[google-cloud-sql-discuss] Re: Postgre - HA timeline

Hello Cesar-

Our development of Cloud SQL for PostgreSQL continues and we added 19 new extensions this month (https://cloud.google.com/sql/docs/release-notes).  However, while we plan to introduce failover functionality (HA) for the Postgres product, we cannot provide a delivery timeline.

Thanks,
Brett

On Thursday, June 29, 2017 at 12:28:06 PM UTC-7, Cesar Salazar wrote:

Hi. Is there any update on a timeline for Highly Available PostgreSQL? This feature alone can determine if I use AWS or Google Cloud for my product.

On Thursday, April 6, 2017 at 6:03:34 PM UTC-5, Brett Hesterberg wrote:

Hello Curt-

Glad you are enjoying Cloud SQL for PostgreSQL.  We plan to introduce failover functionality (HA) for the Postgres product, but cannot provide a delivery timeline.

Thanks,

Brett

On Wednesday, April 5, 2017 at 2:09:52 PM UTC-7, Curtis Sammer wrote:

First of all, thanks for adding Postgre support to Cloud SQL.

Now I'm wondering what is the timeline to add HA features for Postgres?

Thanks,

Curt

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/40dd3508-32d7-40b8-b411-fcb937a6b43e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[google-cloud-sql-discuss] CloudSQL machinetype upgrade - Could not complete this operation

Attempting to upgrade machinetype, in anticipation of high load event.

Receiving the error:

"Could not complete this operation"

Other project CloudSQL working correctly. Only different is that problem instance had a read replica created (which was subsequently deleted with upgrade attempted again).

Advice appreciated.

Jim

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/c7a46efc-2557-4b22-9b09-f806836eb6c5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[google-cloud-sql-discuss] Cloud SQL upgrade - Could not complete the operation

Hi

I am attempting to upgrade the CloudSQL instances, in anticipation of a high load event.

Currently receiving the error

"Could not complete the operation"

Other instances in different projects upgraded ok. The difference being, with the problem CloudSQL instance, I enabled replica and binary logging (which was removed and upgrade attempted again without success).

Would appreciate some help / feedback.

jim

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/8ccb2da6-0f46-4765-a618-a217432bcfb0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[google-cloud-sql-discuss] Re: Postgre - HA timeline

Hi. Is there any update on a timeline for Highly Available PostgreSQL? This feature alone can determine if I use AWS or Google Cloud for my product.

On Thursday, April 6, 2017 at 6:03:34 PM UTC-5, Brett Hesterberg wrote:

Hello Curt-

Glad you are enjoying Cloud SQL for PostgreSQL.  We plan to introduce failover functionality (HA) for the Postgres product, but cannot provide a delivery timeline.

Thanks,

Brett

On Wednesday, April 5, 2017 at 2:09:52 PM UTC-7, Curtis Sammer wrote:

First of all, thanks for adding Postgre support to Cloud SQL.

Now I'm wondering what is the timeline to add HA features for Postgres?

Thanks,

Curt

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/e9d2d6f4-46f4-4241-9486-346d653f54b4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [google-cloud-sql-discuss] googleapi: Error 403: Access Not Configured. Cloud SQL Administration API has not been used in project

We have updated the docs too!

On Fri, Jun 23, 2017 at 10:34 AM, Alex Ryan <alexander.j.ryan@gmail.com> wrote:

That worked beautifully David.

Muchas gracias

On Friday, June 23, 2017 at 9:46:19 AM UTC-7, David Newgas wrote:

Hi,

If you run the command that way on GCE it will use the service account for your instance. By default this will be PROJECT_NUM...@developer.gserviceaccount.com, although when you create the instance you can specify other service accounts. So one possible issue is that this account does not have the required IAM permission to access your Cloud SQL instance. When you use the default credentials on GCE, it is also restricted to certain APIs, by default GCS read-only, writing to cloud logging/monitoring, and Google Cloud Endpoints.  So a second possible issue is that your GCE instance doesn't have sufficient scopes set up. This is what is being referenced where the docs say "If you created your Compute Engine instance with either Full API access or Cloud SQL API enabled, you can skip this step; you do not need to provide a certificate file when you start the proxy."

