2

I am testing the following configuration.

  • Cloud SQL (tetsql-1) in Region X Zone A
  • A Compute Engine VM (TestVM-1) in the same Region X Zone A. OS is Centos 7
  • Compute Engine VM is running cloud SQL proxy on non default port (9090)

With the above configuration I am able to logon to testsql-1 from TestVM-1 with below command:

  `mysql -h 127.0.0.1 --port 9090 -u testuser -D testDB -p`

However I am not able use the internal IP of TestVM-1 in the above command. It gives an error.

Another observation is I am able to do telnet 127.0.0.1 9090 but when I try telnet <VM -Internal-IP> 9090 returns a connection refused error.

Does anyone know if this is expected behaviour? If this is expected, why is it so?

Cyac
  • 447
  • 3
  • 15
  • Following the [documentation](https://cloud.google.com/sql/docs/mysql/connect-compute-engine#gce-connect-ip#gce-connect-proxy), I was able to reach my CLoudSQL instance through my Cloud SQL proxy on my Compute Engine Instance, even with your configured port 9090. Can you confirm that you used the right CloudSQL instance name in the shell command “./cloud_sql_proxy -instances==tcp:9090”? – oakinlaja Jun 19 '19 at 19:18
  • @oakinlaja not sure if I understood you. I am able to connect to CloudSQL via the proxy when I use 127.0.0.1 as Host IP address. Guess what I am trying to find out ia why the Cloud SQL proxy is bound to only 127.0.0.1 IP and not to the host GCE instance's Private IP. – Cyac Jun 21 '19 at 09:30
  • It is a requirement for connecting using using TCP sockets, the proxy is accessed through 127.0.0.1. With TCP sockets, the proxy is available as local host. There are [other available options](https://cloud.google.com/sql/docs/mysql/connect-compute-engine) for connecting from your Compute Engine instance using your Private IP or the Instance's Public IP, however, with the CloudSQL proxy, especially when using TCP sockets, the proxy could only be accessed through 127.0.0.1. Meanwhile, I did a test with 0.0.0.0 and it worked as well. – oakinlaja Jun 21 '19 at 12:45
  • @oakinlaja I did not understand the test with 0.0.0.0 that worked. Did you mean you manage to start cloudsql proxy with bind=0.0.0.0? I am assuming based on the remaining part of your above comment that even then one can only connect to the proxy with mysql -h 127.0.0.1 (or localhost). The first reply clarifying this point was from John Hanley so I am accepting that answer - unless you want to add a more detailed one. – Cyac Jun 27 '19 at 11:36
  • Does this mean a GCE instance cannot connect to Cloudsql Proxy on another GCE instance? – David Jul 15 '19 at 15:36
  • 2
    @David Yes, it means you cannot from what I have seen and further confirmed by oakinlaja and John Hanley – Cyac Jul 16 '19 at 09:49

4 Answers4

6

The cloud proxy uses 127.0.0.1 by default, where it accepts connections.

To configure another IP Address, you have to set it in the instances parameter:

./cloud_sql_proxy -instances=<myCloudSQLproject:myCloudSQLzone:mycloudsqlinstance>=tcp:<IP_Address>:<PORT>

Something like this:

./cloud_sql_proxy -instances=project_xxx:us-central1:database_yyy=tcp:10.203.23.12:9090

This configuration allows connecting to this cloud proxy from others hosts as well.

J.García
  • 136
  • 2
  • 4
0

You're able to connect from your VM to Cloud SQL because you're using the proxy. If you would like to connect to your Cloud SQL then you have whitelist the IP address of your VM in Cloud SQL's connections tab, please refer to this documentation.

Christopher
  • 895
  • 6
  • 15
0

This is expected behavior. Private IPs are only accessible from a Virtual Private Cloud (VPC). In order for a resource (such as a GCE instance) to connect, it must also be on that VPC.

See this page for instructions on how to add a GCE instance to a VPC, and see this page for more on the environment requirements for Private IP.

kurtisvg
  • 3,412
  • 1
  • 8
  • 24
0

The reason that you can connect to 127.0.0.1 but you cannot connect using the VM's private IP address is that the Proxy is NOT listening on the private IP address.

The Cloud SQL Proxy listens on the loopback adapter's internal address which is 127.0.0.1. This address only exists inside the computer.

John Hanley
  • 74,467
  • 6
  • 95
  • 159
  • 1
    this is what I thought as well. And I was trying to find out if there is a way to make the Cloud SQL Proxy listen to all ip addresses of the host - something like a bind=0.0.0.0 option. Could not find such an option. Do you know if this was intentionally disabled for some reason? – Cyac Jun 21 '19 at 09:25
  • I don't know. The source code is published on GitHub. https://github.com/GoogleCloudPlatform/cloudsql-proxy – John Hanley Jun 21 '19 at 14:46