Instance details page.
Download Cloud SQL Proxy (link) to your computer. Remember the full path to the program. Save the program as "cloud_sql_proxy.exe"
Start the Cloud SQL Proxy
[full_path_to_program]\cloud_sql_proxy -instances=[INSTANCE_CONNECTION_NAME]=tcp:3306
OR
[full_path_to_program]\cloud_sql_proxy -instances=<INSTANCE_CONNECTION_NAME>=tcp:3306 -credential_file=[PATH_TO_KEY_FILE]
Connect using mysql.exe: `mysql -u USERNAME -p --host 127.0.0.1
Public IP Method
The second method is not secure unless you also enable SSL, which I will not cover in this answer. I do not recommend this method except for knowledgeable persons.
Figure out what your public IP address is. Go to any website such as "MXToolbox" https://mxtoolbox.com/whatismyip/
Go to the Google Cloud Console
Go to the Cloud SQL Instances Details page
Select the Connections tab
Click Add network
In the Network field, enter your Public IP address using CIDR notice: eg 145.11.22.33/32
Enter a name such as "My Home IP"
Click Done
Click Save
Note: Most home Internet services change your Public IP address periodically. This means that you will need to update your Public IP address in Cloud SQL if you are using the second method.

Connect to AWS RDS instance in VPC using local client

I have an application running on EC2 instances that store data in an RDS instance. All of these instances are in an AWS VPC with security groups configured to allow them to connect to each other.
For reporting purposes, I would like to connect to the RDS instance from my laptop (e.g. using SQLAlchemy) to run simple queries. Every time I try to connect using the connection string that the EC2 apps use, the connection times out.
For Google, one can use the Cloud SQL proxy for this, but I can't find an analogous product for AWS. Instead, it seems like what I am supposed to do is attach an internet gateway to the VPC and configure the security groups to allow connection from my machine. However, the documents are unclear on how to do this other than allowing all inbound connections or allowing a static IP. Unfortunately my laptop doesn't have a static IP, and I'm uncomfortable allowing all inbound connections as it seems insecure and an invitation to attacks. I also have not been able to find a way to configure a security group to allow connections based on IAM credentials for example using the AWS CLI. Since I will be routinely generating reports, a solution that involves updating a security group (i.e. allowing my current IP) every time I want to connect seems suboptimal.
I have tried following the following documents, but so far have had no success in finding a solution that does not allow all connections:
Allow users to connect to RDS using IAM*
Connecting to RDS instance from command line
Connecting to RDS on VPC from internet
*My RDS instance configuration does not allow me to enable IAM authentication, I'm not sure why
IAM Database Authentication is not supported for the configuration in the DB Instance db.
Modify your Db Instance to another instance class and try again.
(Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterCombination;
Request ID: a6194fb8-2ab9-4a6a-a2be-63835e6e0184)
Is there something I'm not understanding or overlooking? Is allowing connections from all IPs not a big deal since the DB instance is still secured by DB user credentials?
Select this connection as per screenshot. Then fill up all details use your nat instance .pem file to connect. Its like you are connecting to VPC through Nat gateway or Internet gateway bypassing this.
Another option to install VPN on VPC and connect.

node js app deployed on google cloud connection with remote mysql on diffrent server.

I need to connect to remote mysql on different server and my nodejs code is deployed on google cloud. I have tried with host ip, username password of remote mysql, but giving following error:-
{"errorno":"ETIMEDOUT","code":"ETIMEDOUT","syscall":"connect","fatal":true}
ETIMEDOUT is a Node.js networking error. You will need to tinker with you firewall rules to allow the connection.
Probably opening port 3306 will solve the issue. Here's the documentation for setting up a remote access to MySQL [1] and the networking side [2]