I am through all the Google keyword variations and read every tutorial and guide twice. Can't get my problem solved.
I have the following setup:
- Google App Engine (flexible)
- Google Cloud SQL (using PostgreSQL)
- Cloud Proxy installed and working locally when connecting with psql
The Problem
As soon as I am deploying Hydro to my app engine instance, I will get the error message log and error:
level=info msg="Connecting with postgres://*:*@/cloudsql/myProjectID:us-central1:myCloudSQLInstance/.s.PGSQL.5432/postgres?sslmode=disable"
level=error msg="An error occurred" error="Could not Connect to SQL: dial tcp [::1]:5432: getsockopt: connection refused"
When I am deploying Hydra, the socket is available in the /cloudsql/myProjectID:us-central1:myCloudSQLInstance folder with the name .s.PGSQL.5432. I also get the message, that the socket is listening /cloudsql/myProjectID:us-central1:myCloudSQLInstance/.s.PGSQL.5432 when I am using docker logs myDockerImage. In another thread I read that this configuration could work. I also tried /cloudsql/myProjectID:us-central1:myCloudSQLInstance:5432 and even without the port.
It seems like the Hydra container can't get through to the Cloud SQL socket in another container (which is automatically published through app engine). I can also say, that it's not a problem that the socket needs time to warm up. Even after minutes I get the same error logs. And in the end, the whole instance crashes because of an fatal error (with the same error message)
Testing it locally I start the proxy like this: (case 1)
cloud_sql_proxy.exe -instances=myProjectID:us-central1:myCloudSQLInstance=tcp:5433
I also tried: (case 2)
cloud_sql_proxy.exe -instances=myProjectID:us-central1:myCloudSQLInstance=tcp:0.0.0.0:5433
In both cases I changed the database url, for example:
docker run -d --name hydra --network host -p 9000:4444
-e SYSTEM_SECRET=my_long_secret
-e DATABASE_URL=postgres://myUser:myPassword@127.0.0.1:5433/postgres?sslmode=disable
-e OAUTH2_ISSUER_URL=https://localhost:9000/
-e OAUTH2_CONSENT_URL=http://localhost:9020/consent
-e OAUTH2_LOGIN_URL=http://localhost:9020/login oryd/hydra:latest serve
This would be for case 1. But with both configuration it fails and the container crashes after some minutes like on app engine. I also tried using ipconfig and got the up of 10.0.75.1. Ping from inside the Hydra container to that IP is possible.
But when I am using psql locally like this:
psql "host=127.0.0.1 port=5433 sslmode=disable dbname=myDatabase user=myDBUser"
With that command, I can connect to the proxy and to the Cloud SQL database.
Oh and Google SQL Admin API is activated and working.
This is my app.yaml for Google App Engine:
runtime: custom
env: flex
automatic_scaling:
min_num_instances: 1
resources:
cpu: 1
memory_gb: 2
disk_size_gb: 10
env_variables:
DATABASE_URL: "postgres://myuser:mypass@/cloudsql/myProjectID:us-central1:myCloudSQLInstance/.s.PGSQL.5432?sslmode=disable"
SYSTEM_SECRET: "my_long_secret"
OAUTH2_ISSUER_URL: "https://myAuth.appspot.com/"
OAUTH2_CONSENT_URL: "http://example.com/consent"
OAUTH2_LOGIN_URL: "http://example.com/login"
beta_settings:
cloud_sql_instances: "myProjectID:us-central1:myCloudSQLInstance"
So my question is, is there some configuration that is needed to connect to the Google Cloud SQL Proxy with docker? Maybe there is something in the databse string that I am missing. It's really hard to debug, as there is just the error message of connection refused.
Update 06/29/2018
It works now on my local machine.
I used the following command to start the docker image for the Cloud SQL proxy:
docker run -d --name cloudsql -v c:\Users\myWindowsUser\Desktop\auth\cloudproxy:/cloudsql
-v c:\Users\myWindowsUser\auth\cloudproxy\config:/config
-p 127.0.0.1:3307:3307 gcr.io/cloudsql-docker/gce-proxy:1.11
/cloud_sql_proxy
-instances=myProjectID:us-central1:myCloudSQLInstance=tcp:0.0.0.0:3307
-credential_file=/config/my-auth.json
On Windows you need to check C: (in my case) in Settings/Shared Drives.
And then postgres://myUser:myPassword@0.0.0.0:3307/postgres?sslmode=disable as the DATABASE_URL.
Now I just need to know how to get it work on Google App Engine. I'll keep you updated!
UPDATE 2:
Got it working.
I had two problems:
- UNIX Socket was not reachable
- Database sting was TCP based
The solution
docker run -d --name hydra --network host --volume=/cloudsql:/cloudsql
-p 9000:4444 -e SYSTEM_SECRET=my_long_secret
-e DATABASE_URL=postgres:///myDatabase?host\=/cloudsql/myProjectID:us-central1:myCloudSQLInstance/\&sslmode=disable\&user=myDBUser\&password=myPassword
-e OAUTH2_ISSUER_URL=https://localhost:9000/
-e OAUTH2_CONSENT_URL=http://localhost:9020/consent
-e OAUTH2_LOGIN_URL=http://localhost:9020/login oryd/hydra:latest serve
With that configuration for hydra I was able to connect to the Cloud SQL database. Maybe this helps someone. So problem solved :)!