You have two options going forward:

1. Use the JSON service account credentials you created. You can pass them to cloud_sql_proxy with the -credential_file parameter or  in the GOOGLE_APPLICATION_CREDENTIALS environmental variable.
2. Use the GCE default service account, but make sure a) the instance's service account has either Editor or Cloud SQL Client role on your project and b) the instance has access scope to the Cloud SQL API enabled.

Our instructions are a bit confusing as you point out... they advise creating a service account (option 1) but then give the command line for option 2. I'll try and clean that up.

David

On Thu, Jun 22, 2017 at 6:47 PM, Alex Ryan <alexande...@gmail.com> wrote:

I have a 2nd gen google cloud sql instance running in project A which I would like to connect to from a google compute engine instance in project B via the cloudsql-proxy.

The instructions for doing so are here:

https://cloud.google.com/sql/docs/mysql/connect-compute-engine#gce-connect-proxy

I believe that I have followed these instructions precisely and yet I still get this error:

2017/06/23 01:14:41 couldn't connect to "INSTANCE-CONNECTION-NAME": ensure that the account has access to "INSTANCE-CONNECTION-NAME" (and make sure there's no typo in that name). Error during createEphemeral for INSTANCE-CONNECTION-NAME: googleapi: Error 403: Access Not Configured. Cloud SQL Administration API has not been used in project 000000000 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/sqladmin.googleapis.com/overview?project=000000000 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured

there is no typo in the INSTANCE-CONNECTION-NAME

I HAVE enabled the Cloud SQL API (It no longer appears to be named "Cloud SQL Administrator API")

I HAVE waited for many minutes for the action to propagate to our systems and retry.

One thing I did find very strange about the instructions is that I was requested to create service account explicitly for the cloudsql-proxy and to generate a JSON key for it, but there were no instructions on actually using either of these.

I did ensure that the service account of the compute engine (in project B) was listing in project A with the credential of Cloud SQL > Cloud SQL Client. (Note: It was already in there with a role of Owner)

The command to start the proxy was simply this:

./cloud_sql_proxy -instances=<INSTANCE_CONNECTION_NAME>=tcp:3306

What do I need to do to make this work?

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/34ed1f62-4224-4890-875f-a686d194eec3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/b6608e3f-ef2e-4ca2-b118-e2d5c6eac341%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/CAJZK_bYT5g4_ARKS_PQt5g_%2BG--B5LJZWcPH4iWXb8pJ0cC2JQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [google-cloud-sql-discuss] Eliminating SSL overhead by using a Google VM to connect to CloudSQL

Hi,

What requirements you will have here depends a lot on what you are trying to defend against. If you are attack from outside google, then our physical network isolation should suffice (although you might want to encrypt anyway for security in depth). If you are trying to defend against attack from other GCP customers, our virtual network isolation should suffice (although you might want to to encrypt anyway, to protect against a hypothetical bug in this system).

The scenario you suggest - defending against Google employees with access to network devices inspecting your traffic - does require SSL to protect against. For what it's worth our policy strongly limits access to user data and we have extensive access restrictions and audit logging to enforce this.

To take a different approach on this issue... I'm kind of surprised SSL is adding 500ms of overhead for you. It might be possible to reduce this, here are some ideas:

• Ensure your VMs and Cloud SQL instance are in the same region to minimize latency (thus reducing time introduced by additional round trips for ssl handshake)
• Try out connection pooling (thus reducing the number of connections which incur connection setup overhead). If your application is legacy and cannot have connection pooling retrofitted you might achieve this with one of he various MySQL proxies around.
• Ensure your VMs and Cloud SQL instance are not maxed out on CPU (as encryption adds some processor overhead)

On Tue, Jun 27, 2017 at 8:57 AM, Kurt Josep <kurt.josephson@gmail.com> wrote:

Thanks David - that clarifies a lot.  If traffic never leaves Google's networks, does that mean it would only be intercepted or sniffed by someone at Google who has access to your routers/switches, or that other customers like myself could potentially intercept it?  It's probably moot as I'd prefer not to allow _anyone_ access to mysql credentials with write privileges, but just wanted to get a feel for how limited of a pool of people would have access to see that traffic.

