I'm new in YugaByte. It's really great for scaling purpose.
I've created a 3 node cluster in AWS EC2. It's running fine and status is also proper. But when I'm trying to access the Admin UI for the YB-TServer and Master from my local machine using the EC2 instance public IP, it's unable to reach. How to configure the admin ui access binding?
TServer URL: http://EC2-IP:9000
Master URL: http://EC2-IP:7000
Can you confirm that you have allowed the 7000/9000 ports for external access via AWS Admin Console? Documentation is here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html
Related
I am developing an application to learn AWS. I am using react and nodejs as a backend. I created AWS RDS Postgresql database and able to connect to it using pgadmin, and nodejs on a local host( I assume it is connected bc pgAdmin shows 2 connections when localhost port is running). Using pgAdmin I am able to create tables and put data into the tables using SQL queries.
However, I am NOT able to make Post or Get requests from the database using react and/or nodejs with proxy and without proxy. It seems that it does not allow it to bc of security issues? I also set the security group to public and All Access.
Is it possible to make a Post request and a Get request to the database from localhost with proxy or without? So far it either gives me 404 Not Found or ERR_Connection Refused.
If not, then how one develops an application using AWS RDS on one's own computer?
I had similar issues using mySQL. This solved my issue.
By default AWS does not allow other services outside it's VPC connect to db instances. to enable remote access,
Go to your RDS tab and click on the db instance
Under security, click on Vpc security group (click on the one with active beneath it)
You should be on another page now. The security group should be selected by default.
Click on the Actions dropdown menu and click on Edit Inbound rules
Add a new rule. type should be All traffic, source should be custom, then you can enter the IP address of your local machine. you can select anywhere if you're not sure what you IP is or if your IP is not static.
I have developed a SaaS app using MEAN that is working perfect on my local machines and server now I have deploy my app on AWS EC2 instance.
now I have problem with my server whenever I request with big data query my ec2 instance / server stop I cannot access it from putty or FileZilla.
Should I use other hosting service or there is my app infrastructure problem?
(sorry for bad English)
It seems like your EC2 instance is out of resources, hence not responding to the Putty/FileZilla apps.
You may check the CPU% on the monitoring tab in EC2 console, or via CloudWatch.
Also, You may install and configure CloudWatchAgent on your instance to get improved logging of RAM and also application logs.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Install-CloudWatch-Agent.html
If the problems is resources (CPU, RAM, Disk), You can change your instance type to a more appropriate one.
BTW, instead of using Putty/FileZilla, you can connect with you instance via the connect tab or session manager (see attached image). Right click on the instance name, and choose "connect".
I use Amazon EC2 to host some web sites and databases.
I have a new developer joining me tomorrow.
If I create an IAM User, and attach the "AmazonEC2FullAccess - arn:aws:iam::aws:policy/AmazonEC2FullAccess- Provides full access to Amazon EC2 via the AWS Management Console.) policy to him,
will he be able to access secrets stored inside the linux ec2 instances created in the past. Basically, does this policy somehow allow access to pre-created linux instances.
EDIT: what if he/ she attempts a disk recovery procedure? for example, mount the disk of a vm in a new ec2 instance
When you give AmazonEC2FullAccess access to the user he will be able to see all the EC2 instances in the AWS account. Even if you don't provide him the key to pre-created EC2 instances he will be able to take AMI of the pre created EC2 instance and launch it with a new key and get access to that instance.
He can also do disk recovery procedure as in you mentioned in your use case. So you have some of the below options.
Do not provide AmazonEC2FullAccess ask him what specification he needs for the server and launch the EC2 as per the specification and provide him ssh jailed user access to that EC2 instance.
Set up cloud trail so that you can monitor the resources created by that user for any suspicious activity https://aws.amazon.com/cloudtrail/
Third option is as you mentioned he is developer just provide him deployment and git access to the application running on the EC2 instance.
The IAM role only gives someone access to the AWS EC2 API, where you can do things like create new instances, shutdown existing instances, etc. This does not give someone access to login to any EC2 servers. For that you would need to give someone the SSH key (for Linux) or password (for Windows) that was setup when the server was created.
I'm trying to deploy a simple WordPress example (WordPress & MySQL DB) on Microsofts new Azure Container Service with Mesos & Marathon as the underlying orchestration platform. I already ran this on the services offered by Google (Kubernetes) and Amazon (ECS) and thought it would be an easy task on ACS as well.
I have my Mesos cluster deployed and everything is up and running. Deploying the MySQL container isn't a problem either, but when I deploy my WordPress container I can't get a connection to my MySQL container. I think this might be because MySQL runs on a different Mesos agent?
What I tried so far:
Using the Mesos DNS to get ahold of the MySQL container host (for now I don't really care which container I get ahold of). I set the WORDPRESS_DB_HOST environment var to mysql.marathon.mesos and specified the host of MySQL container as suggested here.
I created a new rule for the Agent Load Balancer and a Probe for port 3306 in Azure itself, this worked but seems like a very complicated way to achieve something so simple. In Kubernetes and ECS links can be simply defined by using the container name as hostname.
An other question that came up, what difference is their in Marathon between setting the Port in the Port Mappings Section and in the Optional Settings section. (See screenshot attached)
Update: If I ssh into the master node than I can dig by using mysql.marathon.mesos, how ever I can't get a connection to work from within an other container (in my case the wordpress container).
So there are essentially two questions here: one around stateful services on Marathon, the other around port management. Let me first clarify that neither has to do anything with Azure or ACS in the first place, they are both Marathon-related.
Q1: Stateful services
Depending on your requirements (development/testing or prod) you can either use Marathon's persistent volumes feature (simple but no automatic failover/HA for the data) or, since you are on Azure, a robust solution like I showed here (essentially mounting a file share).
Q2: Ports
The port mapping you see in the Marathon UI screen shot is only relevant if you launch a Docker image and want to explicitly map container ports to host ports in BRIDGE mode, see the docs for details.
I have AWS EC2 with Ubuntu instance. I successfully setup ssh access and I am able to login via ssh console. I installed NodeJS and one simple NodeJS application. Successfully start it by node server.js and when executing curl http://localhost:8080 I can confirm application is up and running. My only issue is that I am not able to access it using provided public IP by AWS.
I can see my public IP from AWS console, and I thought it should be enough to type:
http://aws-public-ip:8080 and it should load the application. It seams I am wrong since I don't obtain access to my app.
Any hints would be appreciated.
Actually I found the answer by myself - I had to edit security group rule and just add rule for corresponding port. By default security group created when you create your instance has only one incoming rule for port 22.