Testing Cloud SQL Failover
391 views
Skip to first unread message
Peter Cheesewright
Jan 19, 2016, 12:16:06 PM1/19/16
to Google Cloud SQL discuss
I've been trying to test SQL failover using the following command:
curl --header 'Content-Type: application/json' --header 'Authorization: Bearer OATH_ACCESS_TOKEN_HERE' -X POST "https://www.googleapis.com/sql/v1beta4/projects/numeric-datum-118114/instances/asia-east1:db-master/failover" --data "{}"I started with the command here:
but it seems to be a bit off the mark. Eventually I ended up with the curl command above but I keep getting the following response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}The actual access token I'm using in the curl command is the one returned by:
gcloud auth loginI'm assuming this is the wrong thing to do?
How do I acquire an access token that allows me to make this call?
David Newgas
Jan 19, 2016, 12:36:48 PM1/19/16
to Google Cloud SQL discuss
I suspect you might be using a "authorization code" rather than an "access token". The authorization code exchanged as part of the "gcloud auth login" flow is just part of the login process. Try using "gcloud auth print-access-token" to actually get an access token you can use. Google's access tokens (currently) start with "ya29." which should help you identify it.
David
--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/5ed3f23d-b82a-481f-8885-7b986bce0966%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Peter Cheesewright
Jan 19, 2016, 5:20:58 PM1/19/16
to Google Cloud SQL discuss
The token I'm using does start "ya29."
It's the token obtained from the output of
gcloud auth loginafter completing the web flow.
Any other thoughts?
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsub...@googlegroups.com.
Vadim Berezniker
Jan 19, 2016, 5:24:12 PM1/19/16
to Google Cloud SQL discuss
As an alternative, you can also initiate the failover via the API explorer here:
Fill in the project and instance names.
The API explorer takes care of obtaining and sending the OAuth token.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/5ed3f23d-b82a-481f-8885-7b986bce0966%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/c2543eec-71ed-426f-a06f-6672c4a0012e%40googlegroups.com.
David Newgas
Jan 19, 2016, 5:26:21 PM1/19/16
to Google Cloud SQL discuss
I still suggest trying gcloud auth print-access-token.
You might also want to try putting the access token into https://apis-explorer.appspot.com/apis-explorer/#search/oauth2/oauth2/v2/oauth2.tokeninfo and clicking execute. You should make sure that the scope includes those required by the API. You should also check that the email returned has owner or editor permission on the project your instance is in.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/5ed3f23d-b82a-481f-8885-7b986bce0966%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/c2543eec-71ed-426f-a06f-6672c4a0012e%40googlegroups.com.To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.
Vishnu Fafat
Jan 19, 2016, 5:59:10 PM1/19/16
to google-cloud...@googlegroups.com
Hi,
You will have to set failoverContext.settingsVersion in the Request body for calling failover on an instance at https://cloud.google.com/sql/docs/admin-api/v1beta4/instances/failover#try-it.
You can get the settingsVersion by listing instances in the project at https://cloud.google.com/sql/docs/admin-api/v1beta4/instances/list#try-it.
I will get the curl command documentation at https://cloud.google.com/sql/docs/high-availability#test fixed.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/CAJZK_baXxbZRhD0Ls2ntR4FVcNoD-EP1x-dOtwx%2B5597-w23GA%40mail.gmail.com.
Vishnu Fafat
Peter Cheesewright
Jan 20, 2016, 5:42:01 AM1/20/16
to Google Cloud SQL discuss
I have now managed to initiate failover via the tryit utility that Vishnu pointed to above. I did have to set the failoverContext.settingsVersion but also I had to change the instance ID that I was passing from "asia-east1:db-master" to just "db-master" for it to work (putting "asia-east1:db-master" resulted in the error "The client is not authorized to make this request.").
However I still cannot get the curl command to work. I have tried using the access token returned by
gcloud auth print-access-tokenas David suggested but without success. (Why is "print-access-token" not documented in "gcloud help auth" ?)
Checking that token with
https://apis-explorer.appspot.com/apis-explorer/#search/oauth2/oauth2/v2/oauth2.tokeninfo
gives the expected email address, the following for the 'scope' property:
gives the expected email address, the following for the 'scope' property:
and the "access_type" as "offline".
Does this seem reasonable? I notice that the scope does not contain "https://www.googleapis.com/auth/sqlservice.admin" but does contain "https://www.googleapis.com/auth/cloud-platform" but then the documentation for the failover method says at least one of the 2 is required.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/5ed3f23d-b82a-481f-8885-7b986bce0966%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/c2543eec-71ed-426f-a06f-6672c4a0012e%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/CAJZK_baXxbZRhD0Ls2ntR4FVcNoD-EP1x-dOtwx%2B5597-w23GA%40mail.gmail.com.
--Vishnu Fafat
Peter Cheesewright
Jan 20, 2016, 5:47:03 AM1/20/16
to Google Cloud SQL discuss
Forgot to mention that my curl command now looks like this:
With the following error returned:
curl --header 'Content-Type: application/json' --header 'Authorization: Bearer OAUTH_ACCESS_TOKEN' -X POST "https://www.googleapis.com/sql/v1beta4/projects/numeric-datum-118114/instances/db-master/failover" --data '{"failoverContext":{"settingsVersion":14}}'{
"error": {
"errors": [
{
"domain": "global",
"reason": "staleData",
"message": "Condition does not match.",
"locationType": "header",
"location": "If-Match"
}
],
"code": 412,
"message": "Condition does not match."
}
}
Herman Tai
Jan 20, 2016, 5:34:32 PM1/20/16
to Google Cloud SQL discuss
Maybe you have done something between your last reply and now, but I am seeing your version is not at 29, so you get the error.
Peter Cheesewright
Jan 26, 2016, 4:16:34 AM1/26/16
to Google Cloud SQL discuss
I had not realized that the settingsVersion changes - it all makes sense now. With the correct value the curl command works.
Thank you all for your help.
Herman, how are you able to see my settingsVersion? Have I left something open to the world?
Herman Tai
Jan 26, 2016, 9:11:59 PM1/26/16
to Google Cloud SQL discuss
I work in the Cloud SQL team in Google. I can assure that nothing is leaked for your instance :) (okay, maybe the settings version, I will email you privately next time...)
Reply all
Reply to author
Forward
0 new messages