Thanks again,

-Kurt

On Tuesday, June 27, 2017 at 11:35:11 AM UTC-4, David Newgas wrote:

Hi Kurt,

I believe you are referring to articles such as this, which says "messages inside of the Google datacenter network will be encrypted". We use encryption in lots of places (such as on disk and HTTPS to users) but this is mostly referring to encryption in our RPC mechanism (closely related to gRPC, which also provides encryption). As traffic from your GCE instance to Cloud SQL is raw packets and not in this RPC mechanism it doesn't automatically get encrypted.

Therefore if you want your traffic encrypted between the VM and the Cloud SQL instance, you should enable SSL.  However note that traffic from GCE to Cloud SQL doesn't leave our network, so whether you need to encrypt this depends on your data and threat model.

You can read more about GCP security at https://cloud.google.com/security/.

David

On Tue, Jun 27, 2017 at 6:12 AM, Kurt Josep <kurt.jo...@gmail.com> wrote:

I remember reading that all traffic between endpoints within the Google ecosystem are encrypted - is that accurate?  Would that mean that I could turn off SSL for MYSQL connections from a Google hosted VM and my Google CloudSQL instance since the traffic would be encrypted anyway?  That would be a pretty big performance boost for my legacy app where the SSL negotiation slows down each request by ~0.5 seconds and requires extra resources that could be devoted to serving more traffic.

Thanks,

-Kurt

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/46c84354-38ec-4f6e-bbb0-4db06b189810%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/3efd4dc9-ef77-4753-a909-7f58b7e47ff4%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/CAJZK_bYHZ8FOGk7PjmrEkjUFQBht7ARqMiZWehzGmPWcVqy-wA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [google-cloud-sql-discuss] Eliminating SSL overhead by using a Google VM to connect to CloudSQL

Thanks David - that clarifies a lot.  If traffic never leaves Google's networks, does that mean it would only be intercepted or sniffed by someone at Google who has access to your routers/switches, or that other customers like myself could potentially intercept it?  It's probably moot as I'd prefer not to allow _anyone_ access to mysql credentials with write privileges, but just wanted to get a feel for how limited of a pool of people would have access to see that traffic.

Thanks again,

-Kurt

On Tuesday, June 27, 2017 at 11:35:11 AM UTC-4, David Newgas wrote:

Hi Kurt,

I believe you are referring to articles such as this, which says "messages inside of the Google datacenter network will be encrypted". We use encryption in lots of places (such as on disk and HTTPS to users) but this is mostly referring to encryption in our RPC mechanism (closely related to gRPC, which also provides encryption). As traffic from your GCE instance to Cloud SQL is raw packets and not in this RPC mechanism it doesn't automatically get encrypted.

Therefore if you want your traffic encrypted between the VM and the Cloud SQL instance, you should enable SSL.  However note that traffic from GCE to Cloud SQL doesn't leave our network, so whether you need to encrypt this depends on your data and threat model.

You can read more about GCP security at https://cloud.google.com/security/.

David

On Tue, Jun 27, 2017 at 6:12 AM, Kurt Josep <kurt.jo...@gmail.com> wrote:

I remember reading that all traffic between endpoints within the Google ecosystem are encrypted - is that accurate?  Would that mean that I could turn off SSL for MYSQL connections from a Google hosted VM and my Google CloudSQL instance since the traffic would be encrypted anyway?  That would be a pretty big performance boost for my legacy app where the SSL negotiation slows down each request by ~0.5 seconds and requires extra resources that could be devoted to serving more traffic.

Thanks,

-Kurt

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/46c84354-38ec-4f6e-bbb0-4db06b189810%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/3efd4dc9-ef77-4753-a909-7f58b7e47ff4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [google-cloud-sql-discuss] Eliminating SSL overhead by using a Google VM to connect to CloudSQL

Hi Kurt,

I believe you are referring to articles such as this, which says "messages inside of the Google datacenter network will be encrypted". We use encryption in lots of places (such as on disk and HTTPS to users) but this is mostly referring to encryption in our RPC mechanism (closely related to gRPC, which also provides encryption). As traffic from your GCE instance to Cloud SQL is raw packets and not in this RPC mechanism it doesn't automatically get encrypted.

