Spring boot 和 GCP - 使用 spring-cloud-gcp-starter-sql-postgresql 连接 Cloud SQL 实例尝试 SSL 并且延迟启动
Posted
技术标签:
【中文标题】Spring boot 和 GCP - 使用 spring-cloud-gcp-starter-sql-postgresql 连接 Cloud SQL 实例尝试 SSL 并且延迟启动【英文标题】:Spring boot and GCP - Connecting Cloud SQL instance with spring-cloud-gcp-starter-sql-postgresql tries SSL and it delays to start 【发布时间】:2020-06-03 03:53:28 【问题描述】:我有一个 Spring boot 项目,它应该使用 spring-cloud-gcp-starter-sql-postgresql 连接 Cloud SQL 实例,以避免在项目中显式使用 IP。
到目前为止,它连接良好,但延迟了很多(大约 30 秒开始),因为它尝试通过 SSL 套接字连接,经过多次尝试后,它连接了。
在日志中有一行说:
2020-02-19 00:10:09.809 INFO 6779 --- [ main] o.s.c.g.a.s.GcpCloudSqlAutoConfiguration : Default POSTGRESQL JdbcUrl provider. Connecting to jdbc:postgresql://google/test?socketFactory=com.google.cloud.sql.postgres.SocketFactory&cloudSqlInstance=XXXXXX:us-central1:test&useSSL=false with driver org.postgresql.Driver
据我所知,useSSL=false 参数不适用于 postgresql。正确的是ssl=false,但是当我尝试用 application.yml 覆盖 JDBC Url 时,它会打印以下日志:
2020-02-19 00:10:09.816 WARN 6779 --- [ main] o.s.c.g.a.s.GcpCloudSqlAutoConfiguration : Ignoring provided spring.datasource.url. Overwriting it based on the spring.cloud.gcp.sql.instance-connection-name.
我怀疑延迟是因为 SSL 连接。所以我有两个问题:
-
如何避免使用 SSL 连接?由于我没有显式设置 JDBC URL,因此无法在参数中使用
ssl=false。
我怀疑这是因为未设置 SSL 客户端证书而延迟。如果是这种情况,我该如何设置?我已经有了 .pem,但我不知道如何实现它
我添加了我的 application.yml 以及配置和提到的日志:
spring:
cloud:
gcp:
project-id: xxxxxxx
config
sql:
instance-connection-name: xxxxxxx:us-central1:test
database-name: test
enabled: true
datasource:
username: test
password: 123456
initialization-mode: always
jpa:
hibernate:
ddl-auto: update
凭据在调用服务帐户 json 的环境变量“GOOGLE_APPLICATION_CREDENTIALS”中设置
日志:2020-02-19 00:10:09.692 INFO 6779 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2020-02-19 00:10:09.699 INFO 6779 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2020-02-19 00:10:09.699 INFO 6779 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.30]
2020-02-19 00:10:09.767 INFO 6779 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2020-02-19 00:10:09.767 INFO 6779 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 790 ms
2020-02-19 00:10:09.809 INFO 6779 --- [ main] o.s.c.g.a.s.GcpCloudSqlAutoConfiguration : Default POSTGRESQL JdbcUrl provider. Connecting to jdbc:postgresql://google/test?socketFactory=com.google.cloud.sql.postgres.SocketFactory&cloudSqlInstance=XXXXXXX:us-central1:test&useSSL=false with driver org.postgresql.Driver
2020-02-19 00:10:09.816 WARN 6779 --- [ main] o.s.c.g.a.s.GcpCloudSqlAutoConfiguration : Ignoring provided spring.datasource.url. Overwriting it based on the spring.cloud.gcp.sql.instance-connection-name.
2020-02-19 00:10:09.885 INFO 6779 --- [ main] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [name: default]
2020-02-19 00:10:09.940 INFO 6779 --- [ main] org.hibernate.Version : HHH000412: Hibernate Core 5.4.10.Final
2020-02-19 00:10:10.039 INFO 6779 --- [ main] o.hibernate.annotations.common.Version : HCANN000001: Hibernate Commons Annotations 5.1.0.Final
2020-02-19 00:10:10.109 INFO 6779 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...
2020-02-19 00:10:10.193 INFO 6779 --- [ main] c.g.cloud.sql.core.CoreSocketFactory : Connecting to Cloud SQL instance [XXXXXXX:us-central1:test] via SSL socket.
2020-02-19 00:10:10.193 INFO 6779 --- [ main] c.g.cloud.sql.core.CoreSocketFactory : First Cloud SQL connection, generating RSA key pair.
2020-02-19 00:10:13.690 INFO 6779 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed.
2020-02-19 00:10:13.711 INFO 6779 --- [ main] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.PostgreSQL10Dialect
2020-02-19 00:10:13.791 INFO 6779 --- [onnection adder] c.g.cloud.sql.core.CoreSocketFactory : Connecting to Cloud SQL instance [XXXXXXX:us-central1:test] via SSL socket.
2020-02-19 00:10:15.042 INFO 6779 --- [onnection adder] c.g.cloud.sql.core.CoreSocketFactory : Connecting to Cloud SQL instance [XXXXXXX:us-central1:test] via SSL socket.
2020-02-19 00:10:16.333 INFO 6779 --- [onnection adder] c.g.cloud.sql.core.CoreSocketFactory : Connecting to Cloud SQL instance [XXXXXXX:us-central1:test] via SSL socket.
2020-02-19 00:10:17.653 INFO 6779 --- [onnection adder] c.g.cloud.sql.core.CoreSocketFactory : Connecting to Cloud SQL instance [XXXXXXX:us-central1:test] via SSL socket.
