2

I am trying to get Metbase runnning on a Google VM using a CloudSQL postgres instance as as database.

In the startup script I have the following code to start a sqlproxy:

sudo docker service create --name sqlproxy --network host \
    gcr.io/cloudsql-docker/gce-proxy:1.31.2 /cloud_sql_proxy -instances={CONNECTION_NAME}=tcp:5432

Afterwards I run the following code to start the Metabase service:

sudo docker service create --name metabase --secret {SECRET} \
    -e MB_DB_TYPE=postgres -e MB_DB_DBNAME={DATABASE_NAME} -e MB_DB_PORT=5432 \
    -e MB_DB_HOST=localhost -e MB_DB_USER=admin -e MB_DB_PASS_FILE={FILE} \
    --network host {DOCKERFILE}

After doing so, the docker service logs for the metabase state that it is waiting for the database connection to be initialised. The logs of the sqlproxy service afterwards (while it starts correctly) that the proxy from the VM is unable to connect to the CloudSQL postgress instance and the connection times out.

The VM and the CloudSQL instance are both in the same VPC, I have set up a private service connection for the CloudSQL instance in the network and added the VM to a subnet. They both have different internal IP-ranges, however, when I want to create a subnet with the same IP range as the private service connection, it won't allow me.

I am quite new to networking and am unsure to proceed from here. Is there someone who has an idea of what goes wrong or what direction I need to look in?

UPDATE:

The following logs from the proxy show the following:

sqlproxy.1.urxsvm3mxnro@{VM}    | 2023/08/07 11:27:12 current FDs rlimit set to 1048576, wanted limit is 8500. Nothing to do here.
sqlproxy.1.urxsvm3mxnro@{VM}   | 2023/08/07 11:27:12 Listening on 127.0.0.1:5432 for {INSTANCE}
sqlproxy.1.urxsvm3mxnro@{VM}  | 2023/08/07 11:27:12 Ready for new connections
sqlproxy.1.urxsvm3mxnro@{VM}   | 2023/08/07 11:27:12 Generated RSA key in 108.361863ms

However, after running the following psql command: psql "sslmode=disable dbname=metabase-mvp user=admin hostaddr={INSTANCE_IP}" it runs into a time-out asking if the service is running and listening on port 5432.

I created a connection test in CloudSQL that tests the connection from the internal IP from the VM to the CloudSQL instance, this works.

Is there anything that might be blocking the proxy connection? I enabled the CloudSQL Admin API, granted the necessary rights to the SA and added a firewall rule for outbound activity to the Private Connection IP range & Subnet IP range for ports 3307 & 5432. I am a bit clueless.. This is what the logs show after running psql:

psql: error: could not connect to server: Connection timed out
        Is the server running on host "{CLOUDSQL INSTANCE IP}" and accepting
        TCP/IP connections on port 5432?
Arthur de Vries
  • 23
  • 3
  • 2
    More debug details are required. 1) Start the proxy container. 2) Add the container logs to your post. 3) If there were no proxy errors, use the CLI tool `psql` to connect to the database. 3) Add the results from the CLI to your post. Until you have the proxy container correctly configured and running, there is no point in starting the Metabase container. My guess is that the Compute Engine service account does not grant permission to access Cloud SQL. – John Hanley Aug 03 '23 at 18:53
  • @JohnHanley thank you for your comment! I added the logs which hopefully make the issue more clear. – Arthur de Vries Aug 07 '23 at 11:38

1 Answers1

0

Found the culprit. The VPC Network peering didn't export the route from the VM's public IP to the CloudSQL instance Private IP. Exporting this route solved the issue and made the connection possible.

Arthur de Vries
  • 23
  • 3
  • 1
    Where in your question did you mention VPN? Edit your answer and show the changes you made to the VPN. Otherwise, this is not an answer, just a comment. – John Hanley Aug 07 '23 at 17:54