1. Introduction
In this codelab you will learn how to deploy the GenAI Databases Retrieval Service and create a sample interactive application using the deployed environment.
You can get more information about the GenAI Retrieval Service and the sample application here.
Prerequisites
- A basic understanding of the Google Cloud Console
- Basic skills in command line interface and Google Cloud shell
What you'll learn
- How to create a Cloud SQL instance
- How to connect to the instance
- How to configure and deploy GenAI Databases Retrieval Service
- How to deploy a sample application using the deployed service
What you'll need
- A Google Cloud Account and Google Cloud Project
- A web browser such as Chrome
2. Setup and Requirements
Self-paced environment setup
- Sign-in to the Google Cloud Console and create a new project or reuse an existing one. If you don't already have a Gmail or Google Workspace account, you must create one.
- The Project name is the display name for this project's participants. It is a character string not used by Google APIs. You can always update it.
- The Project ID is unique across all Google Cloud projects and is immutable (cannot be changed after it has been set). The Cloud Console auto-generates a unique string; usually you don't care what it is. In most codelabs, you'll need to reference your Project ID (typically identified as
PROJECT_ID). If you don't like the generated ID, you might generate another random one. Alternatively, you can try your own, and see if it's available. It can't be changed after this step and remains for the duration of the project. - For your information, there is a third value, a Project Number, which some APIs use. Learn more about all three of these values in the documentation.
- Next, you'll need to enable billing in the Cloud Console to use Cloud resources/APIs. Running through this codelab won't cost much, if anything at all. To shut down resources to avoid incurring billing beyond this tutorial, you can delete the resources you created or delete the project. New Google Cloud users are eligible for the $300 USD Free Trial program.
Start Cloud Shell
While Google Cloud can be operated remotely from your laptop, in this codelab you will be using Google Cloud Shell, a command line environment running in the Cloud.
From the Google Cloud Console, click the Cloud Shell icon on the top right toolbar:
It should only take a few moments to provision and connect to the environment. When it is finished, you should see something like this:
This virtual machine is loaded with all the development tools you'll need. It offers a persistent 5GB home directory, and runs on Google Cloud, greatly enhancing network performance and authentication. All of your work in this codelab can be done within a browser. You do not need to install anything.
3. Before you begin
Enable API
Inside Cloud Shell, make sure that your project ID is setup:
Usually the project ID is shown in parentheses in the command prompt in the cloud shell as it is shown in the picture:
gcloud config set project [YOUR-PROJECT-ID]
Then set the PROJECT_ID environment variable to your Google Cloud project ID:
PROJECT_ID=$(gcloud config get-value project)
Enable all necessary services:
gcloud services enable sqladmin.googleapis.com \
compute.googleapis.com \
cloudresourcemanager.googleapis.com \
servicenetworking.googleapis.com \
vpcaccess.googleapis.com \
aiplatform.googleapis.com \
cloudbuild.googleapis.com \
artifactregistry.googleapis.com \
run.googleapis.com \
iam.googleapis.com
Expected console output:
student@cloudshell:~ (gleb-test-short-004)$ gcloud services enable sqladmin.googleapis.com \
compute.googleapis.com \
cloudresourcemanager.googleapis.com \
servicenetworking.googleapis.com \
vpcaccess.googleapis.com \
aiplatform.googleapis.com \
cloudbuild.googleapis.com \
artifactregistry.googleapis.com \
run.googleapis.com \
iam.googleapis.com
Operation "operations/acf.p2-404051529011-664c71ad-cb2b-4ab4-86c1-1f3157d70ba1" finished successfully.
4. Create a Cloud SQL instance
Create a Cloud SQL instance with vector support enabled.
Create a password
Define password for the default database user. You can define your own password or use a random function to generate one
export CLOUDSQL_PASSWORD=`openssl rand -hex 12`
Note the generated value for the password
echo $CLOUDSQL_PASSWORD
MySQL
You can enable the cloudsql_vector flag at instance creation. Currently, vector support is offered in MySQL 8.0.36 & 8.0.37.
export region=us-central1
gcloud sql instances create my-cloudsql-instance --region=$region --database-version=MYSQL_8_0_36 --database-flags=cloudsql_vector=ON --root-password=$CLOUDSQL_PASSWORD
Expected console output (IP address redacted):
student@cloudshell:~ export region=us-central1 gcloud sql instances create my-cloudsql-instance --region=$region --database-version=MYSQL_8_0_36 --database-flags=cloudsql_vector=ON --root-password=$CLOUDSQL_PASSWORD Creating Cloud SQL instance for MYSQL_8_0_36...done. Created [https://sqladmin.googleapis.com/sql/v1beta4/projects/test-project-402417/instances/my-cloudsql-instance]. NAME DATABASE_VERSION LOCATION TIER PRIMARY_ADDRESS PRIVATE_ADDRESS STATUS my-cloudsql-instance MYSQL_8_0_36 us-central1-a db-n1-standard-1 00.000.00.00 - RUNNABLE
PostgreSQL
The pgvector extension is offered in versions >= 11.
