0
votes

**Frustrated by the lack of clear documentation for Google cloud compute engine (GCE) and integration with Google cloud SQL and especially linking the two. No live support, and current documentation lacks clarity by continuing to refer to Google App Engine. The documentation on Google App Engine references linking but no clear process for creating a link between VM Instance (in Compute Engine - GCE) and Google SQL on the same project in the Google Cloud (again both on Google Cloud).

I have installed Centos 7 VM (64) with Mariadb, MariaDB server and PHP with all connectors. I have tested all localhost call and all are working.

In Access Control on Google SQL:

  1. Directions seem to indicate using socket and then using root for PHP application ?

    • seems rather un-secure. Versus using root for admin then having app run limited permissions user in a limited database. Need different software components to have different Database and Table Access.
  2. When establishing a user with privileges in mySQL from CLI does Access Control require the same user setup up with same settings?

  3. When setting up SSL on Cloud SQl, should not the SSL be auto-populated to compute engine or do I need to set up the key files in compute engine as well. I have tried with this setting off (need very secure data transfer). But still no joy.

  4. In testing PHP access I, as of yet, have NOT gotten a data call to work, even using instructions found here: Accessing Google Cloud SQL instance from Google Compute Engine?

EDIT - SOLVED - Thanks to David below and link mentioned in comment below.

Follow directions below and add following steps:

  • a. After user is created on Developers Console in Cloud SQL, use CLI, HEIDI, mySQL Workbench or something similar to connect to Instance and set specific database privileges by adjusting the user already created.

  • b. Then return to VM (GCE) instance via SSH and adjust Apache/SELinux by allowing remote mysql - see this link: php can't connect to mysql with error 13 (but command line can)

  • c. Install a TEST mysqli or PDO connector and check for errors.

  • d. Voila

1

1 Answers

1
votes

The basic essence of connecting to Cloud SQL from PHP on GCE is the following:

  1. Ensure your Cloud SQL instance has an IPv4 address (Under "Access Control>IP address" on the instance's page)
  2. Find out the public IP address of your GCE instance and add it as an authorized network on your Cloud SQL instance (Under "Access Control>Authorization").
  3. Add a MySQL username and password for your instance with remote access (Under "Access Control>Users" - you need a user for client host %)
  4. When connecting from GCE use you standard MySQL connection system (e.g. mysqli_connect) with the username and password you just set up, connecting to the IPv4 address of your Cloud SQL instance.

Adding SSL is pretty manual - you need to create a client certificate, and copy the server CA, client certificate and client private key to the server, and then configure your MySQL client to use it.

You mention sockets & root access. This is App Engine specific. From Compute Engine you cannot use a socket to connect, and you are free to use any user you have created.