cloud-sql-proxy icon indicating copy to clipboard operation
cloud-sql-proxy copied to clipboard
verified publisher icon GoogleCloudPlatform

Add example systemd/upstart configs for running the proxy as a service

Open vadimberezniker opened this issue 9 years ago • 7 comments

vadimberezniker avatar Mar 15 '16 18:03 vadimberezniker

Hi, after some fiddling into how to do this properly on Ubuntu 15.10 images I was able to pull this solution. It could be easier but it's good enough for me and needs no startup scripts.

israelfaria avatar Mar 29 '16 17:03 israelfaria

@israelfaria You don't need the daemon package at all. Systemd already provides the same functionality. Here is my unit file:

[Install]
WantedBy=multi-user.target

[Unit]
Description=Google Cloud Compute Engine SQL Proxy
Requires=networking.service
After=networking.service

[Service]
Type=simple
WorkingDirectory=/run/cloudsql
ExecStart=/usr/local/bin/cloud_sql_proxy -dir=/run/cloudsql -instances=...
Restart=always
StandardOutput=journal
User=root

emilv avatar Sep 14 '16 09:09 emilv

@emilv I had to change the WorkingDirectory to /usr/local/bin/ to make it work

idoshamun avatar Oct 14 '17 16:10 idoshamun

Hi all,

Here is my working systemd service tested in Centos 7 :

/usr/lib/systemd/system/cloud_sql_proxy.service

[Unit]
Description=GCP CloudSQL Proxy
After=network.target

[Service]
User=root
Group=root
WorkingDirectory=/usr/bin
Type=forking
RemainAfterExit=yes
ExecStart=/bin/sh -c '/usr/bin/nohup /usr/local/cloud_sql_proxy -instances=${INSTANCE_CONNECTION_NAME} -credential_file=${CREDENTIAL_FILE} &'
StandardOutput=journal
KillMode=process

[Install]
WantedBy=multi-user.target

/usr/lib/systemd/system/cloud_sql_proxy.service.d/settings.conf

[Service]
Environment=INSTANCE_CONNECTION_NAME=[YOUR CONNECTION NAME]
Environment=CREDENTIAL_FILE=[PATH TO YOUR CREDENTIAL FILE]

BR /Ouss

oussamahammami avatar Apr 03 '18 15:04 oussamahammami

This is what works for me on CentOS 8:

[Unit]
Description=Cloud SQL Proxy service
Wants=network-online.target
After=network-online.target

[Service]
WorkingDirectory=/usr/bin
ExecStart=/usr/bin/cloud_sql_proxy -instances=...=tcp:3306
Restart=always
Type=simple
StandardError=syslog
StandardOutput=journal
KillMode=process

[Install]
WantedBy=multi-user.target

It would be good if a service unit is provided upstream, but apparently this has not happened in the past almost 5 years.

gdsotirov avatar Jan 27 '21 06:01 gdsotirov

I recently had to fall back to using the root user instead of a system user and I cannot figure out why. Proxy was reporting:

2021/03/05 19:31:43 GcloudConfig: error reading config: exit status 1; stderr was:
WARNING: Could not setup log file in /bin/.config/gcloud/logs, (Error: Could not create directory [/bin/.config/gcloud/logs/2021.03.05]: Permission denied.

Please verify that you have permissions to write to the parent directory.)
ERROR: (gcloud.config.config-helper) Failed to create the default configuration. Ensure your have the correct permissions on: [/bin/.config/gcloud/configurations].
  Could not create directory [/bin/.config/gcloud/configurations]: Permission denied.

Please verify that you have permissions to write to the parent directory.
2021/03/05 19:31:44 GcloudConfig: error reading config: exit status 1; stderr was:
WARNING: Could not setup log file in /bin/.config/gcloud/logs, (Error: Could not create directory [/bin/.config/gcloud/logs/2021.03.05]: Permission denied.

Please verify that you have permissions to write to the parent directory.)
ERROR: (gcloud.config.config-helper) Failed to create the default configuration. Ensure your have the correct permissions on: [/bin/.config/gcloud/configurations].
  Could not create directory [/bin/.config/gcloud/configurations]: Permission denied.

My systemd script is very similar to everyone else's with the exception of a non-root system user I was using. Everything was working fine for years.

ezarowny avatar Mar 05 '21 20:03 ezarowny

Not so long ago, a change added support for Type=notify.

enocom avatar Sep 07 '21 20:09 enocom

Support for macOS with an example launchd service plist would be nice as well, I'd be happy to contribute one but I'll likely need to sort out Google's CLA with our legal team before doing so

jawnsy avatar Dec 26 '22 01:12 jawnsy

Here's an example plist that I'm using with v2 of the proxy:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>Label</key>
    <string>com.google.CloudSQLProxy</string>
    <key>Program</key>
    <string>/Users/jawnsy/.local/bin/cloud-sql-proxy</string>
    <key>ProgramArguments</key>
    <array>
      <string>cloud-sql-proxy</string>
      <string>--auto-iam-authn</string>
      <string>--private-ip</string>
      <string>--max-connections</string>
      <string>50</string>
      <string>--unix-socket</string>
      <string>/Users/jawnsy/.local/run/postgresql</string>
      <string>PROJECT_ID:REGION:INSTANCE_ID</string>
    </array>
    <key>StandardOutPath</key>
    <string>/tmp/cloud-sql-proxy.stdout.log</string>
    <key>StandardErrorPath</key>
    <string>/tmp/cloud-sql-proxy.stderr.log</string>
    <key>RunAtLoad</key>
    <true/>
    <key>WorkingDirectory</key>
    <string>/tmp</string>
    <key>Data</key>
    <integer>104857600</integer>
  </dict>
</plist>

jawnsy avatar Dec 27 '22 20:12 jawnsy

There are some good suggestions in the thread here that seem to satisfy the initial request.

enocom avatar May 30 '23 16:05 enocom