export region=us-central1
gcloud sql instances create my-cloudsql-instance --region=$region --database-version=POSTGRES_15 --tier=db-g1-small
Expected console output (IP address redacted):
student@cloudshell:~ export region=us-central1 gcloud sql instances create my-cloudsql-instance --region=$region --database-version=POSTGRES_15 --tier=db-g1-small Creating Cloud SQL instance for POSTGRES_15...done. Created [https://sqladmin.googleapis.com/sql/v1beta4/projects/test-project-402417/instances/my-cloudsql-instance]. NAME DATABASE_VERSION LOCATION TIER PRIMARY_ADDRESS PRIVATE_ADDRESS STATUS my-cloudsql-instance POSTGRES_15 us-central1-a db-g1-small 00.000.00.00 - RUNNABLE
After creating the instance, we need to define a password for the default user in the instance and check if we can connect with the password. Put your password in the prompt when it is ready to connect.
gcloud sql users set-password postgres \
--instance=my-cloudsql-instance \
--password=$CLOUDSQL_PASSWORD
gcloud sql connect my-cloudsql-instance --user=postgres
Expected console output:
student@cloudshell:~ (test-project-402417)$ gcloud sql users set-password postgres \
--instance=my-cloudsql-instance \
--password=$CLOUDSQL_PASSWORD
gcloud sql connect my-cloudsql-instance --user=postgres
Updating Cloud SQL user...done.
Allowlisting your IP for incoming connection for 5 minutes...done.
Connecting to database with SQL user [postgres].Password:
psql (16.3 (Ubuntu 16.3-1.pgdg22.04+1), server 15.7)
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off)
Type "help" for help.
postgres=>
Exit the psql session:
exit
5. Prepare GCE Virtual Machine
Create Service Account
Since we will use our VM to deploy our GenAI Databases Retrieval service and host a sample application, the first step is to create a Google Service Account (GSA). The GSA will be used by the GCE VM, and we will need to grant it the necessary privileges to work with other services.
In the Cloud Shell execute:
PROJECT_ID=$(gcloud config get-value project)
gcloud iam service-accounts create compute-aip --project $PROJECT_ID
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:compute-aip@$PROJECT_ID.iam.gserviceaccount.com" \
--role="roles/cloudbuild.builds.editor"
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:compute-aip@$PROJECT_ID.iam.gserviceaccount.com" \
--role="roles/artifactregistry.admin"
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:compute-aip@$PROJECT_ID.iam.gserviceaccount.com" \
--role="roles/storage.admin"
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:compute-aip@$PROJECT_ID.iam.gserviceaccount.com" \
--role="roles/run.admin"
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:compute-aip@$PROJECT_ID.iam.gserviceaccount.com" \
--role="roles/iam.serviceAccountUser"
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:compute-aip@$PROJECT_ID.iam.gserviceaccount.com" \
--role="roles/cloudsql.viewer"
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:compute-aip@$PROJECT_ID.iam.gserviceaccount.com" \
--role="roles/cloudsql.client"
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:compute-aip@$PROJECT_ID.iam.gserviceaccount.com" \
--role="roles/aiplatform.user"
Deploy GCE VM
Create a GCE VM in the same region and VPC as the Cloud SQL instance.
In Cloud Shell execute:
export ZONE=us-central1-a
gcloud compute instances create instance-1 \
--zone=$ZONE \
--create-disk=auto-delete=yes,boot=yes,image=projects/debian-cloud/global/images/$(gcloud compute images list --filter="family=debian-12 AND family!=debian-12-arm64" --format="value(name)") \
--scopes=https://www.googleapis.com/auth/cloud-platform \
--service-account=compute-aip@$PROJECT_ID.iam.gserviceaccount.com
Expected console output:
student@cloudshell:~ (test-project-402417)$ export ZONE=us-central1-a
student@cloudshell:~ (test-project-402417)$ export ZONE=us-central1-a
gcloud compute instances create instance-1 \
--zone=$ZONE \
--create-disk=auto-delete=yes,boot=yes,image=projects/debian-cloud/global/images/$(gcloud compute images list --filter="family=debian-12 AND family!=debian-12-arm64" --format="value(name)") \
--scopes=https://www.googleapis.com/auth/cloud-platform
Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/zones/us-central1-a/instances/instance-1].
