Skip to content

Instantly share code, notes, and snippets.

@goodwill

goodwill/cloud-sql-proxy.service

Last active September 27, 2024 11:20
Show Gist options
  • Save goodwill/a981c2912ae6a83761a624f657f34d9f to your computer and use it in GitHub Desktop.
Save goodwill/a981c2912ae6a83761a624f657f34d9f to your computer and use it in GitHub Desktop.
Download ZIP
Example Systemd file for starting cloud sql proxy at system start
Raw
readme.md
  1. We assume you already read this: https://cloud.google.com/sql/docs/mysql/connect-external-app#proxy and created a service account for Cloud SQL Client
  2. Download cloud_sql_proxy to /usr/local/bin
  3. Make the following folders, all chown to root:root :
  4. /var/run/cloud-sql-proxy
  5. /var/local/cloud-sql-proxy
  6. Copy downloaded credential json file inside /var/local/cloud-sql-proxy, make sure only root can read as it is credential for connection.
  7. Copy above gist to /lib/systemd/system/cloud-sql-proxy.service
  8. Run systemctl daemon-reload
  9. Run systemctl start cloud-sql-proxy
  10. Profit$$$$
Raw
cloud-sql-proxy.service
[Install]
WantedBy=multi-user.target
[Unit]
Description=Google Cloud Compute Engine SQL Proxy
Requires=networking.service
After=networking.service
[Service]
Type=simple
WorkingDirectory=/usr/local/bin
ExecStart=/usr/local/bin/cloud_sql_proxy -dir=/var/run/cloud-sql-proxy -instances=<instance_connection_name>=tcp:5432 -credential_file=/var/local/cloud_sql_proxy/<credential_json>.json
Restart=always
StandardOutput=journal
User=root
@rpkamp
Copy link

rpkamp commented Feb 3, 2022
edited
Loading

I've found out that Google Cloud SQL proxy has watchdog support, even though I can't find this mentioned anywhere.

What this means is you can change Type=simple to Type=notify and add WatchdogSec=10 and then any time Google Cloud SQL proxy detects a connection error it will stop informing systemd that all is well and systemd will restart it.

This happens for example when Google Cloud SQL rotates SSL certificates. Which doesn't happen often, but it does happen every once in a while. Without using watchdog the service will just keep running but it can't connect anymore. With watchdog the service will be restarted and will reconnect using the new certificates.

Scratch that, it only notifies once started, it doesn't keep pinging to indicate it's still alive :(

@kierankyllo
Copy link

kierankyllo commented Feb 23, 2023
edited
Loading

Hello, I appreciate this resource. Recently the cloud sql proxy has been updated to a version 2.0.0 and takes new args I was able to get this setup to work on Ubuntu 20.04 with the proxy downloaded at these instructions "https://cloud.google.com/sql/docs/postgres/sql-proxy#linux-64-bit"

[Install]
WantedBy=multi-user.target

[Unit]
Description=Google Cloud Compute Engine SQL Proxy
Requires=network.target
After=network.target

[Service]
User=root
Type=simple
WorkingDirectory=/usr/local/bin
ExecStart=/usr/local/bin/cloud-sql-proxy --credentials-file /var/local/cloud-sql-proxy/<credentials_file>.json <instance_connection_name> 
Restart=always
StandardOutput=journal

@arnoldj-devops
Copy link

I have created a wrapper for CloudSQL proxy
https://github.com/arnoldj-devops/cloudsql-proxy-pal

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment