I'm using node-mssql on Google App Engine to query a Sql Database hosted on Azure. The issue I'm having is that the App Engine Node Server constantly changes IP addresses. So, I'd have have to white list every possible (I don't know how many that is) IP Address on Azure. Is there another way around this?
You can programmatically change the IP address whitelist using PowerShell as described in this document. To add a new range of IP addresses, run
New-AzureRmSqlServerFirewallRule -ResourceGroupName "myResourceGroup" `
-ServerName $servername `
-FirewallRuleName "AllowSome" -StartIpAddress "0.0.0.0" -EndIpAddress "0.0.0.0"
To remove a range of IP addresses, run
Remove-AzureRmSqlServerFirewallRule -ResourceGroupName "myResourceGroup" `
-ServerName $servername `
-FirewallRuleName "AllowSome" -StartIpAddress "0.0.0.0" -EndIpAddress "0.0.0.0"
You may need a Windows client to run Azure PowerShell though. See this document for a startup guide.
An alternative to use a virtual network within Azure and deploy your app on Azure.
Related
We got one GCP project contains 3 Cloud SQL instance and each one in a different GCP region for a different group of users.
What we would like is when the user login, I need to connect them to differnt instance based on a master table (another master SQL instance)?
Is that the best way to do, or we can do it differently?
Our application resides on Google app engine with Python flex env.
Thanks in advance!
Thinking about using the app engine custom domain mapping to point connect the user to different SQL instance by using different URL.
For App Engine Flexible, you can configure the Cloud SQL Proxy to support more than one Cloud SQL instance. Just use different port numbers for each SQL instance when setting up the proxy. If you are using unix sockets, just specify the instance names.
For example:
unix sockets:
./cloud_sql_proxy -dir=/cloudsql \
-instances=myProject:us-central1:myInstance,myProject:us-central1:myInstance2
Your connection string includes:
/cloudsql/myProject:us-central1:myInstance2
tcp:
./cloud_sql_proxy \
-instances=myProject:us-central1:myInstance=tcp:3306,myProject:us-central1:myInstance2=tcp:3307
The tcp method, specify the host as 127.0.0.1 and port (3306 or 3307).
I would like ask if a created google compute engine (vm) can be part of our local area network in our site and serves as our database server where every client can connect through our internet server?
instead of using cloudSQL we will use compute engine to install other database server.
I don't think you can assign a GCE VM to directly have an IP address from your local network, but if you run your own DNS in your network, you could add an entry to point your database server name at the Google IP, and you could configure routes on your network to go through your Internet server to get to that address. Alternately, if you have VPN IPSEC hardware at your site, you could use Cloud VPN to setup a tunnel from your site to your GCE project.
So Im following the google ruby guide to create and setup a cloud sql instance. Under 'Create and configure a Cloud SQL instance' step 4 it tells you to allow all network fields so the instance is open to all traffic, then underneath that it gives the warning:
This configuration leaves your Cloud SQL instance open to traffic from everyone, everywhere. It is used only for demonstration purposes. In production environments, restrict access to only those IP addresses that need access.
I haven't setup VM servers on a cloud environment before so I have no idea on what IP addresses I should be giving access to the SQL instance or what ones 'need access' do I just change it to the IP of my VMs?
In the context of the guide that you linked, the IP whitelist is necessary so you can access your Cloud SQL instance from your development server on your local computer. For that specific purpuse, you can just whitelist your computer's IP (see http://www.whatsmyip.org) instead off all the world.
When your application is going to be running on App Engine, you don't need to whitelist the IP. There is a separate access control list for that in the Cloud Console where you can list the App Engine applications authorized to connect.
I am currently test-driving Google Container Engine (GKE) and Kubernetes as a possible replacement to AWS/ElasticBeanstalk deployment. It was my understanding that just by the virtue of my dynamic servers being in the same project as the cloud sql instance, that they'd naturally be included in the firewall rules of that project. However, this appears not to be the case. My app servers and SQL server are in the same availability zone, and I have both ipv4 and ipv6 enabled on the sql server.
I don't want to statically assign IP Addresses to cluster members that are themselves ephemeral, so I'm looking for guidance on how I can properly enable SQL access to my docker-based app hosted inside GKE? As a stopgap, I've added the ephemeral IPs of the container cluster nodes and that has enabled me to use CloudSQL but I'd really like to have a more seamless way of handling this if my nodes somehow get a new ip address.
The current recommendations (SSL or HAProxy) are discussed in [1]. We are working on a client proxy that will use service accounts to authenticate to Cloud SQL.
[1] Is it possible to connect to Google Cloud SQL from a Google Managed VM?
Sadly, this is currently the only way to do this. A better option would be to write a controller that dynamically examined the managed instance group created by GKE and automatically updated the IP addresses in the Cloud SQL API. But I agree the integration should be more seamless.
I have just started with google appengine. I am developing an app in php. If I wanted to see the result, I used
dev_appserver.py ./ --php_executable_path /usr/bin/php5-cgi
(It doesn't work without the --php_executable_path parameter for me)
It works fine, except I cannot connect to the cloud sql instance. I read this https://cloud.google.com/appengine/docs/php/cloud-sql and tried to connect to the cloud sql by:
$sql = new mysqli(null,
'root', // username
'', // password
,
null,
'/cloudsql/:'
);
If I deploy something to appengine, this works, but what should I do, if I need to debug the app localy and it depends on the database?
#DTing's answer is correct that Google's docs encourage you to use a local MySQL from the local development server and recommend that pattern.
However, if you disagree and want to run the development server against your "production" SQL in the cloud, that's supported, too (just not encouraged because a bug during development could destroy your production data!).
Specifically, you follow the general instructions at, and pointed to by, https://cloud.google.com/sql/docs/getting-started#work (ignoring the appengine-specific part): make sure your Cloud SQL instance has an IP address, enable the outside-visible IP address of your workstation, make sure the SQL instance has a root password -- then check everything is working with a command line MySQL client, e.g
[[Note: to verify your workstation's outside-visible IP address, use e.g a browser to visit a site such as http://checkmyip.com/ ]]
$ mysql --host=INSTANCE_IP --user=root --password
and once everything is set up properly you just follow the instructions at https://cloud.google.com/appengine/docs/php/cloud-sql/#PHP_Using_a_local_MySQL_instance_during_development :
To connect to a Cloud SQL instance from your development environment,
substitute "127.0.0.1" with the instance IP address. You do not use
the "/cloudsql/"-based connection string to connect to a Cloud SQL
instance if your App Engine app is running locally in the Development
Server.
If you want to use the same code locally and deployed, you can use a
Special $_SERVER keys variable (SERVER_SOFTWARE) to determine where
your code is running. This approach is shown below.
So for example if your Cloud SQL's IP address is 12.34.56.78, you'd use
$sql = new mysqli('12.34.56.78:3306',
'<username>',
'<password>',
<database-name>
);
when $_SERVER['SERVER_SOFTWARE'] is not set or does not contain Google App Engine (which means you're running on the local development server).
https://cloud.google.com/appengine/docs/php/cloud-sql/#PHP_Using_a_local_MySQL_instance_during_development
The Guestbook example above shows how your application can connect to a Cloud SQL instance when the code runs in App Engine and connect to a local MySQL server when the code runs in the Development Server. We encourage this pattern to minimize confusion and maximize flexibility.