Now I want to deploy a rails app to Google Container Engine. And use Google Cloud SQL as database.
When I tried to connect Google Cloud SQL from Google Container Engine, I got this error:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
Here is a document to solve that, but there is no information about Google Container Engine:
https://cloud.google.com/sql/docs/diagnose-issues#connection
The Google Cloud SQL access SSL connect for dynamically assigned IP addresses:
https://cloud.google.com/sql/docs/access-control#dynamicIP
So I need to create a client certificate for mysql instance:
https://cloud.google.com/sql/docs/configure-ssl-instance
Then connect it this way:
shell> mysql --ssl-ca=server-ca.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem \
--host=instance-IP --user=user-name --password
https://cloud.google.com/sql/docs/mysql-client#connect
But I want to connect Google Cloud SQL by mysql database url from my program on Google Container Engine:
mysql2://myapp:password#1.2.3.4/myapp?checkout_timeout=20000
How to attach --ssl-ca, --ssl-cert, --ssl-key with this method?
Google Cloud SQL is no different from any other MySQL server in this regard. You append the SSL information as parameters to the query section of the URL. In your example it would be:
mysql2://myapp:password#1.2.3.4/myapp?checkout_timeout=20000&sslca=server-ca.pem&sslcert=client-cert.pem&sslkey=client-key.pem
Related
I am receiving an error when trying to load up my webpage
Failed to connect to MySQL: (2005) Unknown MySQL server host ':/cloudsql/testsite:europe-west1:testdatabase' (2)Error:
I have a Google Compute Engine VM set up with a LAMP stack (Apache/2.4.10 (Debian)/ Database client version: libmysql - 5.5.55 / PHP extension: mysqli)
I also have set up an instance on Google SQL with user credentials for aforementioned VM (i have set up both First Gen and Second Gen)
I can access both a local MySQL database on the VM as well as the Google SQL databases via phpAdmin installed locally
HOWEVER i appear to have an issue with the DB_HOST credentials in my config.php file when i run the script
path = /var/www/html/includes/config.php
I get
usually for local MYSQL databases i use
// The MySQL credentials
$CONF['host'] = 'localhost';
$CONF['user'] = 'YOURDBUSER';
$CONF['pass'] = 'YOURDBPASS';
$CONF['name'] = 'YOURDBNAME';
Documentation (and github links) recommend path
:/cloudsql/project-id:region:sql-db-instance-name
which is what i have done (see above) - but i keep getting the error message.
Am i typing the host description incorrectly? Or have i missed a configuration step?
Thanks in advance
It seems as if i have erred and that the credentials format i stated earlier are for Google App Engine
If you are on Google Compute Engine, you have two options:
Connect to the public IP address of your Cloud SQL instance. This requires you whitelist your GCE instance on the ACL for the Cloud SQL instance.
Use the Cloud SQL proxy. This is a extra daemon you run on your GCE instance that allows you to connect via TCP on localhost or a socket.
When trying to connect to mysql using the docker cloud proxy like so:
mysql -u <USERNAME> -p -S /cloudsql/<YOUR-PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>
I received this error
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 95
According to the documentation, this is how I'm suppose to setup the proxy
docker run -d -v /cloudsql:/cloudsql \
-v /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt \
b.gcr.io/cloudsql-docker/gce-proxy /cloud_sql_proxy -dir=/cloudsql \
-instances=<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>
Here is the documentation for setting it up.
For those who may ask this question, I did set up these params properly
<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>
The output from the proxy:
2016/03/20 19:49:15 listenInstance: "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>"
2016/03/20 19:49:15 Remove("/cloudsql/<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>") error: remove /cloudsql/<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>: no such file or directory
2016/03/20 19:49:15 Open socket for "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>" at "/cloudsql/<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>"
2016/03/20 19:49:15 Socket prefix: /cloudsql
2016/03/20 19:51:29 Got a connection for "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>"
2016/03/20 19:51:30 couldn't connect to "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>": googleapi: Error 403: Insufficient Permission, insufficientPermissions
And so I looked at my compute instance and my Api access scopes for cloud sql is disabled and I had checked the prerequisites before and they say that if I'm creating my cloud sql and compute instances in the same project then I my compute should have editor permissions. Either way, I can't figure out how to give my compute instance editor privileges for my cloud sql instance.
