unable to establish remote connection to mariadb (mysql) on centos7 on gcloud from mac or gscipt

Question

newbie here - Issue: unable to establish remote connection to mariadb (mysql) on centos7 from a mac or a gscript - setup: I got 2 lamp machines: one test (107) and another one production (35) 107 - centos6.5 with mysql (vps in digitial ocean) 35 - centos7 with mariadb-server-5.5.52-1.el7.x86_64 (compute engine on gcloud) db,dbuser,dbpass and port (3306) same on both machines

• problem details: I can establish a remote and a jdbc connection to mysql on 107 (test server) from a mac using nc, mysqlworkbench and a gscript app; but when I try to get a connection going with 35 (prod server) with the same user/pass/db parameters I get this response: workbench: Can't connect to MySQL server on '35.190.134.164' (60) gscript (jdbc connection exception thrown): Failed to establish a database connection. Check connection string, username and password. nc on mac: ... (literally nothing after issuing the command nc <35's ip address> 3306

-What I tried: 1. https://mariadb.com/kb/en/library/configuring-mariadb-for-remote-client-access/ my.cnf in 35 looks like this:

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock

# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd



#skip-networking
bind-address = 0.0.0.0

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

#
# include all files from the config directory
#
!includedir /etc/my.cnf.d

2. firewall-cmd looks like this (for active and public):

trusted (active) target: ACCEPT icmp-block-inversion: no interfaces: eth0 sources: services: http https ports: 3306/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client http https ssh ports: 3306/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:

3. the dbuser its password is not the issue as I created the same user and password for the same database on both 107 and 35. the user has only usage privileges (select, update, delete, insert) and is set as % on both machines.

I've been on this for 3 days now and I'm not close to figure this out. any help is appreciated. what am I missing?

Thank you.

Answer 1

3 days of googling and 45 minutes later after posting this question, I figured out and realized that gcloud might also have a firewall, lo and behold, It does, and I found this document:

https://cloud.google.com/solutions/mysql-remote-access#modify_the_default_firewall_rule

went I head and created an ingress rule for tcp:3306, and now I'm able to connect remotely and my gscript is talking to my gcloud's compute engine instance.

This needs a celebration!!!

Hope it helps someone.