We are currently using Openstack newtown. We can access the API using client on public endpoint from any computer, but the vm don't have access to it, they can ping the IP and dns name but can't curl or access using openstack-client. How can we allow connection from VM to API ?
Assuming your public API endpoint is externally accessible, the network on which your virtual machine resides will need external access. This can be achieved in a few different ways, depending on your current configuration. You can create a Neutron provider network/subnet which will provide access to a physical network and gateway to the outside world. You can then boot your instance directly on the provider network. More information on Neutron provider networks can be found at docs.openstack.org.
The problem is that floating IP don't give the route of my external network.
I add route using neutron and now all is working perfectly. for info the command is:
neutron router-update demo-routeur --routes type=dict list=true destination=192.168.0.27/27,nexthop=10.0.0.1
Related
Can someone let me know if its possible to connect or PING a Databricks Cluster via its public ip address?
For example I have issued the command ping --all-ip-addresses and I get the ip address 10.172.226.115.
I would like to be able to PING that ip address(10.172.226.115) from my on-premise PC (or connect to the cluster with an application using the ip address?
Can someone let me know if that is possible?
That public IP is not guaranteed to be your cluster; unless somehow you've installed Databricks into your own cloud provider account, where you fully control the network routes, it would be connecting to Databricks managed infrastructure where the public ip would likely be an API gateway or router that serves traffic for more than one account
Note: just because you can ping Google DNS with outbound traffic doesn't mean inbound traffic from the internet is even allowed through the firewall
connect to the cluster with an application
I'd suggest using other Databricks support channels (i.e their community forum) to see if that's even possible, but I thought you're just supposed to upload and run code within their ecosystem. At least, for the community plans
Specifically, they have a REST API to submit a remote job from your local system, but if you want to be able to send data back to your local machine, I think you'd have to write and download from DBFS or other cloud filesystem
The use case is the following:
Private network for the GCP project
VPN on the local computer that seems to be blocking SSH connections
A VM that has a webapp to be accessed but we don't want to expose the IP to the public network
What are the best practices to keep it private and to access it eg. with OAuth authentication?
What are the steps to make and to follow?
Appreciate your help with this.
There are several methods in Google Cloud. The second method is the recommended method based upon the requirements in your question.
If the users have defined public IP addresses, use Google Cloud VPC firewall rules to only allow access from approved IP addresses.
Do not assign a static public IP address to the instance. Add an HTTP(S) Load Balancer and enable IAP. Add each user's identity to IAP for identity-based access control.
Additional methods suitable for developers:
My favorite is to use WireGuard (VPN) and use peer-based access control.
I have noticed something strange with my service deployed on GKE and I would like to understand...
When I Launch kubectl get services I can see my service EXTRNAL-IP. Let's say 35.189.192.88. That's the one I use to access my application.
Ben when my application tries to access another external API, the owner of the API sees another IP address from me : 35.205.57.21
Can you explain me why ? And is it possible to make this second IP static ?
Because my app has to access an external API, and the owner of this API filters its access by IP address
Thanks !
The IP address you have on service as EXTERNAL-IP is a load balancer IP address reserved and assigned to your new service and it is only for incoming traffic.
But when your pod is trying to reach any service outside the cluster two scenarios can happen:
The destination API is inside the same VPC, which means that no translation of IP addresses is needed and then on the last version of Kubernetes you will reach the API using the Pod IP address assigned by Kubernetes on the range 10.0.0.0/8.
When the target is outside the VPC you need to reach it using some kind of NAT, in that case, the default gateway for your VPC is used and the NAT applies the IP address of the node where the pod is running.
If you need to have and static IP address in order to whitelist it you need to use a cloud NAT
https://cloud.google.com/nat/docs/overview
I am trying to setup a Kaa cluster with 3 kaa-node servers. I would like to know whether each node (bootstrap service & operations_service) must have its own public IP address? Otherwise the endpoint will not be able to access them?
But I have only one Public IP address & one Domain Name. Each node has it's own local ip address. How can I setup this kaa-cluster?
on each node:
open kaa-node.properties file at /etc/kaa-node/conf directory.
change thrift_host and transport_public_interface properties onto the local IP address.
Then you need to integrate kaa-node with the following services:
Zookeeper, SQL and NoSQL databases.
For more information, refer to the following documentation page.
As alternative, you are able to setup kaa cluster using docker environment. Also, look to the documentation page.
Please, take into account that docker extension is supported from kaa 0.10 version.
I have deployed my ASP.NET WebForms application (Azure Web Role) on Azure virtual network. I have been told by the IAAS team that the subnet which I have used needs Proxy XX.XX.XX.XX:8080 for accessing the application from the internet. If it's a virtual machine I can add proxy xlass, but I am not able to add the proxy class in service configuration file and added it in application web.config, but still it's opening from public internet and not able to connect to RDP.
Please help me with this.
Thanks
RDP wouldn't require a proxy that I'm aware. I imagine you match the same config as mentioned here to set your ACLs (too many images and not enough text to copy here)
http://blogs.msdn.com/b/walterm/archive/2014/04/22/windows-azure-paas-acls-are-here.aspx
If you really are trying access for RDP check out the following. If just web access, the above should work.
http://www.cloudcomputingadmin.com/articles-tutorials/windows-azure/azure-virtual-networks-and-cloud-services-part3.html
As per
https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-rdp-detailed-troubleshoot/
Source 3: Cloud service endpoint and ACL
To eliminate the cloud service endpoint and ACL as being the source of issues or misconfiguration for virtual machines created using the Service Management API, verify that another Azure virtual machine that is in the same cloud service or virtual network can make Remote Desktop connections to your Azure virtual machine.
If you do not have another virtual machine in the same cloud service or virtual network, you can easily create a new one. For more information, see Create a virtual machine running Windows in Azure. Delete the extra virtual machine when you are done with your testing.
If you can create a Remote Desktop connection with a virtual machine in the same cloud service or virtual network, check for these:
The endpoint configuration for Remote Desktop traffic on the target virtual machine. The private TCP port of the endpoint must match the TCP port on which the Remote Desktop Services service on the virtual machine is listening, which by default is 3389.
The ACL for the Remote Desktop traffic endpoint on the target virtual machine. ACLs allow you to specify allowed or denied incoming traffic from the Internet based on its source IP address. Misconfigured ACLs can prevent incoming Remote Desktop traffic to the endpoint. Examine your ACLs to ensure that incoming traffic from your public IP addresses of your proxy or other edge server is allowed. For more information, see What is a Network Access Control List (ACL)?.
To have public internet connectivity into your worker role you need one of the following:
A public IP address (https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-instance-level-public-ip/) associated to the worker role instance (or)
A public endpoint configured to expose a specific port (https://azure.microsoft.com/en-us/documentation/articles/load-balancer-overview/)
If you use Network Security Group, please ensure that you have appropriate ACLs opened up to allow connection from Internet.
Thanks