I have a GCE instance that uses older mysql connection type and in order to connect to a Google Cloud SQL instance, I open an SSH connection through the browser on the GCE instance and run the following:
> cd /
> ./cloud_sql_proxy -dir=/cloudsql -instances=my-gce-instance-name:us-east1:my-sql-instance-name &./cloud_sql_proxy -dir=/cloudsql -
And then it is open for connections. The problem is, when I close the browser window (or even sign into Google with a different user), the connection is lost. Is there any way to persistently run this Unix socket with Google Cloud Engine?
Generally, you can run a command in the background by appending a & to the end of the command. This will start a background process for the proxy. You can stop the proxy with killall cloud_sql_proxy.
Another solution would be to run the proxy as a service. How to do this wildly varies by distro and version. Ubuntu 16 is typically bundled with systemd.
Related
I am trying to setup an IPSec tunnel on my virtual machine on Google Compute Engine and it seems all my traffic is blocked. Even though I have open the necessary ports on both the Windows Server 2016 server and Google's Firewall. Question I have is it possible to setup the VPN tunnel on the server it self or should I make use of the Hybrid Connectivity VPN or something else? I have the same setup on a dedicated server but just can't get Main Mode and or Quick Mode functioning at all.
PS I have setup many iPSec tunnels on stand alone server just not on a virtual server using Google Compute Engine.
Thanks in advance for your help on this one.
I was able to set up IPSec VPN server with Debian 10 virtual machine, on Google Compute Engine.
Here's what I did:
While creating virtual machine instance (Debian 10 for example), in "Network interface" window set option "IP forwarding" to "ON";
On "VPC network" page create firewall rule with open ports: "udp: 500, 4500";
Use this script to setup VPN software:
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
It will generate credentials needed for next step. They look like this: "Server IP: ****", "IPsec PSK: ****", "Username: ****", "Password: ****".
For client configuration use credentials generated from above step and IPsec/XAuth protocol while setting vpn connection.
Look here if you encounter problems: https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-xauth.md
Check this guide "IPsec VPN Server Auto Setup Scripts" for more information:
https://github.com/hwdsl2/setup-ipsec-vpn
My GCP server is down. It was working last day. I can see the server in VM Instances but can not connect using SSH. All the client websites are down.
Can any one help ?
There is several reasons this could happen:
If your disk is full
sshd deamon isn't configured properly
If OS login is enabled on your instance
A firewall rule block port 20
Sometimes, you see some connection errors in the console, that worth to take a look.
EDIT:
I will need additional information if that still not working;
Take a look to your serial console logs and tell me if you have any relevant logs that can help like a kernel panic, issue with networking, permission denied, etc
Use Cloud Shell and try to connect to your VM instance with these commands:
gcloud compute firewall-rules create --network=default default-allow-ssh --allow tcp:22
gcloud compute ssh YOUR_INSTANCE_NAME --zone YOUR_ZONE -- -vvv
If you can't connect from cloud shell, try to ping your VM instance (internal IP & external IP)
I highly recommend to delete your screenshots showing information about your VM instance (Firewall rules, Project name, nmap scans, etc).
I'm using google compute engine and have an auto scaling instance group that spins up new VMs as needed all sitting behind a load balancer. I'm also using google's cloud SQL in the same project. The VMs need to connect to the cloud SQL instance.
Since the IPs of the VMs are dynamic I can't just plug in the IPs to the SQL access config so I followed the cloud sql proxy setup along with the notes from this very similar question:
How to connect from a pool of Google Compute Engine instances to Cloud SQL DB in the same project?
I can now log into a single test VM and run:
./cloud_sql_proxy -instances=PROJ_NAME:TIMEZONE:SQL_NAME=tcp:3306
and everything works great and that VM connects to the cloud SQL instance.
The next step is where I'm having issues. How can I setup the VM so it automatically starts up the proxy when it's either built from an instance template or just restarted. The obvious answer seem to be to shove the above in the VM's start-up script but that doesn't seem to be working. So with my single test VM I can SSH into the VM and manually run the cloud_sql_proxy command and all works. If I then include the below in my start-up script and restart the VM it doesn't connect:
#! /bin/bash
./cloud_sql_proxy -instances=PROJ_NAME:TIMEZONE:SQL_NAME=tcp:3306
Any suggestions? I seriously can't believe it's this hard to connect to the SQL cloud from a VM in the same project...
The startup script you have shown doesn’t show the download step of the cloud_sql_proxy.
You need to first download and then launch the proxy. So, your startup script should look like:
sudo wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64
sudo mv cloud_sql_proxy.linux.amd64 cloud_sql_proxy
sudo chmod +x cloud_sql_proxy
sudo ./cloud_sql_proxy -instances=PROJ_NAME:TIMEZONE:SQL_NAME=tcp:3306 &
I choose crontab to run cloud_sql_proxy automatically when vm start up.
$crontab -e
and add
#reboot cloud_sql_proxy blah blah.
I am a very basic user in Google Cloud Platform.
Is it possible to use a GUI of my VM instance ? I am currently using Centos7 VM.
