This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Connecting cloud run to compute engine

Posted on 07-28-2023 01:09 PM
GeekyMechanic
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hey, I'm trying to run a Cloud Run service and make it connect to a Compute Engine VM which runs postgres to save up on costs as Cloud SQL is a bit overkill for me at the moment. I managed to get my cloud run up and running with a VPC serverless connector and communicate to my Cloud SQL instance through its private IP. All are in the same region. But when I try to change my app to target the VM's private IP, I keep getting this exception 

 

org.postgresql.util.PSQLException: Connection to 10.162.0.17:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.

 

Cloud Run does use the VPC connector for private IP's

GeekyMechanic_2-1690574729074.png

Serverless connector is up and running : 

GeekyMechanic_3-1690574791157.png

I have created two firewall rules to ensure that the port and connection is allowed either from the region subnet's IP range or from the VPC serverless connector's IP range.

GeekyMechanic_0-1690574061890.png

I have also conducted two connectivity tests to test both rules.

GeekyMechanic_1-1690574163673.png

Postgres is running fine in the VM: 

 

geekymechanic214@postgres-db:~$ sudo systemctl status postgresql@12-main
● postgresql@12-main.service - PostgreSQL Cluster 12-main
     Loaded: loaded (/lib/systemd/system/postgresql@.service; enabled-runtime; vendor preset: enabled)
     Active: active (running) since Fri 2023-07-28 13:56:35 UTC; 6h ago
    Process: 10190 ExecStart=/usr/bin/pg_ctlcluster --skip-systemctl-redirect 12-main start (code=exited, stat>
   Main PID: 10195 (postgres)
      Tasks: 7 (limit: 1134)
     Memory: 20.6M
     CGroup: /system.slice/system-postgresql.slice/postgresql@12-main.service
             ├─10195 /usr/lib/postgresql/12/bin/postgres -D /var/lib/postgresql/12/main -c config_file=/etc/po>
             ├─10197 postgres: 12/main: checkpointer
             ├─10198 postgres: 12/main: background writer
             ├─10199 postgres: 12/main: walwriter
             ├─10200 postgres: 12/main: autovacuum launcher
             ├─10201 postgres: 12/main: stats collector
             └─10202 postgres: 12/main: logical replication launcher

Jul 28 13:56:33 postgres-db systemd[1]: postgresql@12-main.service: Succeeded.
Jul 28 13:56:33 postgres-db systemd[1]: Stopped PostgreSQL Cluster 12-main.
Jul 28 13:56:33 postgres-db systemd[1]: Starting PostgreSQL Cluster 12-main...
Jul 28 13:56:35 postgres-db systemd[1]: Started PostgreSQL Cluster 12-main.

 

It is listening on the right port : 

 

geekymechanic214@postgres-db:~$ sudo ss -tuln | grep 5432
tcp   LISTEN 0       244               0.0.0.0:5432        0.0.0.0:*            
tcp   LISTEN 0       244                  [::]:5432           [::]:*

 

pg_hba.conf : 

 

# Database administrative login by Unix domain socket
local   all             postgres                                peer

# TYPE  DATABASE        USER            ADDRESS                 METHOD
host    all             all             0.0.0.0/0               password
# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local   replication     all                                     peer
host    replication     all             127.0.0.1/32            md5
host    replication     all             ::1/128                 md5

 

postgresql.conf : 

 

#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------

# - Connection Settings -

listen_addresses = '*'          # what IP address(es) to listen on;
                                        # comma-separated list of addresses;
                                        # defaults to 'localhost'; use '*' for all
                                        # (change requires restart)
port = 5432                             # (change requires restart)
max_connections = 100                   # (change requires restart)
#superuser_reserved_connections = 3     # (change requires restart)
unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories

 

Ubuntu firewall isn't active : 

 

geekymechanic214@postgres-db:~$ sudo ufw status
Status: inactive

 

I really don't know where to look anymore if anyone could lend a helping hand! 😅

Solved Solved
1 3 4,975
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Marvin_Lucero
Staff
Reply posted on --/--/---- --:-- AM

Hi @GeekyMechanic ,

Thank you for providing the details of your setup. If the PostgreSQL server on your Compute Engine VM is running fine, listening on the right port, and you have allowed incoming connections from the appropriate sources through the firewall rules, the issue might be related to the VM's internal networking and the Cloud Run VPC Connector. You can consider checking the following: 

1. VPC Connector Configuration
Make sure to review your Cloud Run VPC Connector settings. Check if it's correctly set up and connected to the specific Cloud Run service you want to use to connect to the Compute Engine VM. Also, confirm that you've chosen the right VPC network and subnet for the connector.

2. Private IP Range Conflict
Confirm that the IP address of your Compute Engine VM (10.162.0.17) does not conflict with any other resources within your VPC network.

3. Check PostgreSQL Configuration
Check the PostgreSQL configuration on the VM to make sure it's set to listen on the private IP, not just localhost. Also, make sure that PostgreSQL permits connections from the IP address range of the Cloud Run VPC Connector.

Also, from the error message indicated that the Ubuntu firewall is inactive, it may not be allowing incoming connections to the PostgreSQL service, even if you have allowed them in Google Cloud's firewall rules. To enable the UFW firewall on your Compute Engine VM, follow these steps:

1. Open a terminal or use an SSH client to connect to your Compute Engine VM.
2. Run sudo ufw status
3. If UFW is currently inactive, enable it using sudo ufw enable
4. After enabling UFW, you'll need to configure the firewall rules to allow incoming connections on the PostgreSQL port (5432). Usesudo ufw allow 5432
5. If you need to restrict the source IP range for security reasons, you can specify the source IP or IP range when creating the rule. For example:
sudo ufw allow from <source_IP_or_range> to any port 5432
6. Verify that UFW is now active and that the rule for PostgreSQL is set correctly. Type in sudo ufw status
7. After making changes to UFW, you might need to restart the PostgreSQL service to ensure that it can accept incoming connections. Use sudo systemctl restart postgresql

After enabling UFW and permitting incoming connections on the PostgreSQL port, try connecting again from your Cloud Run service. If everything is configured properly, you should no longer encounter the "Connection refused" error, and your Cloud Run service will be able to connect to the PostgreSQL database on the Compute Engine VM

View solution in original post

Jump to Solution
3 REPLIES 3
Top Labels in this Space
Top Solution Authors
View all