We failed to connect Redshift Endpoint from customer's client machine with below message;
FAILED!
[Amazon][Amaxon Redshift](10) Error occurred while trying to connect:[SQLState 08S01] could not translate host name "XXXX.XXXX.ap-northeast-1.redshift.amazoneaws.com" to address : Unknown server error
It seems like name resolution error.
We can connect it, when we set the current(tentative) IP address of Redshift cluster, instead of Redshift Endpoint -- we get that IP address by nslookup command for Redshift Endpoint executed at EC2 instance, where we can normally success to connect to Redshift Endpoint.
As you know, above tetative solution is not good idea, since Redshift cluster IP address should be changed by cluster reboot or something, so We'd like to connect it by Redshift Endpoint. We understand some setting should be missing at our customer's client machine, but so far no idea what should we do.
Any advice would be highly appreciated.
Best regards.
Related
This is my first attempt at deploying a Node.js application on a Google VM instance while connecting to MongoDB.
In MongoDB, I have whitelisted my IP address and the VM instance's IP address. When I start my server using Google Cloud Shell, I receive the following error:
op.cb(new error_1.MongoNetworkError(`connection ${this.id} to ${this.address} closed`));
^
MongoNetworkError: connection 1 to 34.71.95.215:27017 closed
I'm connecting on port 8080. The external IP is listed on my GCP instance page and when I ping it, it is up. IP: 34.68.254.120
When I whitelist 0.0.0.0/0 in Mongodb, the code runs successfully, and I can preview my app through GCP.
I created a new instance from scratch, and it also crashes with the same error.
ETA: In looking at the source code around the error message at:
...\node_modules\mongoose\node_modules\mongodb\lib\cmap\connection.js
it looks like a closed connection. The error message above spits out the IP address as the Iowa Google Data Center where my VM is housed.
I don't know what this means, but if you do, please let me know.
ETA2: I have 2 problems, and they may be connected. The first is that my VM server cannot connect to MongoDB. This should be simple -- whitelist the external IP address of my VM server. It does not work (I have to open MongoDB to 0.0.0.0/0 for it to connect).
The second is that I cannot connect to my server via the external IP address, regardless of whether MongoDB is connected or not. It "refuses to connect." I can do a web preview of my running server, though.
It seems the two may be connected somehow. I've rebooted my VM, but it did not fix anything. I whitelisted the error message IP address in MongoDB, but it did not help.
ETA3: Okay, it appears I have solved the whitelist to MongoDB issues. Through Cloud Shell, I asked my VM what the IP is. It is different than the one GCP tells me is the external IP. By adding this IP to the whitelist, I can connect between GCP VM and MongoDB. Whew. No idea why.
The VM's external IP address through my browser still gives me a cannot connect message, and when I use the new VM IP address I found through Cloud Shell, it gives me a "took too long to respond" message.
So I feel I have made progress. The remaining problem is accessing my server through Chrome.
Any suggestions on how I can investigate the issue further? I'm at a dead end. I believe the problem is likely simple given my inexperience.
Thanks!
Problem solved by a friend, for anyone in the future with this issue.
I had set up my GCP VM using Cloud Shell. I had housed my code by coping my repository through Cloud Shell. It turns out, this is more of a virtual interface with my VM, and the files are not physically on my VM. I needed to go through SSH, clone my repository there, and run my server through SSH. Cloud Shell was causing the problem.
I'm trying to connect to Google Cloud SQL from my machine (Ubuntu) using this command:
mysql --host='Public IP' --user='' --password
However, I'm getting this error:
ERROR 2003 (HY000): Can't connect to MySQL server on 'Public IP' (110)
I need any help resolving my issue.
First you need to let the Cloud SQL instance which IP addresses it can accept. You can do that without SSL by following the instructions here. However, to be more secure, I would recommend you using SSL. More info on that here.
Probably the easiest way to securely connect from your local machine to a public ip of a cloud SQL instance is to download and use the proxy, following the instructions here:
https://cloud.google.com/sql/docs/mysql/connect-admin-proxy
What you have to do is add a network to the public ip section, under the connections tab after selecting your Cloud SQL instance.
See Cloud SQL Connections Tab here
So, for the name input you put firstname-lastname kind of thing to denote whose ip it is. Then input your IP address 1.2.3.4/32 into the network input.
