Errors connecting remotely to Google cloud SQL from GCE in perl

Question

Using Perl on Debian Buster DBD:mysql 4.0502.

my $dbh = DBI->connect_cached(
  'DBI:mysql:<db>:<host>;mysql_ssl=1;mysql_ssl_ca_file=/etc/ssl/mysql/server-ca.pem;mysql_ssl_client_cert=/etc/ssl/mysql/client-cert.pem;mysql_ssl_client_key=/etc/ssl/mysql/client-key.pem', 
  <username>, <pass>);

Attempting to connect to a Google Cloud SQL (Mysql) instance over SSL and I've been repeatedly getting the error: SSL connection error: Error while reading file. and SSL connection error: Error in the certificate.

I've run chown over the directory to move ownership to mysql:mysql, tried various configurations of ownership and even moved the directories around.

I've connected via the CLI using the same arguments as is in the script, connected via script over unsecured SSL from the host but once I limit connections via SSL only and use these commands the same error presents itself.

Update: After digging around some more on this, I believe the issue is how Google is signing the hostname for their client key and certs ( Certificate Validation on Cloud SQL ). The suggestion here doesn't work with Perl's DBD::mysql as they've decided to enforce hostname verification when using SSL ( https://github.com/perl5-dbi/DBD-mysql/issues/110 ).

I'm still looking for a solution to this issue as it stands but I'm now looking into private IPs and VPCs for the future.

Answer 1

At the time of this writing Perl is not a supported language for interacting with the Google Cloud Platform. Even if you succeed implementing a perl script to connect to Cloud SQL instance there are chances that the solution will stop working some day given it's ad hoc nature. A couple of client libraries for multiple other languages are indeed implemented and actively maintained. If you want to interact with GCP services programmatically I strongly recommend switching to one of these libraries. Moreover, you would have direct assistance in any inconvenience by the support team or through a Github issue.

With that being said, a possible workaround might be to invoke the mysql client from the perl script as you would do in a linux shell. The idea would be to write your sql statements in a file and run the mysql command line tool feeding the statements file. There are obvious caveats with this approach and it doesn't work at all if you need an interactive session but might do the job to trigger simple tasks from a perl script. I'm sharing a little snippet I made.

-- sql statements file
show databases;

#!/usr/bin/perl
$data = `mysql --user=root --password=XXX  --host=XXX.XXX.XXX.XXX < file.sql`;
print("$data");

Keep in mind that exposing a password in this way is terrible idea from a security point of view. Also this approach needs to whitelist your GCE external IP in the Connections tab of your SQL instance as shown here .

---

EDIT: A list of the supported libraries to connect to Cloud SQL can be found here , almost all of them require the use of cloud_sql_proxy , the configuration of it is explained in that same document (scroll up).

Separately, there are also libraries that allows to manage your instances as if you were using gcloud command line tool which can be found here