You can use VNC to connect to VMs on Google Compute Engine. Here's a detailed tutorial for how to set this up.
For added security:
use a long, complex password (though note that VNC limits passwords to 8 characters)
instead of opening up port 5901 to the Internet, consider using an SSH tunnel. This is more complex, and depending on your Internet connection, may slow down your graphics refresh rate, but will be more secure.
To use the alternative approach with an SSH tunnel, here are the differences from the tutorial you need to follow:
don't open port 5901 in the Google Compute Engine firewall
create an SSH tunnel from your desktop/laptop to GCE VM via:
gcloud compute ssh \
${VM_INSTANCE} \
--project $PROJECT \
--zone $ZONE \
--ssh-arg "-L ${LOCAL_PORT}:localhost:5901"
where you need to provide the right parameters for ${VM_INSTANCE}, $PROJECT, and $ZONE that match your configuration. You can choose ${LOCAL_PORT} to be 5901 if you wish, but if you decide to VNC into several different GCE VM instances, you'll have to choose unique ports for your local machine.
You need to keep this connection open to use VNC. If this connection is closed, you will lose VNC access as well.
Instead of connecting to your VM using its external IP, connect via localhost:${LOCAL_PORT} with ${LOCAL_PORT} same as selected earlier in step #2
My need was to connect a Windows TightVNC client to Google Compute Engine Cloud Instance of Debian 10 (Buster). The various tutorials I have worked through omitted one important step: make sure the vnc server is not restricted to localhost.
The essential steps for Google Cloud are summarized as
confirm you have a running VM instance and that you have ssh access.
I explicitly disabled enable-oslogin (how to disable oslogin)
and loaded my own Puttygen-created SSH certificate.
in VPC Networks > Network Interface Details > Firewall and routes > Rules add a rule to allow ingress for ip range 0.0.0.0/0 (or a
known limited range), for tcp:5900-5920 (this allows for up to 20
VNC instances)
set up the VNC server (tutorials here and for debian 9
here and for debian 10 here and more complete and recent
here for debian 10
after doing this, I could not get past "Connection refused."
Missing step: make sure -localhost no is included as argument when starting the vncserver:
vncserver -localhost no
Once all these conditions were satisfied, I had desktop access.
I have spent a couple days trying to install software on Google Compute Engine (GCE) and then remotely access it from either my windows pc or local linux machine.
I can install software, like Google Chrome, etc. but can't open the applications as I keep getting display issues (understandably because GCE is headless). So I'm trying to VNC into the GCE instance.
I have tried installing the following on the server: (Instance Name is "talend")
vnc4server: I get output saying the server is running and everything looks good. Only error I get is a Language error like the following:
steven#talend:~$ vnc4server -geometry 1440x900 :1
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:LANGUAGE = (unset),LC_ALL = (unset),LANG = "en_ZA.UTF-8"are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
A VNC server is already running as :1
and
steven#talend:~$ vnc4server -geometry 1440x900 :2
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:LANGUAGE = (unset),LC_ALL = (unset),LANG = "en_ZA.UTF-8"are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
New 'talend:2 (steven)' desktop is talend:2
Starting applications specified in /home/steven/.vnc/xstartup
Log file is /home/steven/.vnc/talend:2.log
Remote Access: Using TightVNC client via Windows
I get the following message:
No connection could be made because the target machine actively refused it.
Remote Access: Using Vinagre via Linux
Connection to host 8.34.210.67::5902 was closed.
Via Google Compute Engine Web Console:
Tried changing to static ip > No Difference
Tried adding tcp:80 with Source: 0.0.0.0/0 > No Difference
I'm sure there is a simple solution to this but I can't seem to find it. Any help will be appreciated and then will post a link to the final solution.
Thanks.
You will need to configure three settings to all agree on the same port:
The port vnc4server is listening on.
A Compute Engine firewall rule to allow traffic on that port.
The port TightVNC is attempting to connect to.
From the error message "Connection to host 8.34.210.67::5902 was closed.", it looks like TightVNC is trying to connect to 5902. Assuming that vnc4server is also listening on that port, you should add a Compute Engine firewall rule to allow that port.
Visit the Console at https://cloud.google.com/console, click on your project, then Compute Engine, then Networks. Click the "Create new" next to "Firewalls" and add a new rule with tcp:5902 set in the Ports/Protocols field.
If you're running on Centos, there is an additional step to disable the local firewall as well: CentOS Firewall Issues on GCE
Another option is to use Guacamole and Tomcat to access your desktop via a browser or VNC client.
Use Aptitude or apt-get to install guacamole-tomcat. I have the VNC port in firewall settings (via tags) as well as http and https. I've set up a "guacamole" tag to use with the firewall as well. Your GCE instance will need these tags assigned. There are some configs to do via /etc/guacamole/ for user/login etc, but essentially it goes like this...
Once installed, the default ports are 8080. So browse to http://:8080/guacamole/ and you will get a Guacamole login screen. When you login, you will have links to click that start your desktop in a browser window.
You can also VNC directly (no browser) via :5901 - or whatever port you configured Guacamole with. It's best of course to have set up a st
Try:
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
if it is not similar flush:
sudo iptables -F