I have created AWS ElastiCache redis server and configured with EC2 instance, but somehow I am not able to connect Redis via EC2 instance.
I have assigned the same security group as well.
here is my configuration
Error I am facing is Redis::CannotConnectError: Error connecting to Redis on some-prod.dhgdjw.0001.usw2.cache.amazonaws.com:6379 (Redis::TimeoutError)
Any help will be highly appreciated.
As you mention the same security group where you do not need such a setting. You Redis SG should be different it just suggestion as you need it on your local VPC.
Verify Few things...
Go you ElastiCache Dashboard
Select the Redis and click on the cluster then click on modify
then you will see security group attach with this Cluster You can attach one or many group with this cluster.
click on the edit icon and verify does it allow trafic on 6379 from 10.0.0.1/16 If instance and redis in same VPC, if not then allow public IP of instance in redis SG.
and you can allow also your public IP to check if it accessible. Install redis-client and try this command.
redis-cli -h some-prod.dhgdjw.0001.usw2.cache.amazonaws.com ping
PONG
If ping pong working its mean SG allow traffic.
Related
I have an RDS PSQL Database which is open to all connections as shown in the screenshot attached below and it is also in the same VPC as my EKS Cluster which is also visible.
I am running a rails app in my EKS cluster and trying to create a Database and have already set my RDS Cluster end-point in Environment Variables.
Command I am using: kubectl exec -it pod/app-b65785bd5-r8mpj -- bundle exec rails db:create
Both EKS CLuster and RDS are in the same VPC vpc-0f9737b08c3269c4d and I also White-listed the EKS Cluster IP Address in the Security Group of RDS Cluster Database following is the error I am getting.
Error Screenshot
RDS Database Screenshot
RDS Security Group In-bound Rules
RDS Security Group Out-bound Rules
Given that your RDS hostname resolved to 10.0.2.75 most likely your VPC CIDR range is 10/16. Modify inbound rules in your DB SG to allow traffic from 10.0.0.0/16
Database service is running in specific org and space. Two apps are bound to this DB service.
To apply liquibase change from Jenkins to DB service, we need JDBC connection between Jenkins and bosh instance.
Jenkins is outside PCF
How to retrieve IP address of Database service host?
How to retrieve IP address of Database service host?
Load the hostname from VCAP_SERVICES and then resolve it. You can use jq to read VCAP_SERVICES and pull out the hostname. You can then use dig <hostname> or host <hostname> to resolve the hostname. Then you have the IP.
If you're trying to access a service from outside CF, make sure that you have network and firewall access to said service. Network access is often restricted/blocked outside of the CF environment.
Hope that helps!
can i ping one workload from other workload by workloadname?
I accustomed on rancher 1.0, where if i created stack with more conteiner so i can ping one from other conteiner by name.
for example: I have api and database and I need api to communicate with databases. When i click on execute shell on api and write "ping database", so not working.
I write connection string to database in api environmental variable.
And YES i can create database and take database ip a write it to ENV, but this ip will change after each restart.
It's possible to call by some not generate name?
thanks
EDIT:
Service discovery:
Shell:
As you see, so translate database name is work. Only ping database container not working.
To communicate between services you can communicate with cluster IP or with Service Name.
Using the ServiceName will be easier.
The service discovery add a DNS for each of your service. So if you have api, app and database you will have a DNS entry for each of those services.
So within your services, you can refer directly to the DNS.
Example: To connect in JDBC to a schema name test in your database, you would do something like this:
jdbc:mysql://database/test
see:
https://rancher.com/docs/rancher/v2.x/en/k8s-in-rancher/service-discovery/
If you want to know the clusterIP of you services you can run this command: kubectl get services --all-namespaces
Edit 1: Adding ClusterIP as a way to communicate with a service.
Kubernetes Service IP is implemented using "iptables" on the linux hosts which are part of the cluster. If you examine those rules closely, ONLY the port specified as part of the Service is exposed, not the ICMP port, which means, one cannot ping the Service IP addresses by default. But you would still be able to communicate with the Service on the designated port.
We've got a service (java-based) and mysql both running as ECS services. The service wants to communicate to a mysql database through a network ELB.
When our service and the mysql database are running on the same EC2 instance, it can't connect to the mysql database. I can reproduce this using telnet - if I telnet to the mysql database through the ELB from another computer I can connect, but if I ssh to the EC2 instance that mysql is running on and then try to telnet to it through the ELB, it just hangs.
What's going on?
If an instance needs to connect to itself via a network load balancer I think the only way to get it to work is to disable client IP preservation on the load balancer target group.
From https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-troubleshooting.html
Check whether client IP preservation is enabled on your target group.
Load balancers with client IP preservation enabled do not support
hairpinning or loopback. If an instance is a client of a load balancer
that it's registered with, and it has client IP preservation enabled,
the connection succeeds only if the request is routed to a different
instance. Otherwise, the source and destination IP addresses are the
same and the connection times out.
If an instance must send requests to a load balancer that it's
registered with, do one of the following:
Disable client IP preservation.
Ensure that containers that must communicate, are on different
container instances.
How would I go about connecting to a database that can only be accessed through an ssh tunnel to an ec2 instance. The current route would be:
My ubuntu laptop -> ec2 instance -> postgres database server
I have complete control over the ec2 instance.
I only have access to port 5432 of the remote database server via the ec2 instance. It lives on a different server.
I have been accessing the database using the terminal but would prefer to be lazy and use something like pgAdmin or RazorSQL. I am assuming I can do an ssh tunnel to my ec2 instance, then some sort of port forward to the database server but I haven’t been able to get beyond the ssh tunnel.
A double hop ssh tunnel will not work because I don’t have ssh access to the DB server.
Thanks!
You want to do something like this - where ec2-dbserver is your database server (inside EC2), and ec2-host is the host that you can ssh2.
You should then be able to point pgadmin-III to localhost:5432
ssh -L 5432:ec2-dbserver:5432 user#ec2-host