Therefore if you want your traffic encrypted between the VM and the Cloud SQL instance, you should enable SSL.  However note that traffic from GCE to Cloud SQL doesn't leave our network, so whether you need to encrypt this depends on your data and threat model.

You can read more about GCP security at https://cloud.google.com/security/.

David

On Tue, Jun 27, 2017 at 6:12 AM, Kurt Josep <kurt.josephson@gmail.com> wrote:

I remember reading that all traffic between endpoints within the Google ecosystem are encrypted - is that accurate?  Would that mean that I could turn off SSL for MYSQL connections from a Google hosted VM and my Google CloudSQL instance since the traffic would be encrypted anyway?  That would be a pretty big performance boost for my legacy app where the SSL negotiation slows down each request by ~0.5 seconds and requires extra resources that could be devoted to serving more traffic.

Thanks,

-Kurt

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/46c84354-38ec-4f6e-bbb0-4db06b189810%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/CAJZK_bbS6AiXRNeSHBcu%3DZ6K1z02fQrMCddQ99_xwBCZPAN_Tw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[google-cloud-sql-discuss] Eliminating SSL overhead by using a Google VM to connect to CloudSQL

I remember reading that all traffic between endpoints within the Google ecosystem are encrypted - is that accurate?  Would that mean that I could turn off SSL for MYSQL connections from a Google hosted VM and my Google CloudSQL instance since the traffic would be encrypted anyway?  That would be a pretty big performance boost for my legacy app where the SSL negotiation slows down each request by ~0.5 seconds and requires extra resources that could be devoted to serving more traffic.

Thanks,

-Kurt

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/46c84354-38ec-4f6e-bbb0-4db06b189810%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[google-cloud-sql-discuss] Re: Gcloud SQL Instance stuck at restart

I see that you have correctly reported this in a Public Issue Tracker. All further work on this issue will occur in the issue tracker. 

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/0c7030a2-1ee3-4151-ab2e-a569ea6db5d1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [google-cloud-sql-discuss] Gcloud SQL Instance stuck at restart

Hi Fabio,

I've cancelled running operation, so your instance should be unstuck now.

I recommend to keep storage_auto_resize on to avoid problems like this.

Thank you!

--
Vladimir Rusinov
PostgreSQL SRE, Google Ireland

Google Ireland Ltd.,Gordon House, Barrow Street, Dublin 4, Ireland
Registered in Dublin, Ireland
Registration Number: 368047

On Mon, Jun 26, 2017 at 12:37 PM, Fabio Bugalla <fbugalla@etactica.net> wrote:

Hello, 

Our MySQL instance on mautic-0001 project with IP: 130.211.65.9 has got stuck while restarting.

We are trying to upgrade it to a bigger instance, as we run out of space, but we ain't able to restart, stop, the instance nor to recover the BBDD backups or acces via gcloud shell.

Please help.

Thank you

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/6db93ba3-cb22-4e19-adee-3a1f51409ef3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/CAE1wr-w4r%3DD7chWBuq4Z3vGn%3Dr70Oxogjrfmei4utwVu0uZe1g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[google-cloud-sql-discuss] Gcloud SQL Instance stuck at restart

Hello, 

Our MySQL instance on mautic-0001 project with IP: 130.211.65.9 has got stuck while restarting.

We are trying to upgrade it to a bigger instance, as we run out of space, but we ain't able to restart, stop, the instance nor to recover the BBDD backups or acces via gcloud shell.

Please help.

Thank you

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/6db93ba3-cb22-4e19-adee-3a1f51409ef3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [google-cloud-sql-discuss] googleapi: Error 403: Access Not Configured. Cloud SQL Administration API has not been used in project

That worked beautifully David.