NAME: instance-1
ZONE: us-central1-a
MACHINE_TYPE: n1-standard-1
PREEMPTIBLE:
INTERNAL_IP: 10.128.0.2
EXTERNAL_IP: 34.71.192.233
STATUS: RUNNING
Authorize the VM to connect to Cloud SQL
We need to add our VM public IP to the list of authorized networks for our Cloud SQL instance. In the cloud shell execute:
VM_EXTERNAL_IP=$(gcloud compute instances describe instance-1 --zone=us-central1-a --format='get(networkInterfaces[0].accessConfigs[0].natIP)')
gcloud sql instances patch my-cloudsql-instance --authorized-networks=$VM_EXTERNAL_IP
Expected console output:
student@cloudshell:~ (test-project-402417)$ export ZONE=us-central1-a
student@cloudshell:~ (test-project-402417)$ VM_EXTERNAL_IP=$(gcloud compute instances describe instance-1 --zone=us-central1-a --format='get(networkInterfaces[0].accessConfigs[0].natIP)')
gcloud sql instances patch my-cloudsql-instance --authorized-networks=$VM_EXTERNAL_IP
When adding a new IP address to authorized networks, make sure to also include any IP addresses that have already been authorized. Otherwise, they will be overwritten and de-authorized.
Do you want to continue (Y/n)? Y
The following message will be used for the patch API method.
{"name": "my-cloudsql-instance", "project": "test-project-402417", "settings": {"ipConfiguration": {"authorizedNetworks": [{"value": "34.71.252.173"}]}}}
Patching Cloud SQL instance...done.
Updated [https://sqladmin.googleapis.com/sql/v1beta4/projects/test-project-402417/instances/my-cloudsql-instance].
Install the database client
MySQL
Install the MySQL client software on the deployed VM.
Connect to the VM:
gcloud compute ssh instance-1 --zone=us-central1-a
Expected console output:
student@cloudshell:~ (test-project-402417)$ gcloud compute ssh instance-1 --zone=us-central1-a Updating project ssh metadata...working..Updated [https://www.googleapis.com/compute/v1/projects/test-project-402417]. Updating project ssh metadata...done. Waiting for SSH key to propagate. Warning: Permanently added 'compute.5110295539541121102' (ECDSA) to the list of known hosts. Linux instance-1 5.10.0-26-cloud-amd64 #1 SMP Debian 5.10.197-1 (2023-09-29) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. student@instance-1:~$
Install the software running command inside the VM:
sudo apt-get update
sudo apt-get install --yes default-mysql-client
Expected console output:
student@instance-1:~$ sudo apt-get update sudo apt-get install --yes mysql-client Reading package lists... Done Building dependency tree... Done Reading state information... Done The following additional packages will be installed: libconfig-inifiles-perl libdbd-mariadb-perl libdbi-perl libgdbm-compat4 libperl5.32 libterm-readkey-perl mariadb-client-10.5 mariadb-client-core-10.5 perl perl-modules-5.32 Suggested packages: libclone-perl libmldbm-perl libnet-daemon-perl libsql-statement-perl perl-doc libterm-readline-gnu-perl | libterm-readline-perl-perl make libtap-harness-archive-perl The following NEW packages will be installed: default-mysql-client libconfig-inifiles-perl libdbd-mariadb-perl libdbi-perl libgdbm-compat4 libperl5.32 libterm-readkey-perl mariadb-client-10.5 mariadb-client-core-10.5 perl Perl-modules-5.32 ...redacted... Processing triggers for libc-bin (2.31-13+deb11u10) ...
PostgreSQL
Install the PostgreSQL client software on the deployed VM.
Connect to the VM:
gcloud compute ssh instance-1 --zone=us-central1-a
Expected console output:
student@cloudshell:~ (test-project-402417)$ gcloud compute ssh instance-1 --zone=us-central1-a Updating project ssh metadata...working..Updated [https://www.googleapis.com/compute/v1/projects/test-project-402417]. Updating project ssh metadata...done. Waiting for SSH key to propagate. Warning: Permanently added 'compute.5110295539541121102' (ECDSA) to the list of known hosts. Linux instance-1 5.10.0-26-cloud-amd64 #1 SMP Debian 5.10.197-1 (2023-09-29) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. student@instance-1:~$
Install the software running command inside the VM:
sudo apt-get update
sudo apt-get install --yes postgresql-client
Expected console output:
student@instance-1:~$ sudo apt-get update sudo apt-get install --yes postgresql-client Get:1 file:/etc/apt/mirrors/debian.list Mirrorlist [30 B] Get:4 file:/etc/apt/mirrors/debian-security.list Mirrorlist [39 B] Hit:7 https://packages.cloud.google.com/apt google-compute-engine-bookworm-stable InRelease Get:8 https://packages.cloud.google.com/apt cloud-sdk-bookworm InRelease [1652 B] Get:2 https://deb.debian.org/debian bookworm InRelease [151 kB] Get:3 https://deb.debian.org/debian bookworm-updates InRelease [55.4 kB] ...redacted... update-alternatives: using /usr/share/postgresql/15/man/man1/psql.1.gz to provide /usr/share/man/man1/psql.1.gz (psql.1.gz) in auto mode Setting up postgresql-client (15+248) ... Processing triggers for man-db (2.11.2-2) ... Processing triggers for libc-bin (2.36-9+deb12u7) ...
Connect to the Instance
MySQL
Connect to the primary instance from the VM using MySQL.
