Google Cloud managed instance group issue with plesk - google-cloud-platform

I'm losing my mind over this so i thought I would ask about it. I have a VM instance that I was asked to put into managed instance group so that later on we can stuff like load balancing and Cloud armor.
This Vm instance has plesk panel that is configured with a website on it which is configured with a public domain to point to it.
I shut down the vm instance, create an image, then create instance template and finally create the managed instance group. The problem is that the instances that launch will have their internal and external ip addresses different then the original vm obviously so none of them will work until I ssh inside the vm instances and do some repairs like : Plesk repair all and that doesn't fix everything.
Essentially lets say original vm has internal ip : 11.11.11.1 and external ip : 20.20.20.1
when i create the managed instance group the first vm launching from the template will have
internal ip : 11.11.11.2 and external ip 20.20.20.2
but the config for plesk was setup for the first set of ips, so every instance created will be usesless as a webserver till they are fixed
Ive watched a lot of the tutorials on Managed vm instance groups, but none of them solve this issue. I'm trying to create a managed instance group of webservers that will go into a load balancer later.The tutorials online show just some simple start up script with one page being load balanced...
Any help is appreciated.
Thank you

As long as you want to host a single VM in Managed Instance Group, you can create an instance template that is bound to specific internal and/or external IP.
You can follow by analogy this example of creation MIGs with fixed IP addresses:
https://cloud.google.com/vpc/docs/special-configurations#configuring_the_gateways
As I don't know Plesk, please clarify in your question:
whether you need to host more than 1 VM in the group
whether Plask needs to know each individual VM by its both external & internal IP. It seems more natural to point Plesk to the loadbalancer's IP that routes the traffic to one of the VMs in the group.
why the solution with registration in startup-script didn't worked out.

Use :
plesk bin reconfigurator --autoconfigure
place on startup script of instance template

Related

How to deal in AWS routing if we need to use a loopback interface in a EC2 instance

I am relatively new in AWS. I am trying some thing basic like this:
One Ubuntu instance is connected with a vSRX instance. Say Ubuntu instance eth1 ip is like 20.0.0.100 and vSRX corresponding interface ip is 20.0.0.101. Now I want to configure a loopback interface (its a virtual interface) inside the vSRX and assign a ip 99.99.99.99. Obviously this 99… network info is not available with AWS. My question is how can I build that knowledge in aws routing and make sure that to reach 99.99.99.99 go via 20.0.0.101 as next-hop? Is this possible?
Thanks in advance
I was thinking of creating a subnet in my VPC first with 99… network. But I unnecessary so not want to burn larger no of ip. And I believe /32 is not an acceptable CIDR in aws. And my journey stopped here. I am thinking of trying to configure CIDR of 99.99.99.96/29 but after that should I add that as local in route ? How could I specify that to reach 99 series go via a specific ip?

AWS ECS Task can't connect to RDS Database

I'm a newer AWS user and today I got stuck while working on a sample project. I successfully created a docker container that runs a simple R script that connects to my AWS RDS MySQL Database and creates & writes some basic files to it. I built a public ECR repository, pushed my docker image there, and built a ECS cluster & task choosing Fargate and using the container image from my repository. My task ran and I could see the R code being executed when I went through the logs, but it was never able to connect to the SQL Database and exited afterwards.
I've had to whitelist my own IP address in the security group for the RDS Database so that I can connect to it, so I'm aware I probably have to do that for my ECS task to establish that connection too. But won't that IP address constantly change because I won't have a static IP for the Fargate Server that is executing my task? I'm trying to stay on the free tier so I'm not sure I want to setup an elastic IP address for this server.
These 2 articles seem close if not the same issue I'm having but I can't figure out a solution. I haven't found any other info.
https://aws.amazon.com/premiumsupport/knowledge-center/ecs-fargate-task-database-connection/
https://aws.amazon.com/premiumsupport/knowledge-center/ecs-fargate-static-elastic-ip-address/
The end goal is to get this sample project successfully running on a scheduled fixed interval, and then running actual scripts on there to help automate things and make my life easier, so this sample project is a first step towards that. Any help or info on the questions I'm having would be appreciated !
Yes, your task is ephemeral (whether you launch it manually or as part of an ECS service) and its private/public ip address may change over time if it gets replaced. The way you'd make the connectivity rules to stick is to assign a security group to the task (that may have inbound access on a specific port you need I assume and outbound to everything) and assign another security group to the RDS db that has inbound access on port 3306 for the security group you assigned to the task (this is the trick, the SG will not change and you are telling RDS to allow access to ALL traffic coming from that SG). I see the first article you posted doesn't talk about this part (it should).

