I just created a 2nd gen My SQL instance in GCP. I used the below command in the console to connect to the sql instance but I'm getting permissions error.
gcloud beta sql connect instance-name --user=root
You need the [cloud_sql_proxy] component to use the sql connect
command.
ERROR: (gcloud.beta.sql.connect) You cannot perform this action
because you do not have permission to modify the Google Cloud SDK
installation directory [/google/google-cloud-sdk].
I have tested the command and it is giving me the same error. After that I removed the beta and run the command gcloud sql connect instance-name --user=root.
I got the following message:
Whitelisting your IP for incoming connection for 5 minutes...done.
Connecting to database with SQL user [root].Enter password:
So try removing the beta from the command.
Related
I have a cloud run service which is trying to connect to a cloud SQL (postgres) instance. There is a timeout connecting:
File "/usr/local/lib/python3.10/site-packages/google/cloud/sql/connector/connector.py", line 261, in connect_async
return await asyncio.wait_for(get_connection(), timeout)
File "/usr/local/lib/python3.10/asyncio/tasks.py", line 458, in wait_for
raise exceptions.TimeoutError() from exc"
Checked that:
The instance is added in the cloud run config under "Cloud SQL connections"
This code works fine locally against the same instance with the same service account. To ensure it uses the service account, not my own login, checked:
gcloud auth revoke
Check that application doesn't work
export GOOGLE_APPLICATION_CREDENTIALS=/<serviceaccountcreds>.json
Check that application works.
Where do I dig?
The connection is gotten with the sample code, nothing fancy.
You can connect to Cloud SQL using TCP to private db instance IP by the VPC Connector. Or by the Cloud SQL Proxy (auto SSL/TSL) to the Cloud SQL Proxy Server available by default in the Cloud SQL instance (auth by IAM).
To test from your local dev PC you do:
gcloud components install cloud_sql_proxy
create an instance (you have one already..)
gcloud sql instances create sql-db ...
create a sample db:
gcloud sql databases create my_db --instance sql-db
connect with:
gcloud beta sql connect sql-db --user root
remove the default root user and configure a new one that can connect only passing by the Cloud SQL Proxy (if you want that kind of security)
gcloud sql users delete root --host % --instance sql-db
gcloud sql users create root --host "cloudsqlproxy~%" --instance sql-db
# network "cloudsqlproxy" is shared between
# cloud sql instance and the proxy server
to deploy the service with access to cloudsql:
DB_INSTANCE=$PROJECT\:$REGION\:sql-db
gcloud run deploy <SERVICE_NAME> \
--add-cloudsql-instances $DB_INSTANCE \
--set-env-vars DB="mysql://root#unix(/cloudsql/$DB_INSTANCE)/my_db"
# all other flags...
# DB is alternative to SOCKET_PATH, both for the Cloud SQL client init
the role for the service account to work with cloudsql:
gcloud run services add-iam-policy-binding $SERVICE_NAME \
--member serviceAccount:$SERVICE_ACCOUNT \
--role roles/cloudsql.client
I am trying to update my GCP Cloud Composer environment from composer-1.18.0-airflow-2.2.3 -> composer-1.19.4-airflow-2.2.5 .
It fails with the error that I don't have the permissions to describe the tenant Cloud SQL instance (verbose error below). I know that the command is executed on a running pod in the Composer's kubernetes cluster.
I tested the failing command, outlined below, with the environment's service account credentials activated and it works. Why does the command fail when executed inside the pod? Is the kubernetes cluster using different credentials than the Composer's service account?
Verbose error message:
Failed to update image version.
Exporting sql database failed with error [Failed to run command ['gcloud', 'sql', 'instances', 'describe', 'my-tentant-sql-instance-...-sql', '--project', 'myTenantProject-tp', '--format', 'get(serviceAccountEmailAddress)'], details: b'ERROR: (gcloud.sql.instances.describe) There was no instance found at projects/myTenantProject-tp/instances/my-tentant-sql-instance-...-sql or you are not authorized to access it.\n'].
I want to execute a script which is in my compute engine using cloudbuild but somehow cloudbuild is not able to ssh into my vm , in my vm "OS LOGIN" is enabled and also have only internal ip.
here is my cloudbuild.yaml file
steps:
name: 'gcr.io/cloud-builders/gcloud' id: Update staging server entrypoint: /bin/sh args:
'-c'
|
set -x &&
gcloud compute ssh vm_name --zone=us-central1-c --command='/bin/sh /pullscripts/pull.sh'
I am attaching my error pics
cloudbuild error page 1
cloudbuild error page 2
Also my question is , is it possible connect a vm using cloud sdk if "os login" is enabled.
You'll probably have to add the roles/iap.tunnelResourceAccessor role to the cloudbuild service account. Please read this Google documentation, which shows you what to do with a certain error code.
Error code 4033
Either you don't have permission to access the instance, the instance doesn't exist, or the instance is stopped.
in fact, you can use gcloudbuild to connect in any vm, just need a docker configuration and upload the files (private_key, scripts, etc). I've this repo to solve this problem: https://github.com/jmbl1685/gcloudbuild-vm-ssh-connect
I hope that the above help you
Try adding --internal-ip which looks like as follows:
gcloud compute ssh vm_name --zone=us-central1-c --internal-ip
I am trying to transfer a file from a Google Compute Engine VM instance to my local machine using gcloud scp. I am able to confirm that I am logged in to the Google Cloud account using:
gcloud config list
However when I execute the gcloud scp command, I see following error message:
ERROR: (gcloud.compute.scp) You do not currently have an active account selected.
Not sure why I am seeing the error even if I am logged in.
Here is how I am executing the command:
gcloud scp <instance_name>: <remote_file_path> .
Thanks in advance!
When I try to connect to Google Cloud SQL via the Cloud Shell, I get the following error:
gcloud beta sql connect mysql-1 --user=root
ERROR: (gcloud.beta.sql.connect) You do not have permission to access instance [mysql-1]: The client is not authorized to make this request.
I am not sure what permission is required to grant this access.
It turns out that I typed in my project name incorrectly when configuring the CLI.
gcloud config set project PROJECT_ID