Muchas gracias

On Friday, June 23, 2017 at 9:46:19 AM UTC-7, David Newgas wrote:

Hi,

If you run the command that way on GCE it will use the service account for your instance. By default this will be PROJECT_NUM...@developer.gserviceaccount.com, although when you create the instance you can specify other service accounts. So one possible issue is that this account does not have the required IAM permission to access your Cloud SQL instance. When you use the default credentials on GCE, it is also restricted to certain APIs, by default GCS read-only, writing to cloud logging/monitoring, and Google Cloud Endpoints.  So a second possible issue is that your GCE instance doesn't have sufficient scopes set up. This is what is being referenced where the docs say "If you created your Compute Engine instance with either Full API access or Cloud SQL API enabled, you can skip this step; you do not need to provide a certificate file when you start the proxy."

You have two options going forward:

1. Use the JSON service account credentials you created. You can pass them to cloud_sql_proxy with the -credential_file parameter or  in the GOOGLE_APPLICATION_CREDENTIALS environmental variable.
2. Use the GCE default service account, but make sure a) the instance's service account has either Editor or Cloud SQL Client role on your project and b) the instance has access scope to the Cloud SQL API enabled.

Our instructions are a bit confusing as you point out... they advise creating a service account (option 1) but then give the command line for option 2. I'll try and clean that up.

David

On Thu, Jun 22, 2017 at 6:47 PM, Alex Ryan <alexande...@gmail.com> wrote:

I have a 2nd gen google cloud sql instance running in project A which I would like to connect to from a google compute engine instance in project B via the cloudsql-proxy.

The instructions for doing so are here:

https://cloud.google.com/sql/docs/mysql/connect-compute-engine#gce-connect-proxy

I believe that I have followed these instructions precisely and yet I still get this error:

2017/06/23 01:14:41 couldn't connect to "INSTANCE-CONNECTION-NAME": ensure that the account has access to "INSTANCE-CONNECTION-NAME" (and make sure there's no typo in that name). Error during createEphemeral for INSTANCE-CONNECTION-NAME: googleapi: Error 403: Access Not Configured. Cloud SQL Administration API has not been used in project 000000000 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/sqladmin.googleapis.com/overview?project=000000000 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured

there is no typo in the INSTANCE-CONNECTION-NAME

I HAVE enabled the Cloud SQL API (It no longer appears to be named "Cloud SQL Administrator API")

I HAVE waited for many minutes for the action to propagate to our systems and retry.

One thing I did find very strange about the instructions is that I was requested to create service account explicitly for the cloudsql-proxy and to generate a JSON key for it, but there were no instructions on actually using either of these.

I did ensure that the service account of the compute engine (in project B) was listing in project A with the credential of Cloud SQL > Cloud SQL Client. (Note: It was already in there with a role of Owner)

The command to start the proxy was simply this:

./cloud_sql_proxy -instances=<INSTANCE_CONNECTION_NAME>=tcp:3306

What do I need to do to make this work?

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/34ed1f62-4224-4890-875f-a686d194eec3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/b6608e3f-ef2e-4ca2-b118-e2d5c6eac341%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [google-cloud-sql-discuss] googleapi: Error 403: Access Not Configured. Cloud SQL Administration API has not been used in project

Hi,

If you run the command that way on GCE it will use the service account for your instance. By default this will be PROJECT_NUMBER-compute@developer.gserviceaccount.com, although when you create the instance you can specify other service accounts. So one possible issue is that this account does not have the required IAM permission to access your Cloud SQL instance. When you use the default credentials on GCE, it is also restricted to certain APIs, by default GCS read-only, writing to cloud logging/monitoring, and Google Cloud Endpoints.  So a second possible issue is that your GCE instance doesn't have sufficient scopes set up. This is what is being referenced where the docs say "If you created your Compute Engine instance with either Full API access or Cloud SQL API enabled, you can skip this step; you do not need to provide a certificate file when you start the proxy."

You have two options going forward:

1. Use the JSON service account credentials you created. You can pass them to cloud_sql_proxy with the -credential_file parameter or  in the GOOGLE_APPLICATION_CREDENTIALS environmental variable.
2. Use the GCE default service account, but make sure a) the instance's service account has either Editor or Cloud SQL Client role on your project and b) the instance has access scope to the Cloud SQL API enabled.

Our instructions are a bit confusing as you point out... they advise creating a service account (option 1) but then give the command line for option 2. I'll try and clean that up.

