Let me explain my use-case here,
I wanted to give a try to vault in my local, so I configured VAULT_ADDR as:
$ echo $VAULT_ADDR
http://127.0.0.1:8200
then I started vault in dev mode (vault server -dev) and everything was ok, I was able to connect to the server.
Then I wrote a really simple config file:
$ cat vault.config
backend "inmem" {}
listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = 1
}
disable_mlock = true
and I restarted the server with vault server -config=vault.config, This too worked fine.
Now I want to use vault server which is deployed in remote server (aws ec2 instance). I have changed content my config file to below
backend "inmem" {}
listener "tcp" {
address = "123.456.789.1:8200" (aws ec2 public ip)
tls_disable = 1
}
disable_mlock = true
now this is throwing error
Error checking seal status: Get "http://123.456.789.1:8200/v1/sys/seal-status": dial tcp 123.456.789.1:8200: connect: connection refused'
when i am trying to check connectivity using telnet command, that too failed.
telnet 123.456.789.1 8200
telnet: Unable to connect to remote host: Connection refused
I have opened 8200 port in security group of aws, and both instances are in same vpc. What I am missing here? Any help?
I was able to figure out solution for above issue. Basically I executed below steps.
First I started vault server in above machine ( '123.456.XXX.X' ) by below command
vault server -dev -dev-listen-address="123.456.789.1:8200"
here 123.456.789.1 --> This is private IP of my ec2 instance, where my vault server is running.
Next, In my source machine (the one from which i am invoking vault server in 123.456.XXX.X ), I set below parameters
export VAULT_ADDR='http://123.456.789.1:8200'
export VAULT_TOKEN='*****************'
Now when I am trying to do telnet to 123.456.XXX.X server, it is working as expected
telnet 123.456.789.1 8200
output
Trying 123.456.789.1...
Connected to 123.456.789.1.
Escape character is '^]'.
I had the same problem
I was trying to reach my remote vault server this helps me https://stackoverflow.com/a/67218570/19887897
You just have to start your server like this
vault server -dev -dev-listen-address="0.0.0.0:8200"
Related
How to configure ssh server on jenkins using jump host?
Publish over SSH pluginprovide for a jump host option but not working.
I set up
Hostname : public ip (bastion server ip)
Username : ec2-user
in advance setting
Jump host: private ip (web application deployed server's private ip)
I opened ssh port on my was server. (open jenkins server ip connection)
and test connection result is here.
jenkins.plugins.publish_over.BapPublisherException: Failed to connect and initialize SSH connection. Message: [Failed to connect session for config [private]. Message [java.net.ConnectException: Connection timed out (Connection timed out)]]
How to deploy web application to server which is in private subnet.
There is a jenkins bug that seems to be still open:
https://issues.jenkins.io/browse/JENKINS-56119
I got the same error on testing configuration, but actual job is working over ssh jumphost.
I successfully created a Compute Engine VM instance, and installed MySQL on it using this guide:
https://cloud.google.com/solutions/setup-mysql
Now I want to connect to it from App Engine and from my home too if possible.
Using this guide: https://cloud.google.com/appengine/docs/standard/python/connecting-vpc
I created the connector, giving it the suggested 10.x.x.x/28 IP address.
In my app engine's app.yaml I inserted:
vpc_access_connector:
name: projects/xxxxxxxxxx/locations/europe-west3/conectors/xxxxxx
The VM instance shows an internal IP of 10.x.x.x and an external IP of 34.x.x.x
I am trying to connect from PHP using this line:
new mysqli($servername, $username, $password, $dbname, 3306, null);
but I get different errors.
When connecting to 34.x.x.x from my home:
mysqli::__construct(): (HY000/2002): No connection could be made because the target machine actively refused it.
(I even created a Firewall rule to allow all traffic from my home IP)
When connecting to10.x.x.x from app engine:
2002: Connection timed out
When connecting to 10.x.x.x from app engine:
2002: Connection refused
How can I make a connection?
My first guess is that the service inside the instance is not up and running, check if the service of MySQL is running and listening, you can try this by doing a nmap test vs. the public IP of your MySQL VM instance nmap 34.0.0.0. You should see something like this (if you are using the standard port):
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http
443/tcp closed https
3306/tcp open mysql
Remember that there are two firewalls you need to take care of on GCP, (VPC firewall & OS firewall). So if you are not able to see this port start the SQL service by connecting into your VM instance and typing sudo systemctl start mysql, now run again nmap 34.0.0.0 and you should see the service.
To connect from App Engine to MySQL on Compute Engine VM instance just follow this other guide .
To connect from your home It will be better for you to connect to the instance via SSH and then to access your database, or you can keep connecting by a VPN to access it with the internal IP address if you need to connect directly to the socket, just take care to avoid hitting the limitations or missing something like IAM roles and permission needed for this connection.
