Skip to content

HyOps Cloud SQL External Replica Lifecycle

Purpose

org/gcp/cloudsql-external-replica is the live managed PostgreSQL DR module for the GCP lane.

It currently supports two operator phases:

  • assess
  • establish

assess validates upstream source posture and an existing Cloud SQL target.

establish creates Database Migration Service objects:

  • source PostgreSQL connection profile
  • destination Cloud SQL connection profile
  • migration job

Important:

  • the DMS establish path creates its own Cloud SQL replica
  • it does not reuse a standalone org/gcp/cloudsql-postgresql instance

Prerequisites

  • hyops init gcp completed for the selected environment
  • platform/onprem/postgresql-dr-source state is ok
  • for assess, org/gcp/cloudsql-postgresql state is ok
  • the operator has working gcloud authentication on the control host

Validate

cd /home/user/hybridops-studio/hybridops-core

./.venv/bin/hyops validate --env dev --skip-preflight \
  --module org/gcp/cloudsql-external-replica \
  --inputs modules/org/gcp/cloudsql-external-replica/examples/inputs.min.yml

Apply

cd /home/user/hybridops-studio/hybridops-core

./.venv/bin/hyops apply --env dev \
  --module org/gcp/cloudsql-external-replica \
  --inputs modules/org/gcp/cloudsql-external-replica/examples/inputs.min.yml

Establish

Prepare an operator input file with at least:

  • apply_mode: establish
  • project_state_ref or project_id
  • network_state_ref or private_network
  • source_connection_profile_name
  • destination_connection_profile_name
  • migration_job_name
  • source_replication_user
  • source_replication_password_env
  • connectivity_mode

Then run:

cd /home/user/hybridops-studio/hybridops-core

./.venv/bin/hyops apply --env dev \
  --module org/gcp/cloudsql-external-replica \
  --inputs <operator-establish-inputs.yml>

Expected outputs

  • cap.db.managed_external_replica = assessed|established
  • managed_replication_mode = logical
  • managed_replication_prereqs_ready = true|false
  • managed_replication_established = true|false
  • target instance metadata and target private IP
  • source leader and source replication candidate signal

Notes

  • The module copies the operator's existing ~/.config/gcloud into the HyOps runtime cache on first use so packaged runs do not rely on write access to the default gcloud config directory.
  • The module keeps replication secrets out of Terraform state by using gcloud on the controller side.
  • static-ip connectivity requires the source database to accept DMS traffic from an allowlisted public IP.
  • reverse-ssh connectivity requires an explicit bastion VM and VPC input.