David

On Thu, Jun 22, 2017 at 6:47 PM, Alex Ryan <alexander.j.ryan@gmail.com> wrote:

I have a 2nd gen google cloud sql instance running in project A which I would like to connect to from a google compute engine instance in project B via the cloudsql-proxy.

The instructions for doing so are here:

https://cloud.google.com/sql/docs/mysql/connect-compute-engine#gce-connect-proxy

I believe that I have followed these instructions precisely and yet I still get this error:

2017/06/23 01:14:41 couldn't connect to "INSTANCE-CONNECTION-NAME": ensure that the account has access to "INSTANCE-CONNECTION-NAME" (and make sure there's no typo in that name). Error during createEphemeral for INSTANCE-CONNECTION-NAME: googleapi: Error 403: Access Not Configured. Cloud SQL Administration API has not been used in project 000000000 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/sqladmin.googleapis.com/overview?project=000000000 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured

there is no typo in the INSTANCE-CONNECTION-NAME

I HAVE enabled the Cloud SQL API (It no longer appears to be named "Cloud SQL Administrator API")

I HAVE waited for many minutes for the action to propagate to our systems and retry.

One thing I did find very strange about the instructions is that I was requested to create service account explicitly for the cloudsql-proxy and to generate a JSON key for it, but there were no instructions on actually using either of these.

I did ensure that the service account of the compute engine (in project B) was listing in project A with the credential of Cloud SQL > Cloud SQL Client. (Note: It was already in there with a role of Owner)

The command to start the proxy was simply this:

./cloud_sql_proxy -instances=<INSTANCE_CONNECTION_NAME>=tcp:3306

What do I need to do to make this work?

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/34ed1f62-4224-4890-875f-a686d194eec3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/CAJZK_bYX221wDor_NJ7YAD0GnyjD7VUyHH4scvBAx5rkLkWgTA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[google-cloud-sql-discuss] googleapi: Error 403: Access Not Configured. Cloud SQL Administration API has not been used in project

I have a 2nd gen google cloud sql instance running in project A which I would like to connect to from a google compute engine instance in project B via the cloudsql-proxy.

The instructions for doing so are here:

https://cloud.google.com/sql/docs/mysql/connect-compute-engine#gce-connect-proxy

I believe that I have followed these instructions precisely and yet I still get this error:

2017/06/23 01:14:41 couldn't connect to "INSTANCE-CONNECTION-NAME": ensure that the account has access to "INSTANCE-CONNECTION-NAME" (and make sure there's no typo in that name). Error during createEphemeral for INSTANCE-CONNECTION-NAME: googleapi: Error 403: Access Not Configured. Cloud SQL Administration API has not been used in project 000000000 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/sqladmin.googleapis.com/overview?project=000000000 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured

there is no typo in the INSTANCE-CONNECTION-NAME

I HAVE enabled the Cloud SQL API (It no longer appears to be named "Cloud SQL Administrator API")

I HAVE waited for many minutes for the action to propagate to our systems and retry.

One thing I did find very strange about the instructions is that I was requested to create service account explicitly for the cloudsql-proxy and to generate a JSON key for it, but there were no instructions on actually using either of these.

I did ensure that the service account of the compute engine (in project B) was listing in project A with the credential of Cloud SQL > Cloud SQL Client. (Note: It was already in there with a role of Owner)

The command to start the proxy was simply this:

./cloud_sql_proxy -instances=<INSTANCE_CONNECTION_NAME>=tcp:3306

What do I need to do to make this work?

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/34ed1f62-4224-4890-875f-a686d194eec3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[google-cloud-sql-discuss] Re: how to integrate google cloud sql from firebase functions

Hello Raja, this forum is intended for general discussion of Cloud SQL on the Google Cloud Platform and not Firebase. I do see you also posted your question on the Firebase Google Group and I encourage you to gather as many details about what you want to do and how you want to do it and post a question on Stack Overflow using the firebase tag, as it is the best place to get answers to "How do I..." type questions.

On Thursday, June 22, 2017 at 9:35:54 AM UTC-4, RajaRam MBBS wrote:

Hi,

Firebase functions realtime database trigger connect and access google cloud sql instance database table to WRITE data.