2020-02-19 00:10:19.314 INFO 6779 --- [onnection adder] c.g.cloud.sql.core.CoreSocketFactory : Connecting to Cloud SQL instance [XXXXXXX:us-central1:test] via SSL socket.
2020-02-19 00:10:20.643 INFO 6779 --- [onnection adder] c.g.cloud.sql.core.CoreSocketFactory : Connecting to Cloud SQL instance [XXXXXXX:us-central1:test] via SSL socket.
2020-02-19 00:10:21.938 INFO 6779 --- [onnection adder] c.g.cloud.sql.core.CoreSocketFactory : Connecting to Cloud SQL instance [XXXXXXX:us-central1:test] via SSL socket.
2020-02-19 00:10:23.227 INFO 6779 --- [onnection adder] c.g.cloud.sql.core.CoreSocketFactory : Connecting to Cloud SQL instance [XXXXXXX:us-central1:test] via SSL socket.
2020-02-19 00:10:24.561 INFO 6779 --- [onnection adder] c.g.cloud.sql.core.CoreSocketFactory : Connecting to Cloud SQL instance [XXXXXXX:us-central1:test] via SSL socket.
2020-02-19 00:10:35.164 INFO 6779 --- [ main] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2020-02-19 00:10:35.173 INFO 6779 --- [ main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2020-02-19 00:10:35.294 WARN 6779 --- [ main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
2020-02-19 00:10:35.507 INFO 6779 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2020-02-19 00:10:35.611 INFO 6779 --- [ main] o.s.c.g.core.DefaultCredentialsProvider : Default credentials provider for service account cloud-code@XXXXXXX.iam.gserviceaccount.com
2020-02-19 00:10:35.612 INFO 6779 --- [ main] o.s.c.g.core.DefaultCredentialsProvider : Scopes in use by default credentials: [https://www.googleapis.com/auth/pubsub, https://www.googleapis.com/auth/spanner.admin, https://www.googleapis.com/auth/spanner.data, https://www.googleapis.com/auth/datastore, https://www.googleapis.com/auth/sqlservice.admin, https://www.googleapis.com/auth/devstorage.read_only, https://www.googleapis.com/auth/devstorage.read_write, https://www.googleapis.com/auth/cloudruntimeconfig, https://www.googleapis.com/auth/trace.append, https://www.googleapis.com/auth/cloud-platform, https://www.googleapis.com/auth/cloud-vision, https://www.googleapis.com/auth/bigquery]
2020-02-19 00:10:35.612 INFO 6779 --- [ main] o.s.c.g.a.c.GcpContextAutoConfiguration : The default project ID is XXXXXXX
2020-02-19 00:10:35.730 INFO 6779 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2020-02-19 00:10:35.733 INFO 6779 --- [ main] c.r.c.CloudSqlTestApplication : Started CloudSqlTestApplication in 27.027 seconds (JVM running for 27.464)
另外,以防万一,我添加我的pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.4.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.ramonparis</groupId>
<artifactId>cloud-sql-test</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>cloud-sql-test</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
<spring-cloud.version>Hoxton.SR1</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-gcp-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
<version>2.2.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-gcp-starter-sql-postgresql</artifactId>
</dependency>
<dependency>
........
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>$spring-cloud.version</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
【问题讨论】:
能否指定您从何处连接到 Cloud SQL 实例(GAE、计算引擎、外部应用程序)?它是在 Google Cloud 中还是来自外部应用程序?此外,通过访问您的 Cloud SQL 实例 -> 连接 -> SSL,您可以操作这些证书,以防您想设置新证书或下载证书。据我所见,您不需要指定 useSSL=false 的所有连接,如果不指定它,您会得到相同的延迟吗? 根据官方文档,您从哪种服务连接到您的 Cloud SQL? cloud.google.com/sql/docs/postgres/connect-external-app 【参考方案1】:您可以通过多种方式连接到 Cloud SQL,在您的情况下,您应该使用 sockect
<dependency>
<groupId>com.google.cloud.sql</groupId>
<artifactId>postgres-socket-factory</artifactId>
<version>1.0.15</version>
</dependency>
spring.datasource.url: jdbc:postgresql://google/cloudSqlInstance=$instance&socketFactory=com.google.cloud.sql.postgres.SocketFactory
另一种方法是使用 cloud_sql_proxy(更简洁,我会指出您是否在 GKE 上使用)喜欢:
wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy
chmod +x cloud_sql_proxy
create a proxy user :
gcloud iam service-accounts create proxy-user --display-name "proxy-account-user"
gcloud projects add-iam-policy-binding [PROJECT_ID] --member \
serviceAccount:[SERVICE_ACCOUNT_EMAIL] --role roles/cloudsql.client
gcloud iam service-accounts keys create key.json --iam-account [SERVICE_ACCOUNT_EMAIL]
./cloud_sql_proxy -instances=[INSTANCE_CONNECTION_NAME]=tcp:5432 -credential_file=key.json &
现在您正在收听您的实例数据库:查看视频 (www.youtube.com/watch?v=iKoaiH_xYB8)
【讨论】:
以上是关于Spring boot 和 GCP - 使用 spring-cloud-gcp-starter-sql-postgresql 连接 Cloud SQL 实例尝试 SSL 并且延迟启动的主要内容,如果未能解决你的问题,请参考以下文章
无法将 Spring Boot 指标发布到 GCP 堆栈驱动程序
使用 vs 代码在 Spring Boot 中设置 GCP 环境变量
无法使用 spring cloud gcp starter 将 Spring Boot 与 Cloud SQL 连接
将带有 JMS (ActiveMQ) 的 Spring Boot 应用程序迁移到 GCP 的 pub-sub