1
TL;博士: 如何連接到在同一個「工程」 GCE例如一個Postgres數據庫但不授予IP訪問35.185.*谷歌雲 - 連接到PostgreSQL數據庫在同一個項目中使用Python
========
你好,
我有一個非常簡單的測試腳本,本地工作:
print "importing"
import pandas as pd
import urllib
import json
from sqlalchemy import *
from sqlalchemy import create_engine
from sqlalchemy import Table, Column, Integer, String, MetaData, ForeignKey
print "done importing"
conn_string = 'postgresql://my_user:[email protected]/postgres'
print "connecting"
engine = create_engine(conn_string, echo=True)
print "engine created"
engine.connect()
print "engine connected"
print "getting data"
data=json.loads(urllib.urlopen("http://ip.jsontest.com").read())
df=pd.DataFrame([data])
print "data retrieved"
df.to_sql('insert_test',engine, index=False, schema='public', chunksize=500,
if_exists='append')
,這個工作,因爲我已明確授權訪問數據庫爲我的IP: 
我的輸出是:
importing
done importing
connecting
engine created
2017-04-14 10:17:38,319 INFO sqlalchemy.engine.base.Engine select version()
2017-04-14 10:17:38,323 INFO sqlalchemy.engine.base.Engine {}
2017-04-14 10:17:38,381 INFO sqlalchemy.engine.base.Engine select current_schema()
2017-04-14 10:17:38,385 INFO sqlalchemy.engine.base.Engine {}
2017-04-14 10:17:38,440 INFO sqlalchemy.engine.base.Engine SELECT CAST('test plain returns' AS VARCHAR(60)) AS anon_1
2017-04-14 10:17:38,447 INFO sqlalchemy.engine.base.Engine {}
2017-04-14 10:17:38,483 INFO sqlalchemy.engine.base.Engine SELECT CAST('test unicode returns' AS VARCHAR(60)) AS anon_1
2017-04-14 10:17:38,490 INFO sqlalchemy.engine.base.Engine {}
2017-04-14 10:17:38,568 INFO sqlalchemy.engine.base.Engine show standard_conforming_strings
2017-04-14 10:17:38,575 INFO sqlalchemy.engine.base.Engine {}
engine connected
getting data
data retrieved
2017-04-14 10:17:38,750 INFO sqlalchemy.engine.base.Engine select relname from pg_class c join pg_namespace n on n.oid=c.relnamespace where n.nspname=%(schema)s and relname=%(name)s
2017-04-14 10:17:38,753 INFO sqlalchemy.engine.base.Engine {'name': u'insert_test', 'schema': u'public'}
2017-04-14 10:17:38,832 INFO sqlalchemy.engine.base.Engine BEGIN (implicit)
2017-04-14 10:17:38,841 INFO sqlalchemy.engine.base.Engine INSERT INTO public.insert_test (ip) VALUES (%(ip)s)
2017-04-14 10:17:38,848 INFO sqlalchemy.engine.base.Engine {'ip': u'my_local_ip'}
2017-04-14 10:17:38,903 INFO sqlalchemy.engine.base.Engine COMMIT
當我提出這個劇本到我的GCE實例,並運行它:
$ python hello_db.py
我的輸出如下:
File "/home/user/anaconda2/lib/python2.7/site-packages/psycopg2-2.7.1-py2.7-linux-x86_64.egg/psycopg2/__init__.py", line 130, in connect
conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
sqlalchemy.exc.OperationalError: (psycopg2.OperationalError) could not connect to server: Connection timed out
Is the server running on host "ip.of.my.db" and accepting
TCP/IP connections on port 5432?
DB和計算引擎實例都是同一個「項目」的一部分。
我可以看到我的實例IP是35.185.foo.blah.whatever我所知道的IP,因爲我跑:
wget "http://ip.jsontest.com"
給我的實例的IP可能是動態的,因爲我推出許多情況下,分配任務,並使用雲來計算東西 - 我如何授予所有這些實例的訪問權限?
授予35.185.*似乎不安全,因爲如果其他人在gce試圖進入我的數據庫?
我對此很陌生,也許我錯過了一些東西 - 但我認爲我的「項目」能夠訪問所有其他資產而沒有問題。我相信有一個很好的理由,但事實並非如此,但它卻在我身上喪失了!