I am receiving an error when trying to load up my webpage
Failed to connect to MySQL: (2005) Unknown MySQL server host ':/cloudsql/testsite:europe-west1:testdatabase' (2)Error:
I have a Google Compute Engine VM set up with a LAMP stack (Apache/2.4.10 (Debian)/ Database client version: libmysql - 5.5.55 / PHP extension: mysqli)
I also have set up an instance on Google SQL with user credentials for aforementioned VM (i have set up both First Gen and Second Gen)
I can access both a local MySQL database on the VM as well as the Google SQL databases via phpAdmin installed locally
HOWEVER i appear to have an issue with the DB_HOST credentials in my config.php file when i run the script
path = /var/www/html/includes/config.php
I get
usually for local MYSQL databases i use
// The MySQL credentials
$CONF['host'] = 'localhost';
$CONF['user'] = 'YOURDBUSER';
$CONF['pass'] = 'YOURDBPASS';
$CONF['name'] = 'YOURDBNAME';
Documentation (and github links) recommend path
:/cloudsql/project-id:region:sql-db-instance-name
which is what i have done (see above) - but i keep getting the error message.
Am i typing the host description incorrectly? Or have i missed a configuration step?
Thanks in advance
It seems as if i have erred and that the credentials format i stated earlier are for Google App Engine
If you are on Google Compute Engine, you have two options:
Connect to the public IP address of your Cloud SQL instance. This requires you whitelist your GCE instance on the ACL for the Cloud SQL instance.
Use the Cloud SQL proxy. This is a extra daemon you run on your GCE instance that allows you to connect via TCP on localhost or a socket.
Related
I hope you are well.
I wan't to connect Google Datastream with MySQL database hosted into Cloud SQL by using private connection.
I have conected by the public internet using Public IP but I need to connect through VPC peering for security, documentation indicates that the following should be done: https://cloud.google.com/datastream/docs/private-connectivity
I have been tring to connect across Cloud SQL Auth Proxy follow this documentation and I have already connected the proxy to Cloud SQL: https://cloud.google.com/sql/docs/mysql/connect-admin-proxy#tcp-sockets
In every occasion I see the same error, no matter what ip configure it always changes to another ip.
For example, the follow image show the perfil configuration with Cloud SQL Auth Proxy internal IP 10.128.0.2 set up.
And, when I try to test, I've seen that the MySQL IP change for 192.168.5.236
In general, this is a MySQL client-side error code. The possible causes for this error are:
MySQL Server not running, or
Firewall configuration on the Windows server blocking access on port 3306
=> To troubleshoot the given error message, please follow the below mentioned steps:
Verify MySQL server is running and use the ping command to check the client-server connectivity. For Example: ping server_ip_address
To connect to a Cloud SQL instance using private IP, the Cloud SQL Auth proxy must be on a resource with access to the same VPC network as the instance.[1]
When you start the Cloud SQL Auth proxy, to ensure it is using the private IP, please make sure to pass the flag:
-ip_address_types=PRIVATE
Also,verify the firewall configuration and make sure the port 3306 is not blocked.
You can also view the mysql config file[2] and check if there is a bind-address relevant to it. If there is a bind-address, comment it out using the # character.
[1] https://cloud.google.com/sql/docs/mysql/connect-admin-proxy#private-ip
[2] How do I find the MySQL my.cnf location
In my case I have the Cloud SLQL Proxy mounted in compute engine and Mysql in Cloud SQL.
The solution was the following:
I needed to create a ingress firewall rule allow the ip range from the Datastream Private Connection (I needed to connect Datastream across a private connection for governance) to Cloud SQL Auth Proxy IP Range in tcp:3306.
You can test your connection throght Connectivity Tests
I am trying to migrate to use private IP:s for all our Cloud SQL instances. I have gotten it working for postgres, and am now trying to get access for our wordpress instances using MySQL.
