无法通过Cloud Shell按代理通过Cloud SQL代理进行连接 [英] Cannot Connect by Cloud SQL Proxy from Cloud Shell By Proxy
问题描述
我正在遵循GAE的 Django 示例,但无法连接到Cloud SQL Google Cloud Shell的代理实例.可能与权限设置有关,因为我看到请求未被授权
I am following the Django sample for GAE and have problem to connect to Cloud SQL instance by Proxy from Google Cloud Shell. Possibly related to permission setting since I see the request not authorized,
其他背景
-
"gcloud beta sql connect auth-instance --user = root"连接没有问题.
"gcloud beta sql connect auth-instance --user=root" has no problem to connect.
我有一个SQL Proxy Client的服务帐户.
I have a service account for SQL Proxy Client.
我可能会错过一些东西.有人可以说明一下吗?预先感谢.
I possibly miss something. Could someone please shed some light? Thanks in advance.
谢谢.
代理日志:
./cloud_sql_proxy -instances=auth-158903:asia-east1:auth-instance=tcp:3306
2017/02/17 14:00:59 Listening on 127.0.0.1:3306 for auth-158903:asia-east1:auth-instance
2017/02/17 14:00:59 Ready for new connections
2017/02/17 14:01:07 New connection for "auth-158903:asia-east1:auth-instance"
2017/02/17 14:03:16 couldn't connect to "auth-158903:asia-east1:auth-instance": dial tcp 107.167.191.26:3307: getsockopt: connection timed out
客户端日志:
mysql -u root -p --host 127.0.0.1
Enter password:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
我也尝试使用凭证文件,但还是没有运气,
I also try with credential file but still no luck,
./cloud_sql_proxy -instances=auth-158903:asia-east1:auth-instance=tcp:3306 -credential_file=Auth-2eede8ae0d0b.jason
2017/02/17 14:21:36 using credential file for authentication; email=sql-proxy-client@auth-158903.iam.gserviceaccount.com
2017/02/17 14:21:36 Listening on 127.0.0.1:3306 for auth-158903:asia-east1:auth-instance
2017/02/17 14:21:36 Ready for new connections
2017/02/17 14:21:46 New connection for "auth-158903:asia-east1:auth-instance"
2017/02/17 14:21:48 couldn't connect to "auth-158903:asia-east1:auth-instance": ensure that the account has access to "auth-158903:asia-east1:auth-instance" (and make sure there's no typo in that name). Error during get instance auth-158903:asia-east1:auth-instance: googleapi: **Error 403: The client is not authorized to make this request., notAuthorized**
推荐答案
Cloud SQL代理使用端口3307而不是更常用的MySQL端口3306.这是因为它以不同的方式使用TLS,并且具有不同的IP ACL.结果,默认情况下,允许MySQL通信的防火墙将不允许Cloud SQL代理.
The Cloud SQL proxy uses port 3307 instead of the more usual MySQL port 3306. This is because it uses TLS in a different way and has different IP ACLs. As a consequence, firewalls that allow MySQL traffic won't allow Cloud SQL proxy by default.
查看一下您的网络上是否有防火墙阻止了端口3307.要使用Cloud SQL代理,请授权此端口进行出站连接.
Take a look and see if you have a firewall on your network that blocks port 3307. To use Cloud SQL proxy, authorize this port for outbound connections.
这篇关于无法通过Cloud Shell按代理通过Cloud SQL代理进行连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!