I am trying to set up my JMeter master/slave set up on AWS EC2 instances using windows. Out of the box integration didn't work (connection refused errors) and after some investigation I got to know that RMI communication only works if the machines are on same subnet (is this true?). I found this great article and I tried to follow it as is on windows (tried running ssh port forward tunneling via cygwin) but not have any luck. So I was hoping if someone already done this with Windows and can share their experience.
Out of the box integration didn't work (connection refused errors) and
after some investigation I got to know that RMI communication only
works if the machines are on same subnet (is this true?)
It is not necessary. Even if the machines are in a different subnet and addressable via the network, RMI should work. Here make sure the Security Groups and NACLs are properly set so that both EC2 instances can communicate with each other via the network.
You can check whether you can ping(For this you need to enable ICMP in your Security Groups and also make sure other needed ports are opened for RMI) from one EC2 instance to another. If the servers can communicate with each other, then you need to troubleshoot internal firewall configuration in windows EC2 instances.
We have used https://testable.io/ AMI's from the marketplace. It takes care of all configuration and just needs to worry only about testing and the results.
https://aws.amazon.com/marketplace/pp/B073JNTVKP
All our endpoints are secured to certain IP-ranges from testable.io. If you have internal, still you need to setup those security settings.
Hope it helps.
Related
I am testing with the v2 C# payment example.
https://github.com/petespatio/connect-api-examples/tree/master/connect-examples/v2/csharp_payment/PaymentExample
When i run locally everything works properly and i can actually create a payment.
When i try to run on my website (1and1 hosted), i get
error calling charge: unable to connect to the remote server
Does anyone know what has to be done to allow this connection?
Regards
Have you tried pining the server you are connecting to? That's a good place to start. Try:
ping connect.squareup.com
To see if you can connect at all. If you can't ping the server, it might be a firewall issue on your server.
1&1 has information about setting firewall rules on their hardware firewalls for their dedicated linux servers here:
https://help.1and1.com/servers-c37684/dedicated-server-linux-c37687/system-security-c37699
and information on setting firewall rules for their cloud servers here:
https://www.1and1.com/cloud-community/learn/networking/firewall/
Hope this helps!
After installing Tigase on an AWS EC2 instance I keep getting the error message 'connection refused' when I try to connect to it using an xmpp client.
The instance is attached to a security group with rules to allow traffic to the necessary ports (tigase needs 5223 primarily and some others for more exotic features). I've also tried it with rules allowing all traffic to all ports from all sources but I still get the same message.
I've also checked iptables because I noticed some people needed to configure those as well in specific cases, I made sure it allows all connections but still I can't connect to Tigase.
Yes Tigase is running, there are no relevant errors in the Tigase logs
SSH (port 22) and HTTP (port 80) work fine
Enabling ICMP (ping) on all ports works fine
I've tried several xmpp clients, same problem
I've deleted and recreated instances several times
Re-installed Tigase on fresh instances several times with various configuration options
Tried using domain name associated with Elastic IP, normal IP and tried public DNS directly.
Configured the DNS in the way necessary for Tigase as described here
I've looked everywhere and have not been able to find anything to fix this. Networking isn't my main area of expertise and I'd really appreciate any advice.
Wow, in case anyone runs into the same problem in the future, turns out that this was related to the AMI. I was using an Amazon Linux AMI and switched to Ubuntu Server 14.04 LTS. I wish I tried this sooner but I didn't really consider this a possible solution earlier. Apparently Amazon Linux doesn't play well with Tigase.
I had a running instance, and then I became unable to connect to it via http(80) and ssh(22). I tried to reboot the instance, but nothing went up. This has happened to me twice in the past month.
Why does it happen? Can I do anything to fix and/or prevent it from happening?
If I launch a new instance in same region, and it works.
Things to check when trying to connect to an Amazon EC2 instance:
Security Group: Make sure the security group allows inbound access on the desired ports (eg 80, 22) for the appropriate IP address range (eg 0.0.0.0/0). This solves the majority of problems.
Public IP Address: Check that you're using the correct Public IP address for the instance. If the instance is stopped and started, it might receive a new Public IP address (depending on how it has been configured).
VPC Configuration: Accessing an EC2 instance that is launched inside a Virtual Private Cloud (VPC) requires:
An Internet Gateway
A routing table connecting the subnet to the Internet Gateway
NACLs (Network ACLS) that permit through-traffic
If you are able to launch and connect to another instance in the same subnet, then the VPC configuration would appear to be correct.
The other thing to check would be the actual configuration of the operating system on the instance itself. Some software may be affecting the configuration so that the web server / ssh daemon is not working correctly. Of course, that is hard to determine without connecting to the instance.
If you are launching from a standard Amazon Linux AMI, ssh would work correctly anytime. The web server (port 80) would require installation and configuration of software on the instance, which is your responsibility to maintain.
I'm trying to setup a Win2008R2 IIS webfarm on Google Compute Engine.
I've got the machine setup, however when I try to add it to a network load balancer pool, the balancer consistently reports the machine as unhealthy - even if i disable healt checks. I have a single forward rule setup for port 80.
I've tried different size instances in different regions/zones to no avail. Traffic into the load balancer never makes it to my instance, and the instance is always report as unhealthy.
For the firewall I went ahead and added a blanket rule so 0.0.0.0/0 can access all local net services (ICMP;TCP:1-65535; UDP:1-65535) and I've disabled windows firewall.
Anyone have any experience getting this working?
Spoke with google support. "Known issue with windows instances - check back in 6 months." In the mean time, use linux or setup your own NLB within your project.
Strange that it is not working for you. I replicated your situation and I am getting to the machine with no issues. The load balancer is forwarding traffic as expected and it reaches the system who is marked as healthy in the Lb pool.
You may want to add the following rule to the windows firewall with advanced security(make sure you use the "advanced security" one and not the default):
Inbound rule > New port > port 80
Once this is done, from your machine you can curl or telnet to the address while running a netstat on the Windows system and you should see the LB forwarding rule IP making requests :
$ curl IP (locally)
$ netstat (on the windows machine)
Hope this helps !
I will be building a server/client software on Windows, where many machines need to communicate with a Postresql database running on the server. This is C++ software so I will use libpq to connect to the database.
If I do this, will there be issues with the firewall? I'd like to make configuration as easy as possible and not have users open up firewall ports or disable their firewall.
If I do need to open up firewall ports, can I use WCF to get around the issue? Basically send a command to the server using WCF, run the postgresql command locally, and get the result back (I have never used WCF but understand that it can communication using HTTP port 80).
PostgreSQL typically listens on port 5432, which is not open by default in the Windows firewall. But the only machine where the firewall would need to be re-configured is the one where PostgreSQL is running. If you have many client machines, none of them should require firewall changes (unless they have restrictions on outbound traffic, which is rare).
Hope this helps.
You can also configure SSL connections to ensure better security.