When trying to connect to mysql using the docker cloud proxy like so:
mysql -u <USERNAME> -p -S /cloudsql/<YOUR-PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>
I received this error
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 95
According to the documentation, this is how I'm suppose to setup the proxy
docker run -d -v /cloudsql:/cloudsql \
-v /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt \
b.gcr.io/cloudsql-docker/gce-proxy /cloud_sql_proxy -dir=/cloudsql \
-instances=<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>
Here is the documentation for setting it up.
For those who may ask this question, I did set up these params properly
<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>
The output from the proxy:
2016/03/20 19:49:15 listenInstance: "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>"
2016/03/20 19:49:15 Remove("/cloudsql/<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>") error: remove /cloudsql/<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>: no such file or directory
2016/03/20 19:49:15 Open socket for "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>" at "/cloudsql/<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>"
2016/03/20 19:49:15 Socket prefix: /cloudsql
2016/03/20 19:51:29 Got a connection for "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>"
2016/03/20 19:51:30 couldn't connect to "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>": googleapi: Error 403: Insufficient Permission, insufficientPermissions
And so I looked at my compute instance and my Api access scopes for cloud sql is disabled and I had checked the prerequisites before and they say that if I'm creating my cloud sql and compute instances in the same project then I my compute should have editor permissions. Either way, I can't figure out how to give my compute instance editor privileges for my cloud sql instance.
Please let me know how I can give my compute instance editor privileges for cloud sql.
insufficientPermissions indicates that the Compute Engine VM is using the default Compute Engine service account and the Cloud SQL Admin scope was not enabled when the VM was created. In the first step of the guide, you are asked to verify whether the right scopes are present.
There are two options to fix this:
Option a) Create a new VM with the Cloud SQL Admin scope enabled.
When creating a new VM, select Set access for each API in the Identity and API access and switch Cloud SQL to Enabled.
If you are using Instance Templates, make the change described above on the instance template and use it to create the new instance(s).
Alternatively, you may select Allow full access to all Cloud APIs but be aware that this will allow any application on the VM to access any of the Cloud APIs using the service account credentials, which has editor privileges on the project by default.
Option b) Use credentials for a different service account
If creating a new VM is not an option, you can create a new service account, download the credentials file to the VM and use the -credential_file parameter to make the proxy use it. The new service account must be granted at least editor access to the project.
There's an open issue to provide a better error message:
https://github.com/GoogleCloudPlatform/cloudsql-proxy/issues/6
Related
I am unable to connect to a Cloud SQL instance when running an image on Cloud Run. Is this feature working yet?
I have successfully connected to the same SQL instance with Compute Engine.
Tried to connect to the Cloud SQL instance using a simple shell command:
mysql --host=$MYSQL_IP --user=$MYSQL_ROOT --password=$MYSQL_PASS -e "SHOW DATABASES"
Result is logged as such:
ERROR 2003 (HY000): Can't connect to MySQL server on '.*..'
(110)
This question was asked several months before Cloud Run reached GA (General Availability).
Cloud Run (fully-managed) now supports connecting to Cloud SQL instances (both MySQL and PostgreSQL) using the public IP address of the database.
gcloud run services update run-mysql \
--add-cloudsql-instances [INSTANCE_CONNECTION_NAME] \
--set-env-vars CLOUD_SQL_CONNECTION_NAME=[INSTANCE_CONNECTION_NAME],\
DB_NAME=[MY_DB],DB_USER=[MY_DB_USER],DB_PASS=[MY_DB_PASS]
...where INSTANCE_CONNECTION_NAME is of the form PROJECT_ID:REGION:INSTANCE_ID (as returned by gcloud sql instances describe <INSTANCE-ID> | grep connectionName or available in the Overview section of the Cloud SQL instance in Cloud Console).
Note that the service account used by Cloud Run to authorize your connections to Cloud SQL must have the correct IAM permissions which is will require some configuration if the DB instance and the Cloud Run services are not part of the same project.
The above takes care of connectivity between Cloud Run and Cloud SQL.
Having your application actually talk to the Cloud SQL instance requires connecting from your Cloud Run service using the Unix domain socket located at /cloudsql/INSTANCE_CONNECTION_NAME (these connections are automatically encrypted btw).
Different languages and different database drivers will use different ways to connect to the Cloud SQL instance. This link has more details.
See also How to securely connect to Cloud SQL from Cloud Run?
I have been coding my app with x-devapi locally on my computer and for the last 5 hours, I have tried possible workorounds to host it on Google app-engine but unsuccessful. I am only able to connect to Google App engine's MySQL database as illustrated in their documentation. However I want to use the X-devApi. Does Google app-engine support Oracle's X-devApi? how can I achieve this?
UPDATE:
According to the X-devApi documentation, the database connection happens when the X-devAPI is enabled in the database. This is how I enable it locally :
sudo mysqlsh -u root -h 127.0.0.1 --mysql --dba enableXProtocol
Secondly, the language have to be specified with command e.g \py for python, for example. I use Nodejs for my server and I have researched alot on how to enable the X-devApi on the console but I have not found any documentations.
