How to connect from Flexible Environment to Second Generation Cloud SQL instance? - google-compute-engine

I have deployed my web server which requires a MySQL database for storage. I've created a Second Generation MySQL instance with one failover replica but I am not sure how I can connect to those.
I am not sure how to configure these instances and what I have to consider here e.g. region/zone. Flexible Environment appears to be unavailable in Europe unfortunately - at the moment at least - so I guess I'll have to place the SQL instances in the US too.
Will those instances have to be in the same local network or can they communicate over regions? Will I even be able to control this or will all this be decided by Google Cloud?
Could anybody who has done this before give me a few details about what to do here?

For best performance, you should place your App Engine instances in the same region.
For information on how to connect from your application to the Cloud SQL MySQL instance see the following documentation: https://cloud.google.com/sql/docs/dev-access#gaev2-csqlv2
The short summary is that you have to modify your app.yaml file to list the Cloud SQL instances you will be connecting to. Once that's done, a local socket will appear inside the App Engine VM that will allow you to connect to your Cloud SQL instance.

Related

AWS RDS MySQL database username and password sufficient for commercial security

I'm new to cloud computing so this might be an obvious question. I have a desktop Java application that will connect to an AWS RDS MySQL database using JDBC. Is using the endpoint, username and password for the database the preferred commercial way of connecting to the database?
To encrypt communication I plan to use SSL.
You could open your database instance to the outside, using regular credentials. But, a safer way to proceed might be to create an endpoint in AWS, possibly running in Java, which would expose one or more APIs which in turn would hit the MySQL database running in RDS. That is, you would not expose the RDS instance to the outside world directly, but only internally to this API, also running in AWS. Then, your desktop Java application would talk to this intermediary application when it needs to access the database.
The advantage of this suggestion is that it lessens the risk of your RDS instance being attacked via something like DOS. Of course, the API you create on top of the database could also be attacked. But, Java web application running in a container (and other similar applications in other languages) were designed to be exposed to the outside, much less so database instances.

Connect to GCP Cloud SQL from Compute Engine (not from App Engine)

Typical issues for teams that are migrating from AWS to GCP. How to properly connect to Cloud SQL from Compute engine.
In short that what you should know about Cloud SQL service at GCP.
As I see SQL Cloud more API rather clean MySQL socket tend to work with App Engine rather as plain DB.
List of options that you have to validate and use Cloud SQL without involving developers:
Connection using mysql-client or SQL protocol from external machine or even from Compute Engine requires to add your IP to whitelist. Keep in mind that Compute Engine you will be forced to use static IP due security limitations.In production you should use IP address with SSL
To validate connection from Compute Engine you should use Cloud Shell and gcloud utility
gcloud sql connect [INSTANCE_ID] --user=root
Other option that works only with Second Generation of instances and can be (should be) used in production is SQL Proxy that should be installed on client Compute engine and run as service. You need:
Enable SQL Cloud API
Create and use Service Account with MySQL Client permissions for your instance
Install and run SQL Proxy
Connect to localhost to use proxy as bridge to your SQL Cloud Instance
As result there open questions about "best practices" for production use:
How to automate it in the way that new instances in autoscaling group would be able to connect to Cloud SQL after start? My approach: create template that will start SQL Proxy as service. Is there another way?
How to connect to multiple Cloud SQL instances form the same Compute Engine?

ERROR 2003 (HY000): Can't connect to MySQL server on 'x.x.x.x' (110)

I'm trying to establish a basic mysql connection from a google compute engine instance in one project to a google cloud sql instance (2nd generation) in a different project.
I've done this many times before without any problem. You simply add the ip address of the google compute instance to the list of authorized networks for the google cloud sql instance. This has always worked in the past but it is not working now.
The only thing that I can think of which is different about this situation is that I've recently been experimenting with using the cloudsql-proxy to establish a connection from a different gce instance to the same google cloud sql instance. Could this be the problem? Perhaps the google cloud sql instance is getting confused by having to support both connection mechanisms?
I just need the connection to work. Is there a work-around?
There isn't a problem using both modes of connectivity simultaneously.
The only thing I can think of is that you are accidentally using an ephemeral IP addresses for your VMs instead of static, which means the VM may have a different IP address than you expect (after a restart, for example).
If that's not the case, please send a mail to cloud-sql#google.com with a little bit more information (project and database name, project/name/ip of your VM) so that we can figure out what's going on in the backend.

Cloud SQL Connection + Auto Scaling

Per this, Cloud SQL requires the external IP address of the client in order to allow connections to it. The other suggested way is the sql proxy with a big disclaimer that the method may change over time.
Question: If I am auto scaling compute engine VMs running webservers, do I need to assign them all external IPs and then go set those in the Cloud SQL instance? Or am I missing something huge? Noob question perhaps, thanks for reading through.
The recommended way is to use the Cloud SQL proxy (but if you really don't want to use it you would need to add static IPs to your GCE VMs and whitelist them on the Cloud SQL instance).
Also, you can setup a single VM instance with cloud_sql_proxy and listen to your subnet interface (for example) to make possible to connect any new VM instance to the one with a proxy.

Database on Cloud

BACKGROUND-
I am planning to make a website that will accept data from users to store them in a database(MySQL).The website would be served from google cloud servers.I have installed MAMP on my mac for web development.
PROBLEM-
Google cloud services also provide Cloud SQL.Now I have a few doubts-
1)Once I finish designing my website on MAMP and want to deploy it on cloud servers I would have database settings of my local machine.Does this mean that before putting it on cloud and in order to use Cloud SQL as database I would have to change code on back-end side that specifies database settings?If yes then how tedious is it to do so?(Changing database from testing environment from MySQL to deployment environment Cloud SQL).
2)Also is there a way to use cloud and not use Cloud SQL?
3)What else combination can be chosen with database to deploy website on cloud?
Usually changing the database needs huge efforts(testing and some config changes) as all the databases provide many additional features which doesn't work directly on another database.
You can use Cloud(Cloud SQL is just part of it).
But the Cloud SQL is mysql only as per the information given on the below link by google
https://cloud.google.com/products/
So, it should not be a big deal for you to migrate the project to cloud from your local system. Only you have to configure the connection details(it will not be simply localhost).