Please help
Invalid table-valued function EXTERNAL_QUERY Failed to connect to MySQL database. Error: MysqlErrorCode(2013): Lost connection to MySQL server during query at [1:15]
Region: Instance and Connection = asia-southeast1
Already set instance to Public IP
Already set BQ admin, Connection Admin
Already enabled API
Solved! Go to Solution.
To resolve this issue, you can follow these steps:
roles/cloudsql.client
) role. The service account follows the format service-PROJECT_NUMBER@gcp-sa-bigqueryconnection.iam.gserviceaccount.com
.You will need to set the default_authentication_plugin database flag on your CloudSQL to caching_
Please refer to https://cloud.google.com/sql/docs/mysql/flags#list-flags-mysql
To resolve this issue, you can follow these steps:
roles/cloudsql.client
) role. The service account follows the format service-PROJECT_NUMBER@gcp-sa-bigqueryconnection.iam.gserviceaccount.com
.I've already checked all and after I add cloud SQL client role I get this error instead ('caching_sha2_password)
Invalid table-valued function EXTERNAL_QUERY Failed to connect to MySQL database. Error: MysqlErrorCode(2059): Authentication plugin 'caching_sha2_password' cannot be loaded: /usr/lib/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory at [1:15]
You will need to set the default_authentication_plugin database flag on your CloudSQL to caching_
Please refer to https://cloud.google.com/sql/docs/mysql/flags#list-flags-mysql
Thank you!!! It's work after added default_authentication_plugin and changed credential to root
Hey, I am facing this error
Invalid table-valued function EXTERNAL_QUERY Failed to connect to MySQL database. Error: MysqlErrorCode(2059): Authentication plugin 'mysql_clear_password' cannot be loaded: /usr/lib/plugin/mysql_clear_password.so: cannot open shared object file: No such file or directory at [1:15]
I have added the flag as u mentioned above. But still, I am facing the same error. Any other possible problems that might be causing it
The error indicates a mismatch between the authentication plugin your MySQL client expects and the one your Cloud SQL instance uses.
Potential Causes and Troubleshooting Steps:
Authentication Plugin Mismatch
caching_sha2_password
or mysql_native_password
. Update them if necessary.default_authentication_plugin
on your Cloud SQL instance, but proceed cautiously and research implications as this is not always the first course of action.Permissions and Connectivity
Propagation Delay and Restart
SSL Configuration
mysql_clear_password
.Additional Tips:
Hi,
Thanks for your inputs.
By any chance can we bypass this requirement to use the Public IP enabled on the Cloud SQL instance? Our Application team has decided to disable this option considering it a security risk and since our pipeline was using the External Query to source Cloud SQL data into BQ, our pipelines will break going ahead.
Appreciate any workarounds or help in this regards.
Certainly! Disabling the Public IP on the Cloud SQL instance is a common security practice, and there are ways to connect to Cloud SQL from BigQuery without using a Public IP. Here are some alternatives:
Cloud SQL Proxy provides a secure way to connect to Cloud SQL instances without a Public IP. You can set up a Cloud SQL Proxy in a Compute Engine instance or a GKE cluster within the same VPC as your Cloud SQL instance.
Here's a high-level overview of how to set it up:
Detailed instructions can be found in the Cloud SQL Proxy documentation.
You can enable Private IP on the Cloud SQL instance and set up VPC peering between the Cloud SQL network and the network where BigQuery is running.
Here's how to do it:
More information on this approach can be found in the Private IP documentation.
Cloud SQL Federation allows you to query Cloud SQL data directly from BigQuery without copying the data into BigQuery. This can be done using Private IP.
Here's how to set it up:
EXTERNAL_QUERY
function in BigQuery to query the Cloud SQL data.More details can be found in the Cloud SQL Federation documentation.
If the above options are not suitable, you might consider using Google's Data Transfer Service to move data from Cloud SQL to BigQuery. This can be configured to use Private IP and provides a managed way to transfer data.
Each of these approaches has its own considerations in terms of complexity, performance, and security. It's essential to evaluate them in the context of your specific requirements and infrastructure.
Thanks for your prompt response. This is very helpful !
In the above post from 08-03-2023, several times you mention
@ms4446 wrote:Create a connection in BigQuery using the Private IP.