Please let me know how I can give my compute instance editor privileges for cloud sql.
insufficientPermissions indicates that the Compute Engine VM is using the default Compute Engine service account and the Cloud SQL Admin scope was not enabled when the VM was created. In the first step of the guide, you are asked to verify whether the right scopes are present.
There are two options to fix this:
Option a) Create a new VM with the Cloud SQL Admin scope enabled.
When creating a new VM, select Set access for each API in the Identity and API access and switch Cloud SQL to Enabled.
If you are using Instance Templates, make the change described above on the instance template and use it to create the new instance(s).
Alternatively, you may select Allow full access to all Cloud APIs but be aware that this will allow any application on the VM to access any of the Cloud APIs using the service account credentials, which has editor privileges on the project by default.
Option b) Use credentials for a different service account
If creating a new VM is not an option, you can create a new service account, download the credentials file to the VM and use the -credential_file parameter to make the proxy use it. The new service account must be granted at least editor access to the project.
There's an open issue to provide a better error message:
https://github.com/GoogleCloudPlatform/cloudsql-proxy/issues/6
I have set up google cloud sql for my GCE(google compute engine) VM instance ,but I am unable to connect to the google cloud sql from VM instance .
In order to access the google cloud sql from the GCE ,I have requested for a Ipv4 address for the cloud sql host . Then I have added the external IP of the GCE to the Allow networks under the authorization section of google cloud sql setting .
Tried to access the cloud sql from the GCE with the Ipv4 address(as the host) and database user name and password using the following syntax
mysql --host=<instance-ip-address> --user=<user-name> --password
But getting the following error in response.
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading
initial communication packet', system error: 0
I suspect you haven't setup the allowed networks properly. Please double check your settings according to: https://cloud.google.com/sql/docs/access-control#appaccess
If you still have trouble, please contact cloud-sql#google.com with providing your instance name.
I need to connect from MySQL Administrator client on my workstation to the Google Cloud SQL (MySQL) instance, in order to configure users in MySQL database so that my deployed applications on App Engine can use another database I imported into the Cloud SQL instance.
I am getting this error for some reason.
I've authorized access to MySQL instance on Google Cloud SQL using CDIR and exact IP:
xxxx.xxxx.0.0/1
xxx.xxx.xxx.xxx
Still not working...
Could you re-check the Cloud SQL IP address, Authorized IP address (of your workstation), username and password that you are using to connect.
If you are behind a proxy could you the instructions here to ensure you are using the right Authorized IP address.
If everything is as expected and you still cannot connect please contact us at cloud-sql#google.com with your instance name and we will look into the issue.
I was able to log into MySQL instance from another location (home) by authorizing my home IP. It originally has not worked when I tried connecting from work.
Somehow my co-worker can use MySQL Workbench to log in, but he has another version of the client program.
Clearly some issue with the MySQL Workbench client version that I have - 6.1.6.11834.
I am having trouble making the initial connection to my freshly created cloud sql instance.
I followed the steps outlined here: https://developers.google.com/cloud-sql/, which includes getting an IP, whitelisting my IP, and setting a root password.
However, when I try to connect using the mySQL command line tool, I get this error message:
mysql --host=xxx.xxx.xx.xxx --user=root --password
ERROR 2003 (HY000): Can't connect to MySQL server on 'xxx.xxx.xx.xxx' (10060)
I have a feeling that struggling at such a basic step implies my issue is specific only to me (calling for google cloud sql support folks).
I had the same issue, after a few minutes I got it going..
Make your GCE service has cloud SQL enabled (during instantiation)
Have a static ip for your GCE instance (you can use cloud console even while instance is running), and configure cloud SQL to accept this ip
set a root password for the cloud SQL
then your command is
mysql --host= --user=root --password=
My issue turned out to be related to the ISP (comcast) blocking outbound requests on port 3306. After setting up port forwarding, I'm able to connect directly from my pc to cloud sql WITHOUT using a GCE instance.
If others encounter this issue, I would recommend checking whether the port 3306 is available first (firebind, portquiz, etc).