Continue with the opened SSH session to your VM. If you have been disconnected, then connect again using the same command as above.
Use the previously noted $CLOUDSQL_PASSWORD and the instance name to connect to Cloud SQL from the GCE VM:
export CLOUDSQL_PASSWORD=<Noted password>
export PROJECT_ID=$(gcloud config get-value project)
export REGION=us-central1
export INSTANCE_NAME=my-cloudsql-instance
export INSTANCE_IP=$(gcloud sql instances list --filter=name:$INSTANCE_NAME --format="value(PRIMARY_ADDRESS)")
mysql --host=$INSTANCE_IP --user=root --password=$CLOUDSQL_PASSWORD
Expected console output:
student@instance-1:~$ export CLOUDSQL_PASSWORD=P9... student@instance-1:~$ export REGION=us-central1 student@instance-1:~$ export INSTANCE_NAME=my-cloud-sql-instance student@instance-1:~$ export INSTANCE_IP=$(gcloud sql instances list --filter=name:$INSTANCE_NAME --format="value(PRIMARY_ADDRESS)") student@instance-1:~$ mysql –host=$INSTANCE_IP –user=root –password=$CLOUDSQL_PASSWORD –sslmode=require Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 2824706 Server version: 8.0.36-google (Google) Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MySQL [(none)]>
Exit from the MySQL session keeping the SSH connection up:
exit
Expected console output:
MySQL [(none)]> exit Bye student@instance-1:~$
PostgreSQL
Connect to the primary instance from the VM using psql.
Continue with the opened SSH session to your VM. If you have been disconnected then connect again using the same command as above.
Use the previously noted $CLOUDSQL_PASSWORD and the instance name to connect to PostgreSQL from the GCE VM:
export PGPASSWORD=<Noted password (CLOUDSQL_PASSWORD)>
export CLOUDSQL_PASSWORD=$PGPASSWORD
export PROJECT_ID=$(gcloud config get-value project)
export REGION=us-central1
export INSTANCE_NAME=my-cloudsql-instance
export INSTANCE_IP=$(gcloud sql instances list --filter=name:$INSTANCE_NAME --format="value(PRIMARY_ADDRESS)")
psql "host=$INSTANCE_IP user=postgres sslmode=require"
Expected console output:
student@instance-1:~$ export CLOUDSQL_PASSWORD=P9...
student@instance-1:~$ export REGION=us-central1
student@instance-1:~$ export INSTANCE_IP=$(gcloud sql instances list --filter=name:$INSTANCE_NAME --format="value(PRIMARY_ADDRESS)")
student@instance-1:~$ psql "host=$INSTANCE_IP user=postgres sslmode=require"
psql (13.11 (Debian 13.11-0+deb11u1), server 14.7)
WARNING: psql major version 13, server major version 14.
Some psql features might not work.
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
postgres=>
Exit from the psql session keeping the SSH connection up:
exit
Expected console output:
postgres=> exit student@instance-1:~$
6. Initialize the database
We are going to use our client VM as a platform to populate our database with data and host our application. The first step is to create a database and populate it with data.
Create Database
MySQL
Create a database with name "assistantdemo".
In the GCE VM session execute:
mysql --host=$INSTANCE_IP --user=root --password=$CLOUDSQL_PASSWORD -e "CREATE DATABASE assistantdemo"
Expected console output (no output):
student@instance-1:~$ mysql --host=$INSTANCE_IP --user=root --password=$CLOUDSQL_PASSWORD -e "CREATE DATABASE assistantdemo" student@instance-1:~$
PostgreSQL
Create a database with name "assistantdemo".
In the GCE VM session execute:
psql "host=$INSTANCE_IP user=postgres" -c "CREATE DATABASE assistantdemo"
Expected console output:
student@instance-1:~$ psql "host=$INSTANCE_IP user=postgres" -c "CREATE DATABASE assistantdemo" CREATE DATABASE student@instance-1:~$
Enable pgvector extension.
psql "host=$INSTANCE_IP user=postgres dbname=assistantdemo" -c "CREATE EXTENSION vector"
Expected console output (no output):
student@instance-1:~$ psql "host=$INSTANCE_IP user=postgres dbname=assistantdemo" -c "CREATE EXTENSION vector" CREATE EXTENSION student@instance-1:~$
Prepare Python Environment
To continue we are going to use prepared Python scripts from GitHub repository but before doing that we need to install the required software.
In the GCE VM execute:
sudo apt install -y python3.11-venv git
python3 -m venv .venv
source .venv/bin/activate
pip install --upgrade pip
Expected console output:
student@instance-1:~$ sudo apt install -y python3.11-venv git
python3 -m venv .venv
source .venv/bin/activate
pip install --upgrade pip
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
git-man liberror-perl patch python3-distutils python3-lib2to3 python3-pip-whl python3-setuptools-whl
Suggested packages:
git-daemon-run | git-daemon-sysvinit git-doc git-email git-gui gitk gitweb git-cvs git-mediawiki git-svn ed diffutils-doc
The following NEW packages will be installed:
git git-man liberror-perl patch python3-distutils python3-lib2to3 python3-pip-whl python3-setuptools-whl python3.11-venv
0 upgraded, 9 newly installed, 0 to remove and 2 not upgraded.