The problem is I cant get the connection working from the running pods in our GKE cluster.
root#******:/var/www/app# mysql --host=10.**.**.* -u *_se -p
Enter password:
ERROR 2003 (HY000): Can't connect to MySQL server on '10.*.*.*' (110 "Connection timed out")
I have activated the private IP on the Cloud SQL instance, and added a private service connection to the VPC-network that is the same network that our cluster uses, but still cant connect in the same way as I did with postgres.
Does anyone know anything I could try to get this working?
There are specific network requirements Cloud SQL instances must
adhere to when communicating via a private connection. One of which
is that your Cloud SQL and GKE instances are located in the same
region and VPC network. Check this to configure private IP for MySQL.
The GKE cluster must be VPC-native and peered with the same VPC
network as the Cloud SQL instance. To connect MySQL from GKE, refer
to this Google documentation.
Note: If you are using shared VPC networks, you cannot assign a
private IP address in a shared VPC network to an existing Cloud SQL
instance. Also, VPC Network Peering uses private services access.
However, you do not create the VPC Network Peering explicitly, because
the peering is internal to Google Cloud.
Some possible causes of mentioned error are as follows:
Network failure especially if MySQL database server is running on a remote host.
No MYSQL server is running on the mentioned host.
Firewall blocking TCP-IP connection or other related reasons.
I would suggest you check the firewall setting and check if your MySQL server is listening on default port 3306. Also try to connect MySQL server on IP for which MySQL server is bound in 'my.cnf’. If it not so, run the following command to bind address if you are using Ubuntu:
1. Run the command vim /etc/mysql/my.cnf or vim /etc/mysql/mysqld.conf/mysqld.cnf
2. Comment bind-address = <Server IP> using the # symbol
3. Restart your MYSQL server once.
I'm trying to connect my server code running as a Docker container in our Kubernetes cluster (hosted on Google Container Engine) to a Google Cloud SQL managed MySQL 5.7 instance. The issue I'm running into is that every connection is being rejected by the database server with Access denied for user 'USER'#'IP' (using password: YES). The database credentials (username, password, database name, and SSL certificates) are all correct and work when connecting via other MySQL clients or the same application running as a container on a local instance.
I've verified that all credentials are the same on the local and the server-hosted versions of the app and that the user I'm connecting with has the wildcard % host specified. Not really sure what to check next here, to be honest...
An edited version of the connection code is below:
let connectionCreds = {
host: Config.SQL.HOST,
user: Config.SQL.USER,
password: Config.SQL.PASSWORD,
database: Config.SQL.DATABASE,
charset: 'utf8mb4',
};
if (Config.SQL.SSL_ENABLE) {
connectionCreds['ssl'] = {
key: fs.readFileSync(Config.SQL.SSL_CLIENT_KEY_PATH),
cert: fs.readFileSync(Config.SQL.SSL_CLIENT_CERT_PATH),
ca: fs.readFileSync(Config.SQL.SSL_SERVER_CA_PATH)
}
}
this.connection = MySQL.createConnection(connectionCreds);
Additional information: the server application is built in Node using the mysql2 library to connect to the database. There are no special firewall rules in place that are causing network issues, and that's confirmed by the fact that the library IS connecting, but failing to authenticate.
After setting up Cloud SQL Proxy I managed to figure out what the actual error was: somewhere between the secret and the pod configuration an extra newline was being added to the database name, causing any connection attempt to fail. With the proxy set up this was made clear because there was an actual error message to that effect displayed.
(notably all of my logging around the credentials that I was using to validate that the credentials were accurate didn't explicitly display the newline and was disguised by the fact that the console display added line breaks to wrap the display, and it happened to line up exactly with where the database name ended)
Have you read the documentation on https://cloud.google.com/sql/docs/mysql/connect-container-engine ?
In Container Engine, you need to set up a Cloud SQL Proxy container alongside your application pod and talk to it. The Cloud SQL Proxy will then make the actual call to Cloud SQL service.
