Is there a way to list all the Mule applications deployed in a VPC in Cloudhub, and their private IP addresses as a report (maybe in Monitoring)? I know the private IP addresses are dynamic and will change, but is there a way to get such a report?
There is no built-in way to do that however you can gather the information together with a script or application. I can give you the high level direction. You need to get the list of applications for each environment associated with the VPC, get the deployment region to confirm that it matches the VPC region (just in case that multi region deployments are enabled) and the status to ensure it is running. You can use CloudHub 1.0 REST API: https://anypoint.mulesoft.com/exchange/portals/anypoint-platform/f1e97bc6-315a-4490-82a7-23abe036327a.anypoint-platform/cloudhub-api/minor/1.0/pages/home/
Then with the resulting list of applications you can query the DNS names used by CloudHub 1.0:
mule-worker-myapp.region.cloudhub.io to get the public IPs
mule-worker-internal-myapp.region.cloudhub.io to get the internal IP inside the VPC
Related
I have a Java application deployed to AppEngine Standard and connects to Cloud SQL via public IP. I was looking at VM instances dashboard and found a set of instances with the following naming pattern and these are alerting for high cpu utilization.
aet-uswest1-mysql--access-{abcd}
The description says "Anthos/GKE and Dataproc VMs are Google-managed and include built-in agents.". These are all e2-micro instances and I could not change the instance type. At first I thought these are the underlying AppEngine instances, but the AppEngine instances I use are F4 class, I think these instances are something else.
What are these instances and how are they used?
Here is the list I see under instances in VM instances dashboard. I can't ssh or manage these instances. (I have randomized the instance names and ip addresses)
Name,Agent,Active Alerts,System Events,Zone,Private IP,Size
aet-uswest1-mysql--access-abcd,Not applicable,0,0,us-west1-a,10.5.0.9,e2-micro
aet-uswest1-mysql--access-efgh,Not applicable,0,0,us-west1-a,10.5.0.12,e2-micro
aet-uswest1-mysql--access-ijkl,Not applicable,0,0,us-west1-b,10.5.0.3,e2-micro
aet-uswest1-mysql--access-mnop,Not applicable,0,0,us-west1-c,10.5.0.7,e2-micro
aet-uswest1-mysql--access-qrst,Not applicable,0,0,us-west1-b,10.5.0.5,e2-micro
aet-uswest1-mysql--access-uvwx,Not applicable,0,0,us-west1-b,10.5.0.10,e2-micro
aet-uswest1-mysql--access-yz01,Not applicable,0,0,us-west1-c,10.5.0.2,e2-micro
aet-uswest1-mysql--access-23df,Not applicable,0,0,us-west1-c,10.5.0.6,e2-micro
aet-uswest1-mysql--access-efef,Not applicable,0,0,us-west1-a,10.5.0.11,e2-micro
aet-uswest1-mysql--access-57sf,Not applicable,0,0,us-west1-b,10.5.0.13,e2-micro
My understanding that AppEngine service was connected to Mysql via public network is incorrect. I found that these instances are related to VPC connector used by AppEngine standard to access MySQL service.
I'm facing a problem with gcloud and their support can't seem to help me.
So, to put my app in prod I need to use a redis instance to host some data. I'm using memorystore because I like to have everything on gcloud.
My app is in the standard environment on app engine so on their doc (https://cloud.google.com/memorystore/docs/redis/connect-redis-instance-standard) they ask me to configure a VPC connector. But I think that the CIDR that I put is always wrong, can someone help me finding the good CIDR.
connectMode: DIRECT_PEERING
createTime: '2020-03-13T17:20:51.590448560Z'
currentLocationId: europe-west1-d
displayName: APP-EPG
host: 10.240.224.179
locationId: europe-west1-d
memorySizeGb: 1
name: projects/*************/locations/europe-west1/instances/app-epg
persistenceIamIdentity: *************
port: 6379
redisVersion: REDIS_4_0
reservedIpRange: 10.240.224.176/29
state: READY
tier: BASIC
Thank you all !
First in order to VPC connector work yor App Engine instances have to be in the same VPC & region that your Redis instance is. If not there will not be connectivity between the two.
Also make sure you redis and app use one of the approved locations. By now it's a lot of them.
Your redis instance is in europe-west1 region so to create your VPC connector you have to set the name of the VPC network your redis instance is in
(for example "default").
IP range you were asking about is any range (not reserved by the network redis instance is in).
So - for example if your "default" network is 10.13.0.0/28 then you have to specify something else like 10.140.0.0/28 etc. It has to be /29 - otherwise you won't be able to create the connector.
Why 10.13.0.0 or any other addresses ? They are going to be assigned as the source network for you apps to connect to the Redis (or any
other VM's) in the specified network.
