Java connects to Cloud SQL 2nd Gen from Appengine Managed Virtual Machine

Question

Java connects to Cloud SQL 2nd Gen from Appengine Managed Virtual Machine

Attempted to establish a connection to Clond SQL 2nd Generation for Java Appengine with a managed virtual machine.

What I got:

VM uses Appengine Compat ( FROM gcr.io/google_appengine/java-compat) mode
I see a MySQL node on the host (SSHed, I see a socket /cloudsql/**), but by default the MySQL Java driver does not support unix sockets
Google driver not supported on managed virtual machine ( java.lang.ClassNotFoundException: com.mysql.jdbc.GoogleDriver)
and I can not connect to MySQL over IP
- without driver No suitable driver foundforjdbc:google:mysql://__IP__:3306/__db__
- or timeout for jdbc:mysql://__IP__:3306/__db__(I added the external IP address of MVM to authorized networks in MySQL)
- but interestingly, I can connect to this port from an MVM machine, even if the port is open. In any case, I do not like the idea of connecting via open IP: PORT. MVM each time has a new IP address, so I can’t even add a firewall rule to specify access only from my project.

How do I configure the ManagedVM application to connect to Cloud SQL?

+2

java google-app-engine mysql google-managed-vm google-cloud-sql

Igor Artamonov Jan 15 '16 at 7:29

source share

3 answers

Kevin Malachowski · Answer 1 · 2016-01-15T22:00:13+0000

VM Java, , , Unix Socket Java. , :

props.put("junixsocket.file", "/cloudsql/project-id:region:instance-id");

project-id - , region - , Cloud SQL (, us-east1) instance-id - cloud-sql. " ".

Vadim · Answer 2 · 2016-04-04T03:14:24+0000

Java Cloud SQL : https://github.com/GoogleCloudPlatform/cloud-sql-mysql-socket-factory

, , .

Igor Artamonov · Answer 3 · 2016-01-16T11:18:18+0000

, , - SSL- ManagedVM

.

Java Keystore SSL, Cloud SQL ( server-ca.pem, client-cert.pem client-key.pem):

echo '---------- GENERATE TrustStore'
keytool -import -alias mysqlCACert -file server-ca.pem -keystore truststore -storepass 123456

echo '---------- GENERATE KeyStore'
openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem \
    -out client.p12 -name clientalias -CAfile server-ca.pem -caname root
keytool -importkeystore -deststorepass 123456 -destkeystore keystore \
    -srckeystore client.p12 -srcstoretype PKCS12 -srcstorepass 123456 -alias clientalias

You will get two files: truststoreand keystore, which you will need to put into your target virtual machine.

Secondly, you should use custom Dockerfile, with files from the previous step:

FROM gcr.io/google_appengine/java-compat

RUN mkdir /keys
ADD keystore /keys/
ADD truststore /keys/
ENV JAVA_OPTS -Djavax.net.ssl.keyStore=/keys/keystore -Djavax.net.ssl.keyStorePassword=123456 -Djavax.net.ssl.trustStore=/keys/truststore -Djavax.net.ssl.trustStorePassword=123456

ADD .  /app/

And of course, don't forget to say that the MySQL driver always uses SSL:

dataSource.setDriverClassName("com.mysql.jdbc.Driver");
dataSource.setUrl("jdbc:mysql://__CLOUD_SQL_IP__:3306/__CLOUD_SQL_DB__?useSSL=true&requireSSL=true");

PS Please note that I use the password 123456 to protect my keys. This is just an example. Do not use it in your project. This is already done.

Java connects to Cloud SQL 2nd Gen from Appengine Managed Virtual Machine

More articles: