Re: Cloud build instance can't reach a server host...

mastrid · 04-23-2023 01:29 PM

Hello everyone,
my cloud build instance can't reach a server hosted on a local site via a vpn. this vpn is well established and configured in a vpc network in which is a vm instance that can reach the sql server. the cloud build private pool is paired via the networking service api to my vpc network. Custom routes are exported.
I run a build in which a ping command is issued to this local server but it does not work.
I can't find anything else in the google documentation.
Some help would be appreciated 🙂

Marvin_Lucero

Hi @mastrid ,

Can you add details to your question such as the error message obtained when you're trying to connect to the server? Also was this working fine before or just set up initially?

It would be helpful as well if you can provide or share guides/documentations that you used prior to the setup. Thanks!

mastrid

Hi @Marvin_Lucero ,
Thank you for your feedback
This is an initial configuration. Below is a maximum of elements to give you the context.

In a project A a network called 'vpc-1' has been created a sub-network whose ip range is 172.200.10.0/24. in this project we need a cloud build that will be executed eventually by talend To make cloud build communicate with the vpc network it is necessary to create an internal IP address range allocated for the private service connection (10.120.0.0/16)

A private connection has been made to pair the vpc network.
One of the commands executed in the workerpool of the cloud build is to connect to the sql server to retrieve data.
For this, a vpn is needed to create a secure tunnel between my gcp project and my local infrastructure.
A standard tunnel based on rules was set up and went well. I set up a vm in vpc-1, ip 172.200.10.10/24, I can ping and connect to the sql srv on my local infra.
From the sql server of my local network, I can ping this vm too.

According to the google doc https://cloud.google.com/vpc/docs/configure-private-services-access?hl=fr#gcloud_9 it is necessary to export the custom routes at the vpc network pairing level.
In the exported routes, we find
-the local subnet route 172.200.10.0/24 and the static route to the sql ip
of my local network 192.168.200.20 I then created a workerpool in cloud build by indicating the project, the type of machine, etc.
To do a test, I created a .yml file to execute commands with this workerpool.
In the yml file test I run simple ping commands :

steps:
  - name: ubuntu
    script: |
      apt update
      apt install telnet iputils-ping traceroute net-tools -y
      ping -c 4 172.200.10.10 (100% success)
      ping -c 4 192.168.200.20 (100% lost)
options:
  pool:
    name: "projects/project-id/locations/europe-north1/workerPools/workpool-test"

Marvin_Lucero

Hi @mastrid ,

Thank you for sharing your setup. As I have checked, everything was configured correctly. From the pairing of the VPC network to the private connection, making sure that the build was running in private worker pool, specifying it in the .yaml file, all of these were observed.

Since my visibility with the project is limited, I would suggest you to create a support case via your cloud console. This needs deeper investigation and see the error on your cloud build logs and other VPC configurations.

Cloud build instance can't reach a server hosted on a local site via vpn