And using firebase functions HTTP trigger access google cloud sql instance database table to READ data.

Or any other solutions also welcome.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/d33e71f2-772a-4a08-b9ec-af4997cd1035%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[google-cloud-sql-discuss] how to integrate google cloud sql from firebase functions

Hi,

Firebase functions realtime database trigger connect and access google cloud sql instance database table to WRITE data.

And using firebase functions HTTP trigger access google cloud sql instance database table to READ data.

Or any other solutions also welcome.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/0a48b1db-f07a-435e-a331-09cdce5dfd6d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [google-cloud-sql-discuss] Re: Failover replica as read replica

Yes, that's right. You have to connect separately to the read replica if you want to offload some queries.

On Tue, Jun 20, 2017 at 9:17 PM Lieven Janssen <lieven@salesflare.com> wrote:

Hi Vadim,

I expected that it would autoatically be a read replica for our end users (through API) as well to ease the load on our main db but I only saw one active connection. Do we need to set up a seperate db connection for all selects we do on the db from our API?

L.

On Monday, 19 June 2017 22:09:52 UTC+2, Vadim Berezniker wrote:

A failover replica is fully usable as a read replica. 

What errors do you see when you try to connect to it?

On Mon, Jun 19, 2017 at 6:16 AM Lieven Janssen <lie...@salesflare.com> wrote:

Hi Kamran,

I read this in the documentation but if I create a failover replica it doesn't allow me to use it as a read replica. Do you suggest creating a read replica instead of a failover replica? Will a read replica also be used as a failover when there is an outage of the master?

Best Regards,

Lieven

Op zaterdag 17 juni 2017 23:42:20 UTC+2 schreef Kamran (Google Cloud Support):

Hello Lieven,

As described in this article:

You can use the failover replica as a read replica, to offload read operations from the master.

For more information about creating read replicas, see Configuring Replication.

I hope this helps.

Sincerely,

On Saturday, June 17, 2017 at 3:34:52 PM UTC-4, Lieven Janssen wrote:

How can I use my failover replica as a read replica?

Can't seem to find any info or setting to turn this on.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/5c734c08-0b05-47e3-b4e3-1bc4a0751fd4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/e6da3220-3308-4353-a46e-03947bd9ecdb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/CABDU3p2eZhQjQQFXzU0zFQrLoQ0A%3DY7BHacaNdSfnBLqbRagOg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[google-cloud-sql-discuss] Re: google cloud sql machine type change "Could not complete the operation."

Hello Lieven,

To investigate further can you provide me with the following information through private message:

1. Project ID and instance name.

2. HAR capture when changing the instance type through Cloud console.

3. Try to upgrade with gcloud with debug flag, if it doesn't work provide me with the output.

Looking forward to your response.

Faizan

On Wednesday, June 21, 2017 at 12:20:47 AM UTC-4, Lieven Janssen wrote:

Hi,

I'm trying to upgrade our Google Cloud SQL instance from a highmem-4 to a highmem-8 but I always get the message "Could not complete the operation."

We would like to upgrate the db asap because we're running on full RAM atm.

Best Regards,

L.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/29d7f992-4b93-4e78-ad4b-367ead2d89db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[google-cloud-sql-discuss] google cloud sql machine type change "Could not complete the operation."

Hi,

I'm trying to upgrade our Google Cloud SQL instance from a highmem-4 to a highmem-8 but I always get the message "Could not complete the operation."

We would like to upgrate the db asap because we're running on full RAM atm.

Best Regards,

L.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/e41fe6f9-a83e-4365-8f83-3dd50cfc068e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [google-cloud-sql-discuss] Re: Failover replica as read replica

Hi Vadim,

I expected that it would autoatically be a read replica for our end users (through API) as well to ease the load on our main db but I only saw one active connection. Do we need to set up a seperate db connection for all selects we do on the db from our API?

L.

On Monday, 19 June 2017 22:09:52 UTC+2, Vadim Berezniker wrote:

A failover replica is fully usable as a read replica. 

What errors do you see when you try to connect to it?