Need to get 12.4 MB of archives.
After this operation, 52.2 MB of additional disk space will be used.
Get:1 file:/etc/apt/mirrors/debian.list Mirrorlist [30 B]
...redacted...
Installing collected packages: pip
Attempting uninstall: pip
Found existing installation: pip 23.0.1
Uninstalling pip-23.0.1:
Successfully uninstalled pip-23.0.1
Successfully installed pip-24.0
(.venv) student@instance-1:~$
Verify Python version.
In the GCE VM execute:
python -V
Expected console output:
(.venv) student@instance-1:~$ python -V Python 3.11.2 (.venv) student@instance-1:~$
Prepare configuration file
Clone the GitHub repository with the code for the retrieval service and sample application.
In the GCE VM execute:
git clone https://github.com/GoogleCloudPlatform/genai-databases-retrieval-app.git
Expected console output:
student@instance-1:~$ git clone https://github.com/GoogleCloudPlatform/genai-databases-retrieval-app.git Cloning into 'genai-databases-retrieval-app'... remote: Enumerating objects: 525, done. remote: Counting objects: 100% (336/336), done. remote: Compressing objects: 100% (201/201), done. remote: Total 525 (delta 224), reused 179 (delta 135), pack-reused 189 Receiving objects: 100% (525/525), 46.58 MiB | 16.16 MiB/s, done. Resolving deltas: 100% (289/289), done.
MySQL
In the GCE VM execute:
cd ~/genai-databases-retrieval-app/retrieval_service
cp example-config-cloudsql.yml config.yml
cp example-config-cloudsql.yml config.yml
sed -i s/engine/mysql/g config.yml
sed -i s/my-project/$PROJECT_ID/g config.yml
sed -i s/my-region/$REGION/g config.yml
sed -i s/my-instance/$INSTANCE_NAME/g config.yml
sed -i s/my-password//g config.yml
sed -i s/my_database/assistantdemo/g config.yml
sed -i s/my-user/root/g config.yml
cat config.yml
Expected console output:
student@instance-1:~$ cd genai-databases-retrieval-app/retrieval_service cp example-config-cloudsql.yml config.yml sed -i s/127.0.0.1/$INSTANCE_IP/g config.yml sed -i s/my-password/$CLOUDSQL_PASSWORD/g config.yml sed -i s/my_database/assistantdemo/g config.yml sed -i s/my-user/postgres/g config.yml cat config.yml host: 0.0.0.0 # port: 8080 datastore: # Example for MySQL kind: "cloudsql-mysql" host: 10.65.0.2 # port: 5432 database: "assistantdemo" user: "root" password: "P9..."
Postgres
In the GCE VM execute:
cd ~/genai-databases-retrieval-app/retrieval_service
cp example-config-cloudsql.yml config.yml
sed -i s/engine/postgres/g config.yml
sed -i s/my-project/$PROJECT_ID/g config.yml
sed -i s/my-region/$REGION/g config.yml
sed -i s/my-instance/$INSTANCE_NAME/g config.yml
sed -i s/my-password/$PGPASSWORD/g config.yml
sed -i s/my_database/assistantdemo/g config.yml
sed -i s/my-user/postgres/g config.yml
cat config.yml
Expected console output:
student@instance-1:~$ cd genai-databases-retrieval-app/retrieval_service cp example-config-cloudsql.yml config.yml sed -i s/engine/postgres/g config.yml sed -i s/my-project/$PROJECT_ID/g config.yml sed -i s/my-region/$REGION/g config.yml sed -i s/my-instance/$INSTANCE_NAME/g config.yml sed -i s/my-password/$CLOUDSQL_PASSWORD/g config.yml sed -i s/my_database/assistantdemo/g config.yml sed -i s/my-user/postgres/g config.yml cat config.yml host: 0.0.0.0 # port: 8080 datastore: # Example for Postgres kind: "cloudsql-postgres" host: 10.65.0.2 # port: 5432 database: "assistantdemo" user: "postgres" password: "P9..."
Populate database
Populate database with the sample dataset. The first command is adding all required packages to our Python virtual environment and the second command is populating our database with the data.