Google Cloud Compute Engine - Windows VM

I'm somewhat of a noobie to GCP VMs, so please excuse me if this question is a little too basic.
I've recently created 2 VMs - both Windows 2016. The first one, I created without any template, pretty basic. The second one I created using a template that my company had set up. I don't believe that I've done anything significantly different in the creation of the two other than one being from a template and one not. All of the details within the VM seem to match.
The issue I'm having is this:
With the first one (non-template), I was given an external IP, was able to RDP from both the GCP console and the RDP app on my local machine, and I had an internet connection upon connecting.
With the second one (template), I was not given an external IP (it says "none" on the GCP console), I'm unable to RDP through the GCP console (the RDP button is greyed out and doesn't allow me to select it), and I do not have an internet connection upon connecting through the RDP app.
I've tried stopping/starting the VM, but other than that I'm not entirely sure what to do. Does anyone know a possible way to fix this?
If you have created a VM without external IP, in Google Console it rdp (or ssh) button will be grayed out.
When you say you are using templates, are you referring to this?
Probably your instance template doesn't have external IP.
Review your firewal rules:
In your VM details, under Network interfaces you should check Network details (view details). Checkout if the firewall rules for 3389 are there. Also make sure that the Target name you see in the firewall rule is present in the network tags in VM instance details.
To get a remote connection to your VM (without setting up peering or VPN tunnels), you'll need to add an external IP address to your VM so that it can NAT your traffic to your instance.
It looks like the template you used does not have an external IP attached in its settings. You will need to click on the VM instance, then edit the settings, and then expand the 'Network Interfaces' section. Once there, you can choose an ephemeral external IP address assigned to your VM.
Bear in mind, that all of the traffic is enforced by the project firewall-rules, so check that RDP is enabled on your firewall setting. If you do not have firewall rules and using the default network, then the RDP firewall rule will be created for you.

Hosting a web app using GCE managed instance groups

I have NGINX setup on Google Cloud Compute Engine using a managed instance group setup [powered by managed instance templates].
I simulated a cpu load on one of the servers and that spawned a couple of additional servers, each running NGINX.
So what's the best practice for hosting a website using this?
Do I just create an A-record in DNS and point it to the IP address of the original instance [of the group]? Looks like this would be problematic given that the IPs are ephemeral?!
Do I reserve a static IP address [in VPC Network]? I tried to create a static IP address and attach it to the original instance in the group, but when I did that, the said instance went away leaving another spawned instance as the new primary instance?!
Is there some load balancer hidden somewhere that I can point an A-record to?
Managed instance groups seem like a great idea, but would like to know the best way to set it up that will not break unexpectedly in DNS.
You should setup a load balancer to distribute traffic across the instances in your group. To create a load balancer, you'll have to setup several components, instance groups being one of them. Check out this example. This uses unmanaged groups, but you can use managed instead. Once you've setup a load balancer, I would recommend creating a script in a language of your choice (python, JS, bash) that automates this process. I would even go further and write a script to tear down your load balancer.
As far as your domain is concerned, during the setup of your load balancer, you'll have to create static IPv4 and optional IPv6 addresses. You can then create A/AAAA records that point to these addresses. Finally, make sure you wait ~5-20 minutes after you've pointed your A/AAAA records to these ip's before you wonder why it's not working.

Whitelist AWS self in inbound connection

I am deploying a laravel installation in AWS, everything runs perfectly when I allow it to recieve all inbound traffic (EC2>Network&Security>Security Groups>Edit inbound rules.), if I turn off inbound traffic and limit it to an IP it doesnt load the webpage it gives me this error:
PDO Exception SQLSTATE[HY000] [2002] Connection timed out
However for security reasons I dont want this setup like this, I dont want anyone being able to even try to reach my webapp. Everything is being hosted in AWS, I dont have any external entities, its running in RDS and EC2. I added en elastic IP address and whitelisted it, but that didnt work either. I followed every step in this tutorial : http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/php-laravel-tutorial.html#php-laravel-tutorial-generate
Environmental variables are working as well as dependencies, well.. pretty much everything unless I restrict inbound traffic as I mentioned.
How do I whitelist AWS own instance then to make this work with better security?
Thank you!
I think part of this answer is what you may be looking for.
You should enable inbound access from the EC2 security group associated with your EC2 instance, instead of the EC2 IP address.
More than just adding an elastic IP address to your AWS instance you need to do two more things.
Assign the elastic IP to your AWS instance ( yes is not the same as just adding it to the instance, you must specify )
White list the internal IP that it generates once you link it to your app.
?????
Profit