Per connetterti al database da indirizzi IP esterni alla tua organizzazione sandbox GDC, segui le istruzioni riportate in Connettersi al database per attivare le connessioni esterne.
Puoi utilizzare sshuttle per connetterti al tuo database con un client di database locale come psql:
Vai alla sezione Connettività della pagina Database Service per il cluster di database. Questa pagina include:
La password dell'account amministratore (il nome utente è dbsadmin)
Nome host e numero di porta dell'endpoint principale del cluster di database
Un comando psql per connettersi al cluster (per i cluster di database PostgreSQL e AlloyDB Omni)
Un link per scaricare il certificato dell'autorità di certificazione (CA) del
cluster di database
Scarica il certificato CA dalla console GDC nella sezione
Connettività della pagina Database Service per il tuo
cluster di database.
Configura il client in modo che utilizzi il certificato CA per verificare il database. Per i client
psql, imposta la variabile di ambiente PGSSLROOTCERT sul percorso del file
del certificato e la variabile di ambiente PGSSLMODE in base alle tue preferenze:
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema è stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Difficile da capire","hardToUnderstand","thumb-down"],["Informazioni o codice di esempio errati","incorrectInformationOrSampleCode","thumb-down"],["Mancano le informazioni o gli esempi di cui ho bisogno","missingTheInformationSamplesINeed","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Altra","otherDown","thumb-down"]],["Ultimo aggiornamento 2025-09-04 UTC."],[],[],null,["# Manage databases\n\nGDC Sandbox provides the Database Service to test and manage database\nclusters.\n\nTo create a database cluster, see\n[Choose a database engine type and create a database cluster](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/db-service#create).\n| **Note:** GDC Sandbox supports only PostgreSQL and AlloyDB databases.\n\nConnect to the Database\n-----------------------\n\nBy default, a database cluster only allows connection from within the user cluster and the same project.\n\nTo enable connections to all database clusters in your project from another project, see [Enable cross-project connections](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/db-service#cross_project_connections).\n\nTo connect to the database from IP addresses outside your GDC Sandbox organization, follow the instructions at [Connect to DB](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/db-service#connect) to enable the external connections.\n\nYou can use `sshuttle` to connect to your database with a local database client like `psql`:\n\n1. Navigate to the **Connectivity** section of the **Database Service** page for the database cluster. This page includes:\n\n - The password of the administrator account (the username is `dbsadmin`)\n - Hostname and port number of the database cluster's primary endpoint\n - A `psql` command for connecting to the cluster (for PostgreSQL and AlloyDB Omni database clusters)\n - A link to download the certificate authority (CA) certificate of the database cluster\n2. Download the CA certificate from the GDC console in the\n **Connectivity** section of the **Database Service** page for your\n database cluster.\n\n3. Configure your client to use the CA certificate to verify the database. For\n `psql` clients, set the `PGSSLROOTCERT` env variable to the path of the\n certificate file and the `PGSSLMODE` env variable to your preference:\n\n export PGSSLROOTCERT=\u003cvar translate=\"no\"\u003epath/to/\u003c/var\u003eaccounts_cert.pem\n export PGSSLMODE=\"verify-full\"\n\n4. Initiate a secure tunnel. If you have a running instance of `sshuttle` as described in [Connect to your instance](/distributed-cloud/sandbox/latest/connect), terminate that process.\n\n sshuttle -r zone1-org-1-data@\u003cvar translate=\"no\"\u003eGDC_SANDBOX_INSTANCE_NAME\u003c/var\u003e --no-latency-control \\\n --ssh-cmd 'gcloud compute ssh --project \u003cvar translate=\"no\"\u003ePROJECT_NAME\u003c/var\u003e --zone \u003cvar translate=\"no\"\u003eZONE\u003c/var\u003e --tunnel-through-iap' \\\n 10.200.0.0/16 --dns\n\n Replace the following with the values provided to you by the GDC Sandbox team:\n - \u003cvar translate=\"no\"\u003eGDC_SANDBOX_INSTANCE_NAME\u003c/var\u003e: the name of your GDC Sandbox instance.\n - \u003cvar translate=\"no\"\u003ePROJECT_NAME\u003c/var\u003e: the project containing your GDC Sandbox environment.\n - \u003cvar translate=\"no\"\u003eZONE\u003c/var\u003e: the zone containing your GDC Sandbox environment.\n5. While the tunnel is active, run the command using `psql` in a different terminal\n\n PGPASSWORD=\u003cvar translate=\"no\"\u003eDB_PASSWORD\u003c/var\u003e psql -h \u003cvar translate=\"no\"\u003eDB_HOSTNAME\u003c/var\u003e -p \u003cvar translate=\"no\"\u003ePORT\u003c/var\u003e -U \u003cvar translate=\"no\"\u003eUSERNAME\u003c/var\u003e -d postgres\n\n Replace the following variables:\n - \u003cvar translate=\"no\"\u003epath/to/\u003c/var\u003e: the path to the `accounts_cert.pem` certificate.\n - \u003cvar translate=\"no\"\u003eDB_PASSWORD\u003c/var\u003e: the password from the console UI.\n - \u003cvar translate=\"no\"\u003eDB_HOSTNAME\u003c/var\u003e: the database hostname from the console.\n - \u003cvar translate=\"no\"\u003eDB_PORT\u003c/var\u003e: the database port number from the console.\n - \u003cvar translate=\"no\"\u003eDB_USERNAME\u003c/var\u003e: the database username from the console."]]