How to connect Google Cloud SQL with Apps (like Google App Engine) and Tools like (mySQL workbench) in a secure way?
In this document we'll see how to create a Google Cloud SQL Instance and connect them in your Google App Engine application and MySQL Workbench admin tool.
Google Cloud SQL:
Google Cloud SQL is a fully-managed database service that makes it easy to set-up, maintain, manage and administer your relational MySQL databases in the cloud.
Google Cloud SQL provides a relational database that you can use with your App Engine application. Cloud SQL is a MySQL database that lives in Google's cloud.
refer:
https://cloud.google.com/sql/
https://cloud.google.com/sql/docs/
Creating SQL Instances:
A Google Cloud SQL instance is a MySQL database hosted in Google's cloud.
Go to the Cloud SQL Instances page in the Google Cloud Platform
Console (https://console.cloud.google.com/sql/instances) and Click
Create instance.
Click Choose First Generation, Enter a name and Choose a tier for
the instance and Click Create.
After the instance finishes initializing, select the instance to
open it.
In Access Control > Users, Click Create user account and create a
user with name root and specify a password (root_password). This
creates the MySQL user 'root'#'%'.
In Databases, Click New Database and create a database with a
DataBase name (DataBase_Name)
MySQL Workbench:
MySQL Workbench is a unified visual tool for database architects, developers, and DBAs. MySQL Workbench provides data modeling, SQL development, and comprehensive administration tools for server configuration, user administration, backup, and much more.
refer http://www.mysql.com/products/workbench/
Now we'll see how to connect to your Google Cloud SQL instance database with MySQL Workbench.
Configuring access
Go to the Cloud SQL Instances page in the Google Cloud Platform
Console and select the instance.
In Access Control > IP address, Click Request IPv4 adddress and copy
it(Instance_IPv4_address). It is needed to connect your Google Cloud
SQL instance database with Admin tools like MySQL Workbench.
note: You will be charged for IPv4 address # $0.01 each hour the instance is inactive and $0.1 each hour the instance is active
Google 'ip address' to find your public IP address
In Access Control > Authorization > Authorized networks, click Add
network and enter your IP address.
In Access Control > Users, Create a user with username (userName),
password (password) and the option 'Allow any host selected'. It is
recommended to use a seperate user account to access from WorkBench
Connecting
In the MySQL Workbench home view, click New Connection.
In the Setup New Connection window, provide a Connection Name,
Hostname and Username
Click Test Connection. You will be prompted for a password.
Once the MySQL connection is made successful, Click OK and click on
the saved connection to open SQL Editor
Google App Engine:
Google App Engine is a platform for building scalable web applications and mobile backends. App Engine will scale your application automatically.
refer https://cloud.google.com/appengine
Now we'll see how to set up a connection between an App Engine application and a Cloud SQL instance.
Configuring access
Go to the Cloud SQL Instances page in the Google Cloud Platform
Console and select the instance.
In Access Control > Authorization > Authorized App Engine
applications, click Add application ID and enter the application ID.
Click Done and Save.
In Overview > Properties Copy the 'Instance connection name'
(Instance_Connection_Name)
In your Google Web Application Project,
war/WEB-INF/appengine-web.xml add,
true
Code sample:
An Exaple for Google App Engine - Java Standard Environment
public static Connection connect() throws ClassNotFoundException, SQLException {
String url = null;
{
if (SystemProperty.environment.value() == SystemProperty.Environment.Value.Production) {
// Connecting from App Engine.
Class.forName(Messages.getString("com.mysql.jdbc.GoogleDriver"));
url = Messages.getString("jdbc:google:mysql://{{Instance_Connection_Name}}/{{DataBase_Name}}?user=root&password={{root_password}}");
} else {
// Connecting from an external network or localhost
Class.forName(Messages.getString("com.mysql.jdbc.Driver"));
url = Messages.getString("jdbc:mysql://{{Instance_IPv4_address}}:3306/{{DataBase_Name}}?user={{userName}}&password={{password}}");
}
Connection conn = DriverManager.getConnection(url);
return conn;
}
}
I would like to add to what Newton said:
The instance connection name is not just your "project_id:instance_id". Please go to the Google Cloud SQL Instance Overview page and copy the value in 'Instance connection name' field. Often 'Instance connection name' has region names or other values included, so be careful to replace it.
Related
I have set up 2 projects in my Google Cloud console. The following are the two projects that I have set up in my console.
1. Cloud SQL + App Engine
2. App Engine (New)
So the idea is App Engine (1) is running the same database as App Engine (2). I have already set up the IAM Permission Page and IAM Admin and Project Page.
I have given both projects as Project Editor role too, but still my (2) still can't connect to my (1) database.
Any help please?
Granting access to an application does not automatically enable a database user account to connect to the instance.
You may connect through a proxy, in which case you should follow these steps:
Enable the API
Install the proxy client on your local machine
Determine how you will authenticate the proxy
If required by your authentication method, create a service account
Determine how you will specify your instances for the proxy
Start the proxy
Update your application to connect to Cloud SQL using the proxy
You can find related details on the Connecting to Cloud SQL from External Applications.