I've tested it using the command:
cloud compute networks vpc-access connectors create conn2 --network default /
--range 10.13.0.0/28 --region=europe-west1
Or you can do it using console in Serverless VPC Access and clicking "Add new connector";
You can also read documentation on how to create a connector.
Below is my scenario:
I am calling API Management from Logic APP.
I want to restrict IP Address so that only Logic App can call the API Management.
I am using the IP Filter as shown below for the IP Address mentioned here
<ip-filter action="allow | forbid">
<address>40.112.243.160</address>
<address>address</address>
</ip-filter>
But I am not able to figure out the IP Address that's coming in to API Management. Its different than the list of IP Address provided in this link. It starts with 10...*.
Am I missing anything here?
As far as I know, there is a list of outbound IP addresses for Azure Logic App per region. For more details, you can refer to the doc. If you want to avoid other users with the Logic App in the same region to have access to your resource or get a static single IP address, you can further use Azure API Management to act as a reverse proxy for the Logic App. And then use the policy in the APIM as below:
<ip-filter action="allow | forbid">
<address>address</address>
<address-range from="address" to="address" />
</ip-filter>
All logic apps in a region use the same ranges of IP addresses. To support the calls that logic apps directly make with HTTP, HTTP + Swagger, and other HTTP requests, set up your firewall configurations in your APIM so they include these outbound addresses, based on where your logic apps exist:
Here is the list of IP address of Logic App based on the region.
You could use the ip-filter policy filters (allows/denies) calls from specific IP addresses and/or address ranges in your APIM.
Policy statement
<ip-filter action="allow | forbid">
<address>address</address>
<address-range from="address" to="address" />
</ip-filter>
You could get your logic app ip address from this link. Then you could set APIM like:
<ip-filter action="allow">
<address>address1</address>
<address>address2</address>
<address>address3</address>
</ip-filter>
Update:
But I am not able to figure out the IP Address that's coming in to API Management. Its different than the list of IP Address provided in this link.
When you use logic app to call APIM, you could see the X-Forwarded-For attribute in output which is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.
Here is my test snapshot. My logic app location is eastasia and my IP address is 13.75.94.173 which is inside the East Asia Outbound IP of Logic App.
I've a simple webserver bound on 0.0.0.0:3000 on my machine which works as intended on local networks. By local network I mean to say, if my mobile or any other device is on the same network, it can access local webserver by going to the IP assigned to my machine and adding port 3000 to it. Eg 192.168.1.4:3000.
Now I've to expose it to the internet but not through some sort of 3rd party application like ngrok, localtunnel or browserSync. I know that these applications work perfectly, but since I've my own pet project of controlling home appliances, I don't want to rely on availability of 3rd party services. So the current state is, I cannot control it through the internet. Keeping in mind I don't have a static IP otherwise this would've been easier.
I already have a vps and a domain name assigned to it. I can send my currently allocated ip address (since it is dynamic), by using getifaddrs, to my server and keep track of it. But how do I expose my local server to the internet through it? Those 3rd party applications assign some sort of subdomains to each exposed server, and I'll be able to assign subdomains too, but I'm still not getting any way to expose the local webserver. Any help would be appreciated, thankyou :)
Step one, you need to expose your webserver at your internet access router.
Typically this requires you to configure port forwarding for (in your case) port 3000.
With this done, any client could access your service via (current external dynamic ip):3000
Step two, you need to dynamically map a fixed DNS name to your current dynamic ip. There are of course third party services (such as DynDNS) that would help you map yourfavoritename.dyndns.org to that ever-changing ip address.
If you want to do the latter without 3rd party, you need to have some static (web) server somewhere and could proceed as follows:
Clients visit http://www.yourstaticserver.example/ and that server redirects them to (current dynamic ip):3000.
Of course, for this to happen, your static server needs to know the dynamic ip and needs no find out about changes to it.
To this end, you could have your internal server contact the static server on a regular interval (such as once a minute), say, have it access http://www.yourstaticserver.example/some-secret-special-page and the static server always stores the REMOTE_ADDR of such a request (preferably with some authorization!) for its future redirections.
Actually, there is a step zero before step one: Be aware that exposing your server to the Internet means that you expose your server to the Internet. So I hope you have invested enough thought into security.
I have a couple of Centos 6 VMs that I am trying to setup. I assigned static IPs to them but when running ifconfig, I do not see the external IPs, just the internal IPs. Does Google not allow this capability?
In addition to what Anderson said, this is the command to query for the external IP from the instance itself:
curl "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip" -H "Metadata-Flavor: Google"
DHCP only supports requesting a single address. Google Compute Engine returns the internal IP address via DHCP, and maps the external assigned IP addresses to the VM using NAT.
If you want to fetch the assigned IP address from inside the VM, you could query the metadata server for that information.