I have an ELB for an Elastic Beanstalk.
I want to allow an incoming port from an EC2 instance resides in other subnet.
Currently I allowed 0.0.0.0/0.
I want it removed from my rules. How can I do that?
It would depend on your CIDR block of the other subnet, but you can change the rule to contain the mask of your subnet.
e.g. if your CIDR was 10.0.0.0/16 (allowing 10.0.0.0 - 10.0.1.254) then you could set it to be:
10.0.0.0/16 or if you only wanted the range within a particular subnet (say 10.0.1.0 - 10.0.1.154) then you would set it to 10.0.1.0/24
Related
Some of my machines (RPi or ntb for example) have multiple interfaces and multiple IP addresses assigned. Not all interfaces are always available (for example the ntb on my lap is connected to wifi, if I take it to my desk I plug it into the dockstation and it connects by wire).
Is there an option in the inventory to assign multiple IP addresses to one guest?
So far, I'm doing it by introducing two guests:
[ntb]
ntb-w ansible_host=10.0.0.50 ansible_ssh_user=user
ntb-c ansible_host=10.0.0.21 ansible_ssh_user=user
But that's not optimal. As for the ntb I get an unavailable error message (the interface is switched), but the RPi has both interfaces active and this then causes a double connection.
I'd like to configure something like that:
[ntb]
ntb ansible_host=[10.0.0.50,10.0.0.21] ansible_ssh_user=user
The first active interface would be used, and only when all interfaces are exhausted would the guest unavailability be reported. That would be great.
I have one IP say 192.168.20.1/23. I want to get the gateway from this IP, which I know would be the first IP in given network.
How can I achieve this through the shell script? The network and CIDR are keep going to change.
I would like to have two Eleasticsearch instances in different machines accessible from the same Kibana instance.
Something like this:
Do you know how could I do it?
My first idea is to create a cluster with two nodes, how could I create a cluster with nodes with different machines?
Which parameter should I change from Elasticsearch config file ?
ElasticSearch contains Discovery Module:
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-discovery.html
by default Multicast discovery is used. This means ES will be searching across your network any another ES instances ( in common terms). You can read more about of discovery types supported in article above.
Also you can manually specify hosts, that should be in a cluster:
discovery.zen.ping.multicast.enabled: false
discovery.zen.ping.unicast.hosts: [ "host1:9300", "host2:9300" ... ]
You have to define
discovery.zen.ping.unicast.hosts: ["192.168.45.21", "192.168.45.22"]
An example is described here
Detailed configuration info should be here
ElasticSearch open port 9300 for node-to-node communication, and every machine in the same network with same cluster.name can auto join this cluster?
I doubt is it safe to allow every node to join?
If not, do I need to set network.host to a fixed ip address? Or is there a better way?
It really depends on the networking stack of your nodes and how you interact with your cluster. If they are all running on a local network, inaccessible from the outside, then in general, allow other nodes to join freely is OK since it means someone from inside your network is trying to join.
However, if your nodes have a public IP address, it's a good idea to change the default ports used, disable Zen multicast discovery, and give each node a list of the other nodes that are allowed to communicate with it.
Straight from the elasticsearch.yml file :
# 1. Disable multicast discovery (enabled by default):
#
discovery.zen.ping.multicast.enabled: false
#
# 2. Configure an initial list of master nodes in the cluster
# to perform discovery when new nodes (master or data) are started:
#
discovery.zen.ping.unicast.hosts: ["enter_ip_here","enter_other_ip:port","etc..."]
Note that these settings needs to be the same on all nodes (except for the list of hosts obviously) and a restart of the node is required for these to be taken into account.
Also, you can indeed set the network.host to a fixed IP. This IP should be the one appearing in the list of discovery.zen.ping.unicast.hosts.
If you have one instance, and auto scaling needs to create one more, then you have two instances. But when auto scaling wants to remove one because it's not needed, the new or the old one can be removed.
So, the instance I had with the Elastic IP now it's removed ...
How can I apply a Elastic IP always to one of the instances of a auto scaling activity ?
Thank you
Hmm.. You could have a small code that checks if the ip is available, and will attached to one of your instance. You can write it such as when the instance is launch it automatically attached that Elastic IP to itself if that IP is available.
You could create 2x scaling groups as described here.