This documents provides steps that cover configuring access for IP connections as well.
If you connect from within the app engine environment, you may have a look at Connecting from App Engine.
I have a web app running in Azure and one of its requirement is to send e-mail from SQL Server's DB Mail; however the attachments are stored in App Service environment.
My question is how can access the attachment in App Service folder?
My Setup:
Web App on Azure App Services
SQL Server PAAS model
NO VMs used
In App Service Editor, I have an URL for each file like
https://xxxxx.scm.azurewebsites.net/dev/wwwroot/uploads/test.pdf;
Can I use this URL? Or is there anyway I can use?
As hiFI said, Database mail feature is not supported in Azure SQL Database.
If possible, please send email in your web app code behind (when you do operations on your database in your code) and use https://{your app name}.azurewebsites.net/uploads/test.pdf that would be accessible.
Besides, you could store the pdf files in Azure Blob storage and provide the URL to the pdf file, and a SAS could be used to grant limited access to objects in storage account.
I have hosted a webapp in azure cloud.
My MS sql database is in rackspace which only allows a selected ip to access.
I can add more IPs to allow access to the rackspace database.
Which IP address of the Azure webapp should I add in rackspace?
Is it the customDomain's IP address or something else.
There isn't just one - check out this doc - basically Azure Web Apps run in a server farm that's managed by Microsoft. Unless you use an ASE (app service environment) you can't change this. There are a couple of ways you can do what you're trying to do - either
1 - connect over the internet by opening up the ports on your rackspace VM - this will work, but opens you up to the possibility of a network layer attack from any app that someone hosts in Azure. (so you're relying on authentication rather than network level protection).
2 - use a hybrid connection - this is an app service feature that allows you to download a gateway exe app that runs in your VM in rackspace, and then connects to the app service and creates a secure tunnel to it. Hence, its outbound from your rackspace DC, you don't need to change firewall settings. You can read about it and download the app from the azure portal (in app services). You then configure the connection in your azure web app just as if the rackspace VM was on the same network. (eg. you can use "localhost" if the gateway exe is running on the sql server). This is the approach I'd recommend if you can't move your SQL estate to Azure SQL and hence locate it alongside your web apps.
I have a Google Cloud SQL project : cwdataproject (Project ID). I have created a schema named cwdb in it. Its Instance ID is : cwdataproject:cwinstance
I have provided access and privilege to cwdb for root user "root"
I have another app Google App Engine : messageframework (Project ID)
Project ID: messageframework
I have provided Authorized App Engine Applications in cwdataproject for messageframework
I have provided Authorized Networks for my local IP. and I am able to connect from local My SQL client successfully.
My code to connect Google Cloud SQL from messageframework app is as below.
Code:
Class.forName("com.mysql.jdbc.GoogleDriver");
url = "jdbc:google:mysql://cwdataproject:cwinstance/cwdb?user=ajoysinha;
DriverManager.getConnection(url);
But is is giving the following error
Access denied for user 'root'#'localhost' (using password: NO)
How can we resolve this connectivity problem?
I am able to connect Cloud SQL from my local MySql client and do all the operation. but not from GAE.
Configuring Google Cloud SQL to work with an app built using GWT Eclipse EE Plugin and am having authentication issues.
Google Command Line Tool - try running ./google_sql.sh instance
Need guidance setting up GoogleCL for CloudSQL. I installed regular GoogleCL using MacPorts. What next? I tried:
echo 'export PATH=Applications/eclipse/plugins/com.google.appengine.eclipse.sdkbundle_1.7.0/appengine-java-sdk-1.7.0/bin/:$PATH' >> ~/.profile
ECLIPSE
Eclipse asks for Instance Name and Database name in two separate fields. I've tried every permutation of Project ID:database name (e.g. petproject:dog).
Here is the Eclipse error report (its the same every time):
Could not connect to Profile (name-of-the-project-in-Eclipse.GoogleCloudSQL.DevInstance).
Error creating SQL Model Connection connection to Profile (name-of-the-project-in-Eclipse.GoogleCloudSQL.DevInstance). (Error: Access denied for user 'my-login-id'#'localhost' (using password: YES))
Access denied for user 'my-login-id'#'localhost' (using password: YES)
Error creating Google Cloud SQL Connection factory connection to Profile (pse:
Could not connect to Profile (name-of-the-project-in-Eclipse.GoogleCloudSQL.DevInstance). (Error: Access denied for user 'my-login-id'#'localhost' (using password: YES))
Other
I can get a test app to work just fine. I have the test app running through a domain that I own. I've created a Google Cloud SQL project and instance. I've given permission for my app to use the instance on the Google API console. I have local mysql running and created the database/schema on my machine. I can't link up my local database to the GWT because the entire Google Cloud SQL needs to function.
Thanks -- very much appreciated.