On Mon, Jun 19, 2017 at 6:16 AM Lieven Janssen <lie...@salesflare.com> wrote:

Hi Kamran,

I read this in the documentation but if I create a failover replica it doesn't allow me to use it as a read replica. Do you suggest creating a read replica instead of a failover replica? Will a read replica also be used as a failover when there is an outage of the master?

Best Regards,

Lieven

Op zaterdag 17 juni 2017 23:42:20 UTC+2 schreef Kamran (Google Cloud Support):

Hello Lieven,

As described in this article:

You can use the failover replica as a read replica, to offload read operations from the master.

For more information about creating read replicas, see Configuring Replication.

I hope this helps.

Sincerely,

On Saturday, June 17, 2017 at 3:34:52 PM UTC-4, Lieven Janssen wrote:

How can I use my failover replica as a read replica?

Can't seem to find any info or setting to turn this on.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/5c734c08-0b05-47e3-b4e3-1bc4a0751fd4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/e6da3220-3308-4353-a46e-03947bd9ecdb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [google-cloud-sql-discuss] Re: Postgresql and pg_catalog.english support

Ok a newly created instance now has the english dictionary, probably mine was old.

Thank you for helping!

On Tuesday, June 20, 2017 at 8:29:15 AM UTC-7, Ankush Agarwal wrote:

Can you please send me your instance name and project name in a private message?

On Mon, Jun 19, 2017 at 10:04 PM Alessandro Tagliapietra <tagliapietr...@gmail.com> wrote:

Hi Ankush,

sorry for the delay but I didn't receive the notification. Anyway nope, I just have the simple dictionary (checked using that same command)

Seems I've to wait for the next cloud sql release for that https://issuetracker.google.com/issues/62068674#comment3

On Friday, June 16, 2017 at 10:30:39 AM UTC-7, Ankush Agarwal wrote:

Alessandro,

We currently support the following text search dictionaries. Are you not seeing this on your instance?

postgres=> \dFd

                             List of text search dictionaries

   Schema   |      Name       |                        Description

------------+-----------------+-----------------------------------------------------------

 pg_catalog | danish_stem     | snowball stemmer for danish language

 pg_catalog | dutch_stem      | snowball stemmer for dutch language

 pg_catalog | english_stem    | snowball stemmer for english language

 pg_catalog | finnish_stem    | snowball stemmer for finnish language

 pg_catalog | french_stem     | snowball stemmer for french language

 pg_catalog | german_stem     | snowball stemmer for german language

 pg_catalog | hungarian_stem  | snowball stemmer for hungarian language

 pg_catalog | italian_stem    | snowball stemmer for italian language

 pg_catalog | norwegian_stem  | snowball stemmer for norwegian language

 pg_catalog | portuguese_stem | snowball stemmer for portuguese language

 pg_catalog | romanian_stem   | snowball stemmer for romanian language

 pg_catalog | russian_stem    | snowball stemmer for russian language

 pg_catalog | simple          | simple dictionary: just lower case and check for stopword

 pg_catalog | spanish_stem    | snowball stemmer for spanish language

 pg_catalog | swedish_stem    | snowball stemmer for swedish language

 pg_catalog | turkish_stem    | snowball stemmer for turkish language

On Fri, Jun 16, 2017 at 9:12 AM, 'Faizan (Cloud Platform Support)' via Google Cloud SQL discuss <google-cloud...@googlegroups.com> wrote:

Hello Alessandro,

Support for multiple text search configuration including english will be available soon. You can refer to this feature request for updates.

Faizan

On Friday, June 16, 2017 at 10:12:58 AM UTC-4, Alessandro Tagliapietra wrote:

Hi there,

I've created a postgresl server on cloud sql, however it doens't come with the pg_catalog.english dictionary.

Why? Is there a way to add it?

Regards

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/34adc3e9-f7ed-4fb2-9031-e0b2ba747d4b%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Ankush Agarwal

Software Engineer, Cloud SQL

 

There are 10 types of people in this world - those who understand binary and those who don't

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/06540092-5712-4393-b6be-620f32fb30bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Ankush Agarwal

Software Engineer, Cloud SQL

 

There are 10 types of people in this world - those who understand binary and those who don't

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/d4dc88f6-fccc-49ef-899d-bd54e3d2bdbc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.