In the GCE VM execute:
cd ~/genai-databases-retrieval-app/retrieval_service
pip install -r requirements.txt
python run_database_init.py
Expected console output (redacted):
student@instance-1:~/genai-databases-retrieval-app/retrieval_service$ pip install -r requirements.txt python run_database_init.py Collecting asyncpg==0.28.0 (from -r requirements.txt (line 1)) Obtaining dependency information for asyncpg==0.28.0 from https://files.pythonhosted.org/packages/77/a4/88069f7935b14c58534442a57be3299179eb46aace2d3c8716be199ff6a6/asyncpg-0.28.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata Downloading asyncpg-0.28.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (4.3 kB) Collecting fastapi==0.101.1 (from -r requirements.txt (line 2)) ... database init done. student@instance-1:~/genai-databases-retrieval-app/retrieval_service$
7. Deploy the Retrieval Service to Cloud Run
Now we can deploy the retrieval service to Cloud Run. The service is responsible to work with the database and extract necessary information from the database based on the request from an AI application.
Create Service Account
Create a service account for the retrieval service and grant necessary privileges.
Open another Cloud Shell tab using the sign "+" at the top.
In the new cloud shell tab execute:
export PROJECT_ID=$(gcloud config get-value project)
gcloud iam service-accounts create retrieval-identity
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:retrieval-identity@$PROJECT_ID.iam.gserviceaccount.com" \
--role="roles/aiplatform.user"
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:retrieval-identity@$PROJECT_ID.iam.gserviceaccount.com" \
--role="roles/cloudsql.client"
Expected console output:
student@cloudshell:~ (gleb-test-short-003)$ gcloud iam service-accounts create retrieval-identity Created service account [retrieval-identity].
Close the tab by either execution command "exit" in the tab:
exit
Deploy the Retrieval Service
Continue in the first tab where you are connected to the VM through SSH by deploying the service.
In the VM SSH session execute:
cd ~/genai-databases-retrieval-app
gcloud alpha run deploy retrieval-service \
--source=./retrieval_service/\
--no-allow-unauthenticated \
--service-account retrieval-identity \
--region us-central1 \
--network=default \
--quiet
Expected console output:
student@instance-1:~/genai-databases-retrieval-app$ gcloud alpha run deploy retrieval-service \
--source=./retrieval_service/\
--no-allow-unauthenticated \
--service-account retrieval-identity \
--region us-central1 \
--network=default
This command is equivalent to running `gcloud builds submit --tag [IMAGE] ./retrieval_service/` and `gcloud run deploy retrieval-service --image [IMAGE]`
Building using Dockerfile and deploying container to Cloud Run service [retrieval-service] in project [gleb-test-short-003] region [us-central1]
X Building and deploying... Done.
✓ Uploading sources...
✓ Building Container... Logs are available at [https://console.cloud.google.com/cloud-build/builds/6ebe74bf-3039-4221-b2e9-7ca8fa8dad8e?project=1012713954588].
✓ Creating Revision...
✓ Routing traffic...
Setting IAM Policy...
Completed with warnings:
Setting IAM policy failed, try "gcloud beta run services remove-iam-policy-binding --region=us-central1 --member=allUsers --role=roles/run.invoker retrieval-service"
Service [retrieval-service] revision [retrieval-service-00002-4pl] has been deployed and is serving 100 percent of traffic.
Service URL: https://retrieval-service-onme64eorq-uc.a.run.app
student@instance-1:~/genai-databases-retrieval-app$
Verify The Service
Now we can check if the service runs correctly and the VM has access to the endpoint. We use gcloud utility to get the retrieval service endpoint. Alternatively you can check it in the cloud console and replace in the curl command the "$(gcloud run services list –filter="(retrieval-service)" by the value from there.
In the VM SSH session execute:
curl -H "Authorization: Bearer $(gcloud auth print-identity-token)" $(gcloud run services list --filter="(retrieval-service)" --format="value(URL)")
Expected console output:
student@instance-1:~/genai-databases-retrieval-app$ curl -H "Authorization: Bearer $(gcloud auth print-identity-token)" $(gcloud run services list --filter="(retrieval-service)" --format="value(URL)")
{"message":"Hello World"}student@instance-1:~/genai-databases-retrieval-app$
If we see the "Hello World" message it means our service is up and serving the requests.
8. Deploy Sample Application
Now when we have the retrieval service up and running we can deploy a sample application which is going to use the service. The application can be deployed on the VM or any other service like Cloud Run, Kubernetes or even locally on a laptop. Here we are going to show how to deploy it on the VM.
Prepare the environment
We continue to work on our VM using the same SSH session. To run our application we need to add some Python modules. The command will be executed from the application directory in the same Python virtual environment.
In the VM SSH session execute:
cd ~/genai-databases-retrieval-app/llm_demo
pip install -r requirements.txt
Expected output (redacted):
student@instance-1:~$ cd ~/genai-databases-retrieval-app/llm_demo pip install -r requirements.txt Collecting fastapi==0.104.0 (from -r requirements.txt (line 1)) Obtaining dependency information for fastapi==0.104.0 from https://files.pythonhosted.org/packages/db/30/b8d323119c37e15b7fa639e65e0eb7d81eb675ba166ac83e695aad3bd321/fastapi-0.104.0-py3-none-any.whl.metadata Downloading fastapi-0.104.0-py3-none-any.whl.metadata (24 kB) ...