If the container worked locally, I assume you have Application Default Credentials set on your development machine. It could be failing because those credentials are not on your container as a Service Account file. Try configuring a Service Account file, or create your GKE cluster with --scopes argument that gives your instances access to Cloud SQL.
When trying to connect to mysql using the docker cloud proxy like so:
mysql -u <USERNAME> -p -S /cloudsql/<YOUR-PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>
I received this error
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 95
According to the documentation, this is how I'm suppose to setup the proxy
docker run -d -v /cloudsql:/cloudsql \
-v /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt \
b.gcr.io/cloudsql-docker/gce-proxy /cloud_sql_proxy -dir=/cloudsql \
-instances=<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>
Here is the documentation for setting it up.
For those who may ask this question, I did set up these params properly
<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>
The output from the proxy:
2016/03/20 19:49:15 listenInstance: "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>"
2016/03/20 19:49:15 Remove("/cloudsql/<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>") error: remove /cloudsql/<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>: no such file or directory
2016/03/20 19:49:15 Open socket for "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>" at "/cloudsql/<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>"
2016/03/20 19:49:15 Socket prefix: /cloudsql
2016/03/20 19:51:29 Got a connection for "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>"
2016/03/20 19:51:30 couldn't connect to "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>": googleapi: Error 403: Insufficient Permission, insufficientPermissions
And so I looked at my compute instance and my Api access scopes for cloud sql is disabled and I had checked the prerequisites before and they say that if I'm creating my cloud sql and compute instances in the same project then I my compute should have editor permissions. Either way, I can't figure out how to give my compute instance editor privileges for my cloud sql instance.
Please let me know how I can give my compute instance editor privileges for cloud sql.
insufficientPermissions indicates that the Compute Engine VM is using the default Compute Engine service account and the Cloud SQL Admin scope was not enabled when the VM was created. In the first step of the guide, you are asked to verify whether the right scopes are present.
There are two options to fix this:
Option a) Create a new VM with the Cloud SQL Admin scope enabled.
When creating a new VM, select Set access for each API in the Identity and API access and switch Cloud SQL to Enabled.
If you are using Instance Templates, make the change described above on the instance template and use it to create the new instance(s).
Alternatively, you may select Allow full access to all Cloud APIs but be aware that this will allow any application on the VM to access any of the Cloud APIs using the service account credentials, which has editor privileges on the project by default.
Option b) Use credentials for a different service account
If creating a new VM is not an option, you can create a new service account, download the credentials file to the VM and use the -credential_file parameter to make the proxy use it. The new service account must be granted at least editor access to the project.
There's an open issue to provide a better error message:
https://github.com/GoogleCloudPlatform/cloudsql-proxy/issues/6
I am having trouble making the initial connection to my freshly created cloud sql instance.
I followed the steps outlined here: https://developers.google.com/cloud-sql/, which includes getting an IP, whitelisting my IP, and setting a root password.
However, when I try to connect using the mySQL command line tool, I get this error message:
mysql --host=xxx.xxx.xx.xxx --user=root --password
ERROR 2003 (HY000): Can't connect to MySQL server on 'xxx.xxx.xx.xxx' (10060)
I have a feeling that struggling at such a basic step implies my issue is specific only to me (calling for google cloud sql support folks).
I had the same issue, after a few minutes I got it going..
Make your GCE service has cloud SQL enabled (during instantiation)
Have a static ip for your GCE instance (you can use cloud console even while instance is running), and configure cloud SQL to accept this ip
set a root password for the cloud SQL
then your command is
mysql --host= --user=root --password=
My issue turned out to be related to the ISP (comcast) blocking outbound requests on port 3306. After setting up port forwarding, I'm able to connect directly from my pc to cloud sql WITHOUT using a GCE instance.
If others encounter this issue, I would recommend checking whether the port 3306 is available first (firebind, portquiz, etc).