I have a project where I need to load data into a mysql database. I need to whitelist an IP address in order to do the insertion and I was planning on using Azure container instances to load data into the database. But, Azure containers change their ip after every run. So are you able to bind a static outbound public ip address to containers? I do not want to use azure firewall gateway since that's too expensive and while I got the process working on a linux vm, a container would suit my needs better since I just need to run a script several times a day.
Related
I have created Virtual Network and connected API Management to Virtual Network.
I am thinking to host my REST API in Azure Container Instances in my VNET and then expose those API in Azure API Management by configuring IP Address of Azure Container Instance REST API into Azure API Management web service url.
I have one doubt, if this is right way of doing it.
I am wondering if Azure Container Instance gets restarted and if IP Address will change, then my API exposed in API Mangament will be broken. Does IP Address gets changed if Azure Container Instances gets restarted for some reason.
There are some limitations for Azure container instances.
The IP address of a container won't typically change between updates,
but it's not guaranteed to remain the same. As long as the container
group is deployed to the same underlying host, the container group
retains its IP address. Although rare, and while Azure Container
Instances makes every effort to redeploy to the same host, there are
some Azure-internal events that can cause redeployment to a different
host. To mitigate this issue, always use a DNS name label for your
container instances.
Terminated or deleted container groups can't be updated. Once a
container group has stopped (is in the Terminated state) or has been
deleted, the group is deployed as new.
However, It's a rare case that Azure container instances will be redeployed to a different host. Also, if you have a container instance in a VNet, you're unable to directly set a --dns-name-label value and you only could access the instance via its private IP address from the outside world and other container groups. Note: Containers in a group are not discoverable through DNS. They can only be accessed through ‘localhost’, in combination with their exposed ports. You could get more references from More about networking in this blog.
I have an Azure standard internal load balancer inside a VNET that contains several virtual machines. Two of the VMs are not listed as options when I want to add them to a back end pool of the load balancer. They are were created under ARM and not included in any other load balancer pool. They are also in the same VNET that is associated to the backend pool.
If I create a basic load balancer, I can see them and successfully add them to the pool. Is there documentation on the VM requirements that must be met before you can add a VM to a pool within a standard load balancer?
When you add the backend pool, you will see Only VMs in the same region with standard SKU public IP or no public IP can be attached to this load balancer.
In this case, you can randomly disable the public IP address from the virtual machine---network interface---Ip configurations---ipconfig1---disabled---save. Then you can add the desired VMs to backend pool again.
I am wondering if there is a way to setup a static IP address to a virtual machine (VirtualBox) hosted on a GCE VM instance (as a VM host).
I want to run two VirtualBox VMs on my GCE VM instance and I want to access them publicly.
Yes, you can do this, but you should also consider whether you want the additional overhead of running one virtual machine (VirtualBox) inside of another virtual machine (GCE VM). Running directly on GCE VMs would be more efficient and you can easily create/destroy/control these VMs via Google Cloud Platform APIs.
In addition, if you are already using an automation framework for your VirtualBox VMs such as Vagrant, note that Vagrant natively supports GCE VMs, so with a few changes to your configuration, you can use Vagrant to create/modify/connect/destroy your GCE VMs as easily as you would local VirtualBox VMs.
As an alternative to static external IPs, consider also using a domain name mapping to ephemeral external IP(s) of your instance(s). You can use Google Cloud DNS to manage your DNS mappings.
For more info on static external IPs, see the docs:
Static external IP addresses
If you need a static external IP address that is assigned to your project and persists until you explicitly release it, you can reserve a new static external IP address or promote an ephemeral external IP address to a static external IP address. Use gcloud compute with the addresses create command or make a PUT request to the appropriate regional Addresses collection to reserve a static external IP address.
Static external IP addresses assigned to instances are a regional resource and you must select the region where the IP address will belong to when you create the address.
[...]
Restrictions
Static external IP addresses can only be used by one resource at a time. You cannot assign a static external IP address to multiple resources.
There is no way to tell whether an IP address is static or ephemeral after it has been assigned to a resource, except to compare the IP address against the list of static external IP addresses reserved to that project. Use the addresses list sub-command to see a list of static external IP addresses available to the project.
Note that static external IPs also come with some cost:
IP address pricing
Type Price/Hour
Static IP address (assigned but unused) $0.01
Static IP address (assigned and in use) No charge
Ephemeral IP address (attached to instance or forwarding rule) No charge
I solved that issue to in 2 steps:
First delete the current possible ephimeral ip configuration:
gcloud compute instances delete-access-config <instance> --access-config-name "External NAT"
Where <instance> is the name of the instance you want to update, and External NAT is the name of the configuration, which probably has that value because of its the default one. And you can check it running this:
gcloud compute instances describe --zone=us-west1-a
And add the static one
If you want to bind an static address, probably to bind it to a DNS address, execute something like this
gcloud compute instances add-access-config <instance> --access-config-name="External NAT" --address=xxx.xxx.xxx.xxx
Remember to always append the --zone to any gcloud command to avoid any ambiguity. You can get the address from the valid addresses configuration you have in your project, which you can be gotten like this:
gcloud compute addresses list
Dont use the NAME but the ADDRESS. You should pick an address in the same zone of your instance. When the address be attached you will see that in the STATUS field of the last query it will say IN USE.
Et voila!
I have created a cluster with 2 servers and I have developed a sample application. I can access this application from ip address of these servers(10.0.0.3:7002/sample/ and 10.0.0.4:7002/sample/) but I don't know this cluster is working or not. Can I access this web application from a single address? like myclusteraddress:7002/sample/.
You can accomplish this task in two ways...
First Way
You need to create a Load balancer(F5) to the both the servers which automatically manages the traffic and serves the user requests...
Second Way
You have to a dns cutover for that website...it's same as above task almost.
I've migrated a website to Amazon ec2 that hooks into a service we are using that is installed on another server (not on Amazon). Access to the API for that service is IP-restricted and done by sending XML data using *http_build_query* & *stream_context_create* in PHP.
If I want to connect to the service from a new server, I need to ask the vendor to add the new IP first. I did that by sending the Elastic IP to them, but it doesn't work.
While trying to debug, I noticed that the output for $_SERVER['SERVER_ADDR'] is the private IP of the ec2 instance.
I assume that the server on the other side is receiving the same data, so it tries to authenticate the private IP.
I've asked the vendor to allow access from the private IP as well – it's not implemented yet, so I'm not sure if that solves the problem, but as far as I understand the way their API works, it will then try to parse data back to the IP it was contacted from, which shouldn't be possible because the server is outside the Amazon cloud.
I might miss something really obvious here. I added a command to rc.local (running CENT OS on my ec2 instance) that associates the elastic IP to the server upon startup by using ec2-associate-address, and this seemed to help make a MySQL connection to another outside server working, but no luck with the above mentioned API.
To rule out one thing - the API is accessed through HTTPS, with ports 80 and 443 (and a mysql port) enabled in security groups and tested. The domain and SSL are running fine.
Any hint highly appreciated - I searched a lot already, but couldn't find anything useful so far.
It sounds like both IPs (private and elastic) are active in your VM. Check by running ifconfig -a. If that's what's happening then the IP that gets used for external traffic will depend on the remote address and your VM's routing table. It could even vary from one connection to the next.
If that's what's going on then the quickest fix would be to ifconfig down the interface that has the private address. That should leave only the elastic address for all external connections. If that resolves the problem then you can script something that downs the private IP automatically after the elastic IP has been made active, or if the elastic IP will be permanently assigned to this VM and you really don't need the private IP then you can permanently disassociate the private IP from this VM.