Prepare Client ID
To use booking functionality of the application we need to prepare OAuth 2.0 Client ID using Cloud Console. It will be when we sign into the application since booking is using clients credentials to record the booking data in the database.
In the Cloud Console go to the APIs and Services and click on "OAuth consent screen" and choose "Internal" user.
Then push "Create" and follow on the next screen.
You need to fill out required fields such as "App name" and "User support email". Also you can add a domain you want to show on the consent screen and finally the "Developer contact information"
Then you push the "Save And Continue" button at the bottom of the page and it will lead you to the next page.
You don't need to change anything there unless you want to specify the scopes. Finally you confirm it by pushing the button "Save And Continue" again. That will set up the application consent screen.
The next step is to create the client ID. On the left panel you click "Credentials" which lead you to the credentials for OAuth2.
Here you click "Create Credentials'' at the top and choose "OAuth ClientID". Then it will open another screen.
Pick up "Web application" from the dropdown list for application type and put your application URI (and port - optionally) as the "Authorized JavaScript origins". And you need to add to the "Authorized redirect URIs" your application host with "/login/google" at the end to be able to use the authorization popup screen. In the picture above you can see that I've used http://localhost as my base application URI.
After pushing the "Create" button you get a popup window with your clients credentials.
We will need the Client ID (and optionally Client secret) later to use with our application
Run Assistant Application
Before starting the application we need to set up some environment variables. The basic functionality of the application such as query flights and airport amenities requires only BASE_URL which points application to the retrieval service. We can get it using the gcloud command .
In the VM SSH session execute:
export BASE_URL=$(gcloud run services list --filter="(retrieval-service)" --format="value(URL)")
Expected output (redacted):
student@instance-1:~/genai-databases-retrieval-app/llm_demo$ export BASE_URL=$(gcloud run services list --filter="(retrieval-service)" --format="value(URL)")
To use more advanced capabilities of the application like booking and changing flights we need to sign-in to the application using our Google account and for that purpose we need to provide CLIENT_ID environment variable using the OAuth client ID from the Prepare Client ID chapter:
export CLIENT_ID=215....apps.googleusercontent.com
Expected output (redacted):
student@instance-1:~/genai-databases-retrieval-app/llm_demo$ export CLIENT_ID=215....apps.googleusercontent.com
And now we can run our application:
python run_app.py
Expected output:
student@instance-1:~/genai-databases-retrieval-app/llm_demo$ python main.py INFO: Started server process [28565] INFO: Waiting for application startup. INFO: Application startup complete. INFO: Uvicorn running on http://0.0.0.0:8081 (Press CTRL+C to quit)
Connect to the Application
You have several ways to connect to the application running on the VM. For example you can open port 8081 on the VM using firewall rules in the VPC or create a load balancer with public IP. Here we are going to use a SSH tunnel to the VM translating the local port 8080 to the VM port 8081.
Connecting From Local Machine
When we want to connect from a local machine we need to run a SSH tunnel. It can be done using gcloud compute ssh:
gcloud compute ssh instance-1 --zone=us-central1-a -- -L 8081:localhost:8081
Expected output:
student-macbookpro:~ student$ gcloud compute ssh instance-1 --zone=us-central1-a -- -L 8080:localhost:8081 Warning: Permanently added 'compute.7064281075337367021' (ED25519) to the list of known hosts. Linux instance-1.us-central1-c.c.gleb-test-001.internal 6.1.0-21-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1 (2024-05-03) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. student@instance-1:~$
Now we can open the browser and use http://localhost:8081 to connect to our application. We should see the application screen.
Connecting From Cloud Shell
Alternatively we can use cloud shell to connect. Open another Cloud Shell tab using the sign "+" at the top.
In the new cloud shell tab start the tunnel to your VM by executing the gcloud command:
gcloud compute ssh instance-1 --zone=us-central1-a -- -L 8080:localhost:8081
It will show an error "Cannot assign requested address" - please ignore it.
Here is the expected output:
student@cloudshell:~ gcloud compute ssh instance-1 --zone=us-central1-a -- -L 8080:localhost:8081 bind [::1]:8081: Cannot assign requested address inux instance-1.us-central1-a.c.gleb-codelive-01.internal 6.1.0-21-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1 (2024-05-03) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Sat May 25 19:15:46 2024 from 35.243.235.73 student@instance-1:~$
It opens port 8080 on your cloud shell which can be used for the "Web preview".
Click on the "Web preview" button on the right top of your Cloud Shell and from the drop down menu and choose "Preview on port 8080".