After doing so and saving you will be able to connect.
Yes, you can add SSL and use certificates. That is all best practice and what should be done for a production stack. But if this is just getting off the ground and in rapid development, that's all you need to do in the beginning.
I'm not sure how to phrase this question or even if it's relevant here.
I'm researching a solution to move our in-house MongoDB installation to a cloud-based db as a service solution in Mongo lab.
The company has stated here http://docs.mlab.com/security/#network that if I deploy the DB in my region (I use google cloud)
When you connect to your mLab database from within the same datacenter/region, you communicate over your cloud hosting provider’s internal network.
How is that statement possible?
When I create a DB at Mongo lab I get an external URL to connect to
ds021984.mlab.com -> 104.154.103.88 instead of an internal host name 10.x.x.x
So how can that address be external thus effecting my latency deeply?
Am I missing something ? How is that statement possible?
The only time you can use the internal IP to address a VM in GCP is if that VM is in the same network resource (and hence, the same GCP account). GCP is smart enough to know if the external IP being addressed is a GCP address, and will route the traffic such that it does not leave the region. This is pretty evident when you ping an external IP from another VM in the region, you'll typically get sub-millisecond response times.
I'm still having problems accessing the cloud SQL instance from a GCE container. When I try to open up mysql, I get the following error:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial
communication packet', system error: 0
The connection works fine from my local machine, though (The instance has a public IP and I have added my office's IP to the 'allowed Networks'). So, the instance is accessible through the internet just fine.
I guess the db's access control is blocking my access from the gce network, but I'm unable to figure out how to configure this.
I added my project to "Authorized App Engine Applications" in the Cloud SQL control panel, but that doesn't seem to help.
EDIT:
If I add "0.0.0.0/0" to Allowed Networks, all works well. This is obviously not what I want, so what do I need to enter instead?
EDIT2: I could also add all public IPs from my kubernetes cluster (obtained through gcloud compute instances list) and add them to the cloud sql access list manually. But, this doesn't seem to be right, does it?
The recommended solution is to use SSL connection with that 0.0.0.0/0 CIDR. This is to limit the connection to the correct key. I also read that they won't promise you a specific IP range so the CIDR /14 might not work some times. I had to do the SSL connection with my Cloud SQL for the same reasons.
You should use the public IP addresses of the GCE instances to correctly allow traffic to your Cloud SQL instance (as you mentioned in EDIT2).
You can find more information in Cloud SQL documentation: https://cloud.google.com/sql/docs/gce-access
If you add the /14 CIDR block for your Container Engine cluster as the source address range does that work?
To find the CIDR block for your cluster, click on the cluster name in the Google Cloud Console and find the row labeled "Container address range".
We are currently encountering the following error when trying to connect to a Cloud SQL instance: Lost connection to MySQL server at 'reading initial communication packet', system error: 0.
This is a familiar error, and as detailed here usually means the IP address needs to be whitelisted. However, we believe we have done so.
Is there a way to see connection attempts and their IP addresses that have been made (and refused) to the Cloud SQL instance?
Currently we don't expose that information but it is something we would like fix. :-)
According to #Razvan, as of September 2014, this information isn't exposed.
We ended up using CIDR blocks to search the space and find the actual IP address. This is unsatisfying, obviously, but it's a way to pin down the problem.
If other people want to sanity check that the problem is their IP is being refused, you can add 0.0.0.0/0 in order to accept all ranges and try to connect. If it works, you know what is the problem.
Be absolutely sure to remove this as an accepted range, after you are done, however!
Figured I might help someone who stumbles here.
Had exactly the same issue essentially trying to connect to a GCP SQL instance from a hosting provider.
Whitelist the IP address that is shown in my cpanel and it will not connect. (It used to, but the provider made some changes with their infrastructure lately and it stopped working)
put 0.0.0.0/0 in my Cloud Platform whitelist and it connects no problem.
So now I know that my cpanel IP is not the IP trying to connect to GCP.
After some hair pulling (figured that the bare metal server had a different IP than my cpanel IP, it did, but this also didn't work.)
finally tried the IP address for the name servers that point to my domain and bam. All is good.
If you are facing this issue, try your name server (usually something like NS1.hostingprovider.com etc..). I put both the NS1 and NS2 ip's in the whitelist and we are working fine.