Connect to PostgreSQL Data Source in Grafana via SSH Bastion - postgresql

I am using Grafana Cloud for a PoC project, and the long and short of it is that I cannot find a way to securely connect Grafana and the PostgreSQL data source.
For obvious reasons we do not allow any direct connections to our database and instead use jump hosts with individual SSH keys for access.
I have looked for a Connect to PostgreSQL via SSH option and found nothing, I am curious if anyone else has faced this, as it seems like it would be a common issue.
Thank you

You might be able to setup an ssh tunnel on the machine/instance that is hosting Grafana, tunnel through the jump host directly to postgresql. There are some pretty good docker-compose setups to do that.

Related

Connecting to Google Cloud SQL from my machine

I'm trying to connect to Google Cloud SQL from my machine (Ubuntu) using this command:
mysql --host='Public IP' --user='' --password
However, I'm getting this error:
ERROR 2003 (HY000): Can't connect to MySQL server on 'Public IP' (110)
I need any help resolving my issue.
First you need to let the Cloud SQL instance which IP addresses it can accept. You can do that without SSL by following the instructions here. However, to be more secure, I would recommend you using SSL. More info on that here.
Probably the easiest way to securely connect from your local machine to a public ip of a cloud SQL instance is to download and use the proxy, following the instructions here:
https://cloud.google.com/sql/docs/mysql/connect-admin-proxy
What you have to do is add a network to the public ip section, under the connections tab after selecting your Cloud SQL instance.
See Cloud SQL Connections Tab here
So, for the name input you put firstname-lastname kind of thing to denote whose ip it is. Then input your IP address 1.2.3.4/32 into the network input.
After doing so and saving you will be able to connect.
Yes, you can add SSL and use certificates. That is all best practice and what should be done for a production stack. But if this is just getting off the ground and in rapid development, that's all you need to do in the beginning.

MySQL Workbench cannot connect from home to Google Cloud SQL

I cannot connect to my Google Cloud SQL database from my Macbook Pro using MySQL Workbench.
I have read the help file here:
https://cloud.google.com/sql/docs/mysql/admin-tools
I have added an authorized IP address for my IP per
https://cloud.google.com/sql/docs/mysql/configure-ip#add
I created a user for the database with it set to allow to connect from any host. I get the error "Can't connect to MySQL server on 'XX.XXX.XX.XXX' (60)
I have also attempted to telnet and get a consistent error that I am unable to connect to the remote host
As far as I know, I've followed all the steps but it really seems I'm getting blocked even before the server. I am trying to connect from home and I don't believe my home firewall is blocking things. I am wondering if there's something I need to open up on the GCE firewall but I have successfully connected to this database from other outside tools (e.g., Zapier).
Your best action right now would be to create a proxy with public IP address.
https://cloud.google.com/sql/docs/mysql/connect-external-app
This link will walk you through that process. If this doesn’t solve your issue, then taking your question to ServerFault (Stackoverflow sister site) might give you a better idea of how to fix your issue.

How to configure PostgreSQL database over the tunnel in jmeter

I am using jmeter to test an application which uses PostgreSQL. I can connect to the database by using ssh tunnel provided by the database applications.
Can someone please tell me how do I do this using jmeter. I do not see any ssh tunnel option in jmeter database connection confi element.
You could use port forwarding,as explained in this answer:
https://stackoverflow.com/a/1968446/460802
I don't think you should be load testing the database directly, your load test should simulate real-life application under test usage. So instead of testing the database you should focus on the application itself and treat it like a black box so my general recommendation is reconsidering the approach.
If you have performed normal load testing already and identified that the database is the bottleneck and would like to load test the database separately - performance testing it over the SSH tunnel is not the best idea itself as the SSH tunnel traffic might be the next bottleneck due to the nature of TCP protocol and immense CPU footprint required for encryption/decryption of the data sent over SSH. So I would recommend talking to network administrators and asking them to temporarily open the Postgres network port to the machine(s) you're running JMeter from or provide you access to the machine(s) where you can install JMeter which will be having access to the database directly (preferably in the same subnet / physical location, otherwise you might be suffering from high latencies)
If for any reason the above instructions are not applicable for you - you can use SSH Local Forwarding in order to map remote Postgres port to your local port, the relevant command would be:
ssh -L 2345:localhost:5432 username#your_postgresql_server
Once done you should be able to connect to Postgres instance as it is installed locally on port 2345 like:
postgres://localhost:2345/your_database

Google Cloud SQL VM refusing connection

I have been stuck trying to figure out why my Cloud SQL VM is refusing my connection from my machine (whom ip address I have added as a subnet). I cann SSH into the VM but i cannot access the VM from a browser to make SQLs. I have scoured the internet for days trying to find a fix but i cannot seem to get pass this point. My apache listens to port 80. Also Id like to add that I have been connecting to my Mysql db for months through php and making sqls so I do not believe the problem is with apache. However if it is please point me to where i should be looking.
It sounds like you have MySQL running on a GCE VM, not an actual CloudSQL instance (that is a different service from GCE). Is that right?
If so, then if you are trying to connect from your local machine directly to the mysql instance, you are probably getting blocked by the firewall. Go to the networks tab (under Compute Engine) on the cloud console and see what firewall rules you have enabled. You might need to add one for 3306 or whatever port you are using.

MongoDB connection over SSH Tunnel

I have two servers on Linode that can connect to each other through the local Linode regional network. The problem is that any other Linode in the region can also connect using that IP. One server hosts the python application and the other hosts the MongoDB.
Would it be a good idea to connect to the database using an SSH Tunnel? What happens if the tunnel fails? Are SSH tunnels known to fail at all?
Or am I approaching the problem the wrong way? Another alternative I can think of is setting up iptables to only accept connections from a particular source IP.
I'm thinking in a more hypothetical situation, perhaps a DB password is all I need. I've been taking an computer security course and it makes everything seem more vulnerable than it really is.