It opens a new tab in your web browser with the application interface. You should be able to see the "Cymbal Air Customer Service Assistant" page. In the address bar of the page we see the URI to the preview page. We need to remove the part "/?authuser=0&redirectedPreviously=true" at the end
And use the first part of URI like "https://8080-cs-35704030349-default.cs-us-east1-vpcf.cloudshell.dev/" is to be left in the browser window and to provide as the "Authorized JavaScript origins" and "Authorized redirect URIs" for our credentials created in the "Prepare Client ID" chapter replacing or adding to the originally provided http://localhost:8080 values. The upper value would look like "https://8080-cs-35704030349-default.cs-us-east1-vpcf.cloudshell.dev" and the lower one would be "https://8080-cs-35704030349-default.cs-us-east1-vpcf.cloudshell.dev/login/google"
Sign into the Application
When everything is set up and your application is open, we can use the "Sign in" button at the top right of our application screen to provide our credentials. That is optional and required only if you want to try booking functionality of the application.
It will open a pop-up window where we can choose our credentials.
After signing in the application is ready and you can start to post your requests into the field at the bottom of the window.
This demo showcases the Cymbal Air customer service assistant. Cymbal Air is a fictional passenger airline. The assistant is an AI chatbot that helps travelers to manage flights and look up information about Cymbal Air's hub at San Francisco International Airport (SFO).
Without signing in (without CLIENT_ID) it can help answer users questions like:
When is the next flight to Denver?
Are there any luxury shops around gate C28?
Where can I get coffee near gate A6?
Where can I buy a gift?
Please book flight to Denver departing at 10:35am
When you are signed in to the application, you can try other capabilities like booking flights or checking if the seat assigned to you is a window or aisle seat.
The application uses the latest Google foundation models to generate responses and augment it by information about flights and amenities from the operational Cloud SQL database. You can read more about this demo application on the Github page of the project.
9. Clean up environment
When all tasks are completed, we can clean up our environment.
Delete Cloud Run Service
In Cloud Shell execute:
gcloud run services delete retrieval-service --region us-central1
Expected console output:
student@cloudshell:~ (gleb-test-short-004)$ gcloud run services delete retrieval-service --region us-central1 Service [retrieval-service] will be deleted. Do you want to continue (Y/n)? Y Deleting [retrieval-service]...done. Deleted service [retrieval-service].
Delete the Service Account for cloud run service
In Cloud Shell execute:
PROJECT_ID=$(gcloud config get-value project)
gcloud iam service-accounts delete retrieval-identity@$PROJECT_ID.iam.gserviceaccount.com --quiet
Expected console output:
student@cloudshell:~ (gleb-test-short-004)$ PROJECT_ID=$(gcloud config get-value project) Your active configuration is: [cloudshell-222] student@cloudshell:~ (gleb-test-short-004)$ gcloud iam service-accounts delete retrieval-identity@$PROJECT_ID.iam.gserviceaccount.com --quiet deleted service account [retrieval-identity@gleb-test-short-004.iam.gserviceaccount.com] student@cloudshell:~ (gleb-test-short-004)$
Delete the Cloud SQL instance
Destroy the Cloud SQL instance when you are done with the lab
In the cloud shell define the project and environment variables if you've been disconnected and all the previous settings are lost:
export INSTANCE_NAME=my-cloudsql-instance
export PROJECT_ID=$(gcloud config get-value project)
Delete the instance:
gcloud sql instances delete $INSTANCE_NAME --project=$PROJECT_ID
Expected console output:
student@cloudshell:~$ gcloud sql instances delete $INSTANCE_NAME --project=$PROJECT_ID All of the instance data will be lost when the instance is deleted. Do you want to continue (Y/n)? y Deleting Cloud SQL instance...done. Deleted [https://sandbox.googleapis.com/v1beta4/projects/test-project-001-402417/instances/my-cloudsql-instance].
Now we can destroy our VM
Delete GCE VM
In Cloud Shell execute:
export GCEVM=instance-1
export ZONE=us-central1-a
gcloud compute instances delete $GCEVM \
--zone=$ZONE \
--quiet
Expected console output:
student@cloudshell:~ (test-project-001-402417)$ export GCEVM=instance-1
export ZONE=us-central1-a
gcloud compute instances delete $GCEVM \
--zone=$ZONE \
--quiet
Deleted
Delete the Service Account for GCE VM and The Retrieval service
In Cloud Shell execute:
PROJECT_ID=$(gcloud config get-value project)
gcloud iam service-accounts delete compute-aip@$PROJECT_ID.iam.gserviceaccount.com --quiet
Expected console output:
student@cloudshell:~ (gleb-test-short-004)$ PROJECT_ID=$(gcloud config get-value project) gcloud iam service-accounts delete compute-aip@$PROJECT_ID.iam.gserviceaccount.com --quiet Your active configuration is: [cloudshell-222] deleted service account [compute-aip@gleb-test-short-004.iam.gserviceaccount.com] student@cloudshell:~ (gleb-test-short-004)$
10. Congratulations
Congratulations for completing the codelab.
What we've covered
- How to create a Cloud SQL instance
- How to connect to the Cloud SQL instance
- How to configure and deploy GenAI Databases Retrieval Service
- How to deploy a sample application using the deployed service