This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

setup an SSH tunnel server to connect Looker to Google cloud SQL

Posted on 09-26-2023 09:13 AM
gdemontalivet
Staff
Reply posted on --/--/---- --:-- AM

Sometimes, you need to connect Looker to your database but you are not a data engineer, so it is handy to have a guided step by step. the sources are the Looker SSH tunnel doc and some google cloud SQL doc

In your console, on in compute engine and press create instance:

gdemontalivet_0-1695737899130.png

Select the region closest to your database, select E2

In machine type, press preset and select shared-core and e2-micro

gdemontalivet_1-1695737899124.png

In boot disk, press change:

gdemontalivet_2-1695737899092.png
Select standard permanent disk

gdemontalivet_3-1695737899130.png

Then press select.

Then in identity and api access, select allow full access to all cloud api

gdemontalivet_4-1695737899118.png

Then press create instance. Now next to the ssh button below connect, press open in browser window 

gdemontalivet_5-1695737899190.png

Press authorize

gdemontalivet_6-1695737899085.png

Now enter the following command:

Download the Cloud SQL Auth Proxy:

curl -o cloud-sql-proxy https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.7.0/cloud-sql-proxy.linux.amd64

Make the Cloud SQL Auth Proxy executable:

chmod +x cloud-sql-proxy

gdemontalivet_7-1695737899105.png

Now create a group called looker:

sudo groupadd looker

Create user looker and its home directory:

sudo useradd -m  -g looker  looker

Switch to the looker user:

sudo su - looker

Create the .ssh directory:

mkdir ~/.ssh

Set permissions:

chmod 700 ~/.ssh

Change to the .ssh directory:

cd ~/.ssh

Create the authorized_keys file:

touch authorized_keys

Set permissions:

chmod 600 authorized_keys

Now, in your looker instance, In the Connections page in the Admin section of Looker, select the SSH Server tab.

gdemontalivet_8-1695737899087.png

Then select Add Server. Looker displays the Add SSH Server page:

gdemontalivet_9-1695737899278.png

Add a name to your server!

Press download key, open file and copy the content. 

Go back to the command line and edit the authortized_keys by entering the following command:

Nano authorized_keys

Now copy the key you downloaded from your looker instance. It should only be on one line

gdemontalivet_10-1695737899114.png

Then press f2 to save and confirm pressing Y, and press enter to confirm

Then type exit to go back to your user

Exit

We now need to add the ssh-rsa to your server's list of accepted algorithms. Here's how. We need to Edit your sshd_config file:

Sudo nano /etc/ssh/sshd_config

And add the following at the end of the file

HostKeyAlgorithms +ssh-rsa
PubKeyAcceptedAlgorithms +ssh-rsa

gdemontalivet_11-1695737899297.png

Press f2 to save and confirm with Y

now , on your cloud SQL instance, get the instance connection name which should have the format projectID:region:instanceID

gdemontalivet_12-1695737899047.png

And back into the command line, type the following and replace the connection_name with yours:

./cloud-sql-proxy --private-ip projectID:region:instanceID

When the Cloud SQL Auth Proxy starts successfully, a message similar to the following appears in the SSH window:

Listening on 127.0.0.1:3306 for myInstance
Ready for new connections

Now go back to your looker instance, 

gdemontalivet_13-1695737899112.png

For the ip address, you select the public ip address of your vm instance:

gdemontalivet_14-1695737899088.png

You should have this, press test and request fingerprint

gdemontalivet_15-1695737899115.png

gdemontalivet_16-1695737899115.png

Press accept and save

gdemontalivet_17-1695737899049.png

Dont press add connection as it redirects to the old UI

But click on the connection menu and press add connection

gdemontalivet_18-1695737899098.png

Now enter the details of your database, for the host put localhost and port 3306

In optional settings enable ssh tunnel, select your tunnel and press add tunnel.

Add localhost and port 3306

Press save and the test!

gdemontalivet_19-1695737899101.png

And hopefully you will the success sign!

gdemontalivet_20-1695737899072.png

 

1 3 1,239
Topic Labels
3 REPLIES 3

Posted on --/--/---- --:-- AM
gabo89
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Thank you! Is this solution applicable for Cloud based Looker Studio also?

0 Likes

Posted on --/--/---- --:-- AM
gdemontalivet
Staff
In response to gabo89
Reply posted on --/--/---- --:-- AM

you would only need to do this for Looker studio if your cloud SQL database doesn't have a public ip address , otherwise it would be unnecessary

Posted on --/--/---- --:-- AM
gabo89
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Thank you! Maybe I am confused, In my Looker Studio configuration I have no Connections page in the Admin section of Looker Studio, so I am not able to select the SSH Server tab. My plan is to use Private IP in my MSSQL GCP Instance to increase security and access it via SSH tunneling as you described, but I have no Connection and SSH Server pages in my Looker Studio configuration. I am using Cloud hosted Looker Studio instance, maybe that is the reason why I have no Connections page.

0 Likes
Top Labels in this Space