This seems to indicate an External Connection can be made using an IP (and presumably a port), but I have only found references to using a ConnectionID in console, bq CLI, and REST API. I feel like I must have overlooked something. Could you point me in the right direction?
Thanks
-Kevin
You are correct in noting that when creating a connection in BigQuery to access external data sources like Cloud SQL, you typically use a Connection ID rather than directly specifying an IP address and port in your queries. Let me clarify
Connecting BigQuery to Cloud SQL Using Private IP
Securely access your Cloud SQL data from BigQuery using Private IP connections. Here's a step-by-step guide:
1. Enable Private IP on Cloud SQL:
2. Create a BigQuery Connection Resource:
3. Use the Connection in BigQuery Queries:
EXTERNAL_QUERY
function, referencing your Connection ID:SELECT * FROM EXTERNAL_QUERY("project_id.region.connection_id", "SELECT * FROM your_table");
Security Considerations:
roles/cloudsql.client
role on your Cloud SQL instance.Benefits of Using Private IP:
For More Details:
Additional Tips:
Example:
SELECT * FROM EXTERNAL_QUERY("my-project.us-central1.my-cloudsql-connection", "SELECT name, age FROM customers WHERE age > 30");
Thank you for responding. This feels so close. I feel like I'm not looking in quite the right spot for 2. Create BigQuery Connection Resource: because what I see doesn't quite match up with your explanation. I'll include an image below, but here is how I got there:
Perhaps I don't have some service enabled on my project, or misread your instructions.
-Kevin
Hi @koconnor-ampion ,
Thanks for providing the screenshot. the steps you've taken have been in BigQuery Studio, which is a newer interface. This differs slightly from the classic BigQuery UI. While the overall concepts remain the same, the exact navigation and options can vary.
Scenario 1: Using BigQuery Studio
1. Enable Private IP on Cloud SQL:
Navigate to your Cloud SQL instance settings in the Google Cloud Console.
Ensure that "Private IP" is enabled, which may require configuring a VPC network if not already set up.
2. Create BigQuery Connection Resource:
In BigQuery Studio:
Click "ADD DATA" instead of "+ ADD" next to Explorer.
Select "Google Cloud" followed by "Cloud SQL".
Provide the following details:
Connection ID: A unique name for your connection.
Cloud SQL Instance Name: Select your instance from the dropdown list.
Database: Name of the database within your Cloud SQL instance.
Credentials: Input the username and password.
Scenario 2: Using Cloud SQL Proxy
1. Enable Private IP on Cloud SQL:
Same steps as in Scenario 1.
2. Configure Cloud SQL Proxy:
Deploy the Cloud SQL Proxy on a Compute Engine instance within the same VPC or a connected network environment.
Configure the proxy to use the Private IP of the Cloud SQL instance.
Note the port number on which the proxy is listening (default ports are typically 3306 for MySQL, 5432 for PostgreSQL).
3. Connect Applications to Cloud SQL Proxy:
Ensure that applications connecting to the Cloud SQL through the proxy are on the same network or connected via VPC peering.
Direct connection settings in BigQuery Studio to the Cloud SQL instance do not apply here; instead, focus on application-level configurations that use the proxy setup.
Important Notes
VPC Peering: If your Compute Engine instance (running the Cloud SQL Proxy) and your BigQuery environment are in different VPCs, you'll need to establish VPC Network Peering.
IAM Permissions: The BigQuery service account should be granted the roles/cloudsql.client
role on the Cloud SQL instance to facilitate interactions.
Documentation Link: For more detailed guidance, refer to Connecting to Cloud SQL using the Cloud SQL Proxy.
Sigh, you must be thinking that I am rather dense, or the interface for BigQuery Studio has changed again. Perhaps your directions work for a brand new BigQuery Studio, but I do not find an ADD DATA link that then allows me to select Google Cloud followed by Cloud SQL. I've been looking at some of the release docs and they would lead me to believe that I should find an +ADD DATA button on the Welcome Page . Mine, unfortunately, does not match the one in the docs. I have tried the links under Add your own data (see my screenshot again), but those add individual tables to a dataset.
Sorry to keep bugging you about this, but it really sounds like it should allow what I am trying to achieve.
Thanks again
-Kevin
service-PROJECT_NUMBER@gcp-sa-bigqueryconnection.iam.gserviceaccount.com this service account attached with connection but not in service account list.