Here is How I connect locally,
var mysqlx = require('mysqlx');
// Connect to server on localhost
var mySession = mysqlx.getSession(“mysqlx://user:password#localhost:33060”)
var myDb = mySession.getSchema('test');
While google cloud has three procedures:
Creating Instance and setting password:- gcloud sql users set-password root % --instance [INSTANCE_NAME] --password [PASSWORD]
Setting up the Cloud SQL instance and creating database respectively:- gcloud sql users create [USER_NAME] [HOST] --instance=[INSTANCE_NAME] --password=[PASSWORD] , gcloud sql databases create [DATABASE_NAME] --instance=[INSTANCE_NAME]
Point of difficulty:
How, and at which point do I enable the X-devApi, is it at instance or user level? if possible, please help with this procedure.
So far I've been investigating the Google Cloud SQL instances are not compatible with X protocol, which is completely necessary for X-devAPI.
Therefore, currently there is no way to use said tool with Cloud SQL.
There is an ongoing feature request in the public issue tracker of Google. If it is very important for you, please consider marking it as favorite so you can receive notifications of their updates, and it will give the feature request better priority.
I am receiving an error when trying to load up my webpage
Failed to connect to MySQL: (2005) Unknown MySQL server host ':/cloudsql/testsite:europe-west1:testdatabase' (2)Error:
I have a Google Compute Engine VM set up with a LAMP stack (Apache/2.4.10 (Debian)/ Database client version: libmysql - 5.5.55 / PHP extension: mysqli)
I also have set up an instance on Google SQL with user credentials for aforementioned VM (i have set up both First Gen and Second Gen)
I can access both a local MySQL database on the VM as well as the Google SQL databases via phpAdmin installed locally
HOWEVER i appear to have an issue with the DB_HOST credentials in my config.php file when i run the script
path = /var/www/html/includes/config.php
I get
usually for local MYSQL databases i use
// The MySQL credentials
$CONF['host'] = 'localhost';
$CONF['user'] = 'YOURDBUSER';
$CONF['pass'] = 'YOURDBPASS';
$CONF['name'] = 'YOURDBNAME';
Documentation (and github links) recommend path
:/cloudsql/project-id:region:sql-db-instance-name
which is what i have done (see above) - but i keep getting the error message.
Am i typing the host description incorrectly? Or have i missed a configuration step?
Thanks in advance
It seems as if i have erred and that the credentials format i stated earlier are for Google App Engine
If you are on Google Compute Engine, you have two options:
Connect to the public IP address of your Cloud SQL instance. This requires you whitelist your GCE instance on the ACL for the Cloud SQL instance.
Use the Cloud SQL proxy. This is a extra daemon you run on your GCE instance that allows you to connect via TCP on localhost or a socket.
Now I want to deploy a rails app to Google Container Engine. And use Google Cloud SQL as database.
When I tried to connect Google Cloud SQL from Google Container Engine, I got this error:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
Here is a document to solve that, but there is no information about Google Container Engine:
https://cloud.google.com/sql/docs/diagnose-issues#connection
The Google Cloud SQL access SSL connect for dynamically assigned IP addresses:
https://cloud.google.com/sql/docs/access-control#dynamicIP
So I need to create a client certificate for mysql instance:
https://cloud.google.com/sql/docs/configure-ssl-instance
Then connect it this way:
shell> mysql --ssl-ca=server-ca.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem \
--host=instance-IP --user=user-name --password
https://cloud.google.com/sql/docs/mysql-client#connect
But I want to connect Google Cloud SQL by mysql database url from my program on Google Container Engine:
mysql2://myapp:password#1.2.3.4/myapp?checkout_timeout=20000
How to attach --ssl-ca, --ssl-cert, --ssl-key with this method?
Google Cloud SQL is no different from any other MySQL server in this regard. You append the SSL information as parameters to the query section of the URL. In your example it would be:
mysql2://myapp:password#1.2.3.4/myapp?checkout_timeout=20000&sslca=server-ca.pem&sslcert=client-cert.pem&sslkey=client-key.pem
I am having trouble making the initial connection to my freshly created cloud sql instance.
I followed the steps outlined here: https://developers.google.com/cloud-sql/, which includes getting an IP, whitelisting my IP, and setting a root password.
However, when I try to connect using the mySQL command line tool, I get this error message:
mysql --host=xxx.xxx.xx.xxx --user=root --password
ERROR 2003 (HY000): Can't connect to MySQL server on 'xxx.xxx.xx.xxx' (10060)
I have a feeling that struggling at such a basic step implies my issue is specific only to me (calling for google cloud sql support folks).
I had the same issue, after a few minutes I got it going..
Make your GCE service has cloud SQL enabled (during instantiation)
Have a static ip for your GCE instance (you can use cloud console even while instance is running), and configure cloud SQL to accept this ip
set a root password for the cloud SQL
then your command is
mysql --host= --user=root --password=
My issue turned out to be related to the ISP (comcast) blocking outbound requests on port 3306. After setting up port forwarding, I'm able to connect directly from my pc to cloud sql WITHOUT using a GCE instance.
If others encounter this issue, I would recommend checking whether the port 3306 is available first (firebind, portquiz, etc).