【发布时间】:2021-06-18 19:52:34
【问题描述】:
我在MySQL Cloud SQL 实例中启用了SSL。为了连接到实例,我下载了必要的证书,并且可以使用mysql 命令正常连接。 CloudSQL instance 与 Private IP 在 sharedVPC 网络上运行。
$ mysql -h 192.168.0.3 --ssl-ca=server-ca.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem -u testuser -p
Enter password:
现在要测试从代码连接到SQL 实例的连接性,我在Cloud Functions 中部署了以下内容
import pymysql
from sqlalchemy import create_engine
def sql_connect(request):
engine = create_engine('mysql+pymysql://testuser:<password>@192.168.0.3/mysql',echo=True)
tab = engine.execute('show databases;')
return str([t[0] for t in tab])
它显示“拒绝访问”错误,如下所示
Error: function terminated. Recommended action: inspect logs for termination reason. Additional troubleshooting documentation can be found at https://cloud.google.com/functions/docs/troubleshooting#logging Details:
(pymysql.err.OperationalError) (1045, "Access denied for testuser'@'192.168.60.4' (using password: YES)")
当我禁用 SSL 时,它可以正常工作,如下所示
['information_schema', 'mysql', 'performance_schema', 'sys', 'testdb']
A) 要在代码中启用SSL,我执行了以下操作
ssl_args = {'sslrootcert':'server-ca.pem','sslcert':'client-cert.pem','sslkey':'client-key.pem'}
engine = create_engine('mysql+pymysql://testuser:<password>@192.168.0.3/mysql',echo=True,connect_args=ssl_args)
但它失败并出现以下错误
__init__() got an unexpected keyword argument 'sslrootcert'
B) 还尝试在代码中禁用 ssl=False,但失败并出现以下错误
Invalid argument(s) 'ssl' sent to create_engine(), using configuration MySQLDialect_pymysql/QueuePool/Engine
更新:
将 SSL 的代码更改如下:
-
ssl_args = {'ssl': {'ca':'./server-ca.pem', 'cert':'./client-cert.pem', 'key':'./client-key.pem'}} -
将证书上传到
cloud function源 -
在
CloudSQL中将0.0.0.0/0添加为authorized networks以允许从Cloud functions进行连接
现在看到以下错误
"Can't connect to MySQL server on 'X.X.X.181' ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: IP address mismatch, certificate is not valid for 'X.X.X.181'. (_ssl.c:1091))") . However can connect using the same certificates using `mysql` command
需要帮助来解决 A) 修复观察到的错误以便代码与 SSL 集成和 B) 修改代码使其不使用 SSL
【问题讨论】:
-
添加了更多细节。现在错误不同了
标签: mysql sqlalchemy google-cloud-functions google-cloud-sql