无法通过Cloud Shell按代理通过Cloud SQL代理进行连接 [英] Cannot Connect by Cloud SQL Proxy from Cloud Shell By Proxy

问题描述

我正在遵循GAE的 Django 示例，但无法连接到Cloud SQL Google Cloud Shell的代理实例.可能与权限设置有关，因为我看到请求未被授权

I am following the Django sample for GAE and have problem to connect to Cloud SQL instance by Proxy from Google Cloud Shell. Possibly related to permission setting since I see the request not authorized,

其他背景

1. "gcloud beta sql connect auth-instance --user = root"连接没有问题.

1. "gcloud beta sql connect auth-instance --user=root" has no problem to connect.

我有一个SQL Proxy Client的服务帐户.

I have a service account for SQL Proxy Client.

我可能会错过一些东西.有人可以说明一下吗?预先感谢.

I possibly miss something. Could someone please shed some light? Thanks in advance.

谢谢.

代理日志:

./cloud_sql_proxy -instances=auth-158903:asia-east1:auth-instance=tcp:3306

2017/02/17 14:00:59 Listening on 127.0.0.1:3306 for auth-158903:asia-east1:auth-instance
2017/02/17 14:00:59 Ready for new connections
2017/02/17 14:01:07 New connection for "auth-158903:asia-east1:auth-instance"
2017/02/17 14:03:16 couldn't connect to "auth-158903:asia-east1:auth-instance": dial tcp 107.167.191.26:3307: getsockopt: connection timed out

客户端日志:

mysql -u root -p --host 127.0.0.1
Enter password: 
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0

我也尝试使用凭证文件，但还是没有运气，

I also try with credential file but still no luck,

./cloud_sql_proxy -instances=auth-158903:asia-east1:auth-instance=tcp:3306 -credential_file=Auth-2eede8ae0d0b.jason

2017/02/17 14:21:36 using credential file for authentication; email=sql-proxy-client@auth-158903.iam.gserviceaccount.com
2017/02/17 14:21:36 Listening on 127.0.0.1:3306 for auth-158903:asia-east1:auth-instance
2017/02/17 14:21:36 Ready for new connections
2017/02/17 14:21:46 New connection for "auth-158903:asia-east1:auth-instance"
2017/02/17 14:21:48 couldn't connect to "auth-158903:asia-east1:auth-instance": ensure that the account has access to "auth-158903:asia-east1:auth-instance" (and make sure there's no typo in that name). Error during get instance auth-158903:asia-east1:auth-instance: googleapi:     **Error 403: The client is not authorized to make this request., notAuthorized**

推荐答案

Cloud SQL代理使用端口3307而不是更常用的MySQL端口3306.这是因为它以不同的方式使用TLS，并且具有不同的IP ACL.结果，默认情况下，允许MySQL通信的防火墙将不允许Cloud SQL代理.

The Cloud SQL proxy uses port 3307 instead of the more usual MySQL port 3306. This is because it uses TLS in a different way and has different IP ACLs. As a consequence, firewalls that allow MySQL traffic won't allow Cloud SQL proxy by default.

查看一下您的网络上是否有防火墙阻止了端口3307.要使用Cloud SQL代理，请授权此端口进行出站连接.

Take a look and see if you have a firewall on your network that blocks port 3307. To use Cloud SQL proxy, authorize this port for outbound connections.

这篇关于无法通过Cloud Shell按代理通过Cloud SQL代理进行连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！