I am installing the ELK stack on an EC2 instance. I think my install was successful, but I can't load Kibana in my web browser. I think there are issues with my network setting but I am new to aws and I am not sure.
When I run
curl localhost:5601
I get
<script>var hashRoute = '/app/kibana';
var defaultRoute = '/app/kibana';
var hash = window.location.hash;
if (hash.length) {
window.location = hashRoute + hash;
} else {
window.location = defaultRoute;
}</script>
When I then run this command on my instance ip
curl 174.129.93.100:5601
I get this, but I can ping successfully
curl: (7) Failed to connect to 174.129.93.100 port 5601: Connection refused”
I've had this problem for like a week and really need help solving it.
Well, the port in security group is open as it says Connection Refused. Either the service is not running on the designated port or it is listening on localhost only.
In the kibana configuration, change from localhost or 127.0.0.1 to Private IP of the EC2 Instance and restart the service.
Check this link: https://www.elastic.co/guide/en/kibana/4.5/kibana-server-properties.html
I launched two Ubuntu free-tier servers in different regions on AWS. I was ping one server to another server but it displayed one error message that was connection timed out.can you please fix the problem as soon as possible.
This is the error:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ubuntu/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Permission denied (publickey).
172.31.94.158 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 172.31.94.158 port 22: Connection timed out\r\n",
"unreachable": true
}
I tried below commands
1.ssh-copy-id ubuntu#172.31.94.158
2.sudo ansible webserver -m ping
the simplest way would be open port 22 on security group attached to the server for public IP of another server which it wants to connect.
if its simple test server and you want to check ssh connectivity for short duration and willing to delete server as soon as the test is done. then you can open ssh port publicly "highly insecure"
I am following the Django sample for GAE and have problem to connect to Cloud SQL instance by Proxy from Google Cloud Shell. Possibly related to permission setting since I see the request not authorized,
Other context,
"gcloud beta sql connect auth-instance --user=root" has no problem to connect.
I have a service account for SQL Proxy Client.
I possibly miss something. Could someone please shed some light? Thanks in advance.
Thanks in advance.
Proxy log:
./cloud_sql_proxy -instances=auth-158903:asia-east1:auth-instance=tcp:3306
2017/02/17 14:00:59 Listening on 127.0.0.1:3306 for auth-158903:asia-east1:auth-instance
2017/02/17 14:00:59 Ready for new connections
2017/02/17 14:01:07 New connection for "auth-158903:asia-east1:auth-instance"
2017/02/17 14:03:16 couldn't connect to "auth-158903:asia-east1:auth-instance": dial tcp 107.167.191.26:3307: getsockopt: connection timed out
Client Log:
mysql -u root -p --host 127.0.0.1
Enter password:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
I also try with credential file but still no luck,
./cloud_sql_proxy -instances=auth-158903:asia-east1:auth-instance=tcp:3306 -credential_file=Auth-2eede8ae0d0b.jason
2017/02/17 14:21:36 using credential file for authentication; email=sql-proxy-client#auth-158903.iam.gserviceaccount.com
2017/02/17 14:21:36 Listening on 127.0.0.1:3306 for auth-158903:asia-east1:auth-instance
2017/02/17 14:21:36 Ready for new connections
2017/02/17 14:21:46 New connection for "auth-158903:asia-east1:auth-instance"
2017/02/17 14:21:48 couldn't connect to "auth-158903:asia-east1:auth-instance": ensure that the account has access to "auth-158903:asia-east1:auth-instance" (and make sure there's no typo in that name). Error during get instance auth-158903:asia-east1:auth-instance: googleapi: **Error 403: The client is not authorized to make this request., notAuthorized**
I can reproduce this issue exactly if I only give my service account "Cloud SQL Client" IAM role. When I give my service account the "Cloud SQL Viewer" role as well, it can then connect. I suggest you try this and see if it helps.
It looks like a network connectivity issue.
Read this carefully if you use a private IP :
https://cloud.google.com/sql/docs/mysql/private-ip
Note that the Cloud SQL instance is in a Google managed network and the proxy is meant to be used to simplify connections to the DB within the VPC network.
In short: running cloud-sql-proxy from a local machine will not work, because it's not in the VPC network. It should work from a Compute Engine VM that is connected to the same VPC as the DB.
What I usually do as a workaround is use gcloud ssh from a local machine and port forward over a small VM in compute engine, like:
gcloud beta compute ssh --zone "europe-north1-b" "instance-1" --project "my-project" -- -L 3306:cloud_sql_server_ip:3306
Then you can connect to localhost:3306 (make sure nothing else is running or change first port number to one that is free locally)
The Cloud SQL proxy uses port 3307 instead of the more usual MySQL port 3306. This is because it uses TLS in a different way and has different IP ACLs. As a consequence, firewalls that allow MySQL traffic won't allow Cloud SQL proxy by default.
Take a look and see if you have a firewall on your network that blocks port 3307. To use Cloud SQL proxy, authorize this port for outbound connections.