I am getting introduced into GlanceSync and I have a question about:
What information do I need to synchronise the images to a region?
Do I need to know the IP and port of the glance server?
You only need the credential to upload the image, i.e. user, password,
tenant name, region name and keystone URL.
The address and port of the glance server is obtained from keystone with
the credential: each server is registered as an endpoint of the "image"
service. This is the way OpenStack works.
Take a look to the documentation of FIWARE GlanceSync to get more details about it.
Related
We currently have a Public API to be used by our Business' current and future clients. Due to flexibility purposes and capability for our client's systems to interface with ours, we currently have our MySQL Database IP and Port on Wild Card access so as to not encounter any restricted access issues.
Question is, due to security concerns, would it be possible to restrict the MySQL Database's Server IP and Port to not be accessed directly by third party clients but only via the Public API? My instinct says no, but I don't have much experience in the way of Public APIs nor Public Access.
When an API User sends a query on our database, does it identify it via the API Host's IP (our servers?), or via the Client Computer's IP?
Thanks!
It's considered a bad security risk to expose MySQL's port directly to external clients. MySQL supports TLS but doesn't enforce it by default. So you're at risk of unauthorized clients invading.
For this reason, it's much safer and more recommended to run your own API server, as you mentioned. The API server is the only one allowed to connect to MySQL. Typically network routing is configured to prevent any contact to the database server except from the API server.
MySQL would therefore know nothing about the client's IP address. As far as MySQL is concerned, your API server is the only IP address it knows about.
The client IP address would be known by your API server and http server, and if you have load balancers or firewalls, those too.
The "users" associated with your third-party clients aren't necessarily mapped to distinct users in the MySQL authentication system. Actually, it's more typical that the API server uses a single MySQL user to authenticate all clients. Once connected to the database, your code would look up the client's "user" as a further authentication step. In other words, you would store a table in your own database with user credentials, and you would implement code to check passwords and so on. This is distinct from MySQL's own authentication system.
Alternatively, you could write your API service to use SAML or Oauth2 or equivalent federated authentication. The API service would still need to authenticate to MySQL, but the client's identity would be provided by the Oauth2 authentication.
I cannot figure out how to provide a DNS name to an IP address in Oracle cloud. Did not find a documentation. Went through the portal settings and some CLI documentation around networking. But did not find any.
It is quite straightforward in Azure. As the above screenshot shows.
Can anyone point me in right direction?
The hostname you provide at instance creation along with the subnet domain name becomes the instance's fully qualified domain name (FQDN). You can find more details in this chapter of the documentation: DNS in Your Virtual Cloud Network
In case of the Load Balancer's public IP, you can associate the public IP address with a friendly DNS name through any DNS vendor. You may also create and manage your DNS Zones within OCI Domain Name System, but you still need to register your domain name at a 3rd party DNS vendor. For more details on OCI DNS service, please see the DNS Service documentation.
I'm just learning OSE 3. I'd like to deploy two Node.js Web applications I have created. So I have created a Project with two Node.js deployments, which are now running in their own Pod.
My question is, how are they supposed to communicate ? say for example one application needs to redirect to the other, or include components from the other application.
Should I hardcode the route of each application in a configuration file or so ?
Thanks!
For internal communication between the two services, you can use the name of the service as the host name when making connections. This is possible because the name of the services are added to an internal DNS server so that a host name lookup on the name will yield the correct IP for the service at that time. When the service has multiple pods, an internal IP load balancer will automatically route the request to one of the pods.
For the question about redirects, that seems to suggest you have both services exposed publicly and want to have one service return a HTTP response that redirects the HTTP client to a URL which falls to the other service. What the redirect URL needs to be is going to depend on how you are exposing the services. That is, whether each service is exposed as a different hostname or you have used path based routing of OpenShift to overlay one at a sub URL of the other under the same host.
Either way, you probably want to use an environment variable passed in via the deployment configuration to indicate to the service triggering the redirect, to tell it what the URL prefix is that it needs to redirect to. You would manually set this up. This at least means you haven't hardwired it in your code.
If you mean something else by redirect, you will need to explain better what you mean.
I created successfully a apache server but I dont want to connect to it by typing 192.168.0.102, I want a normal url like www.google.com. How can I do that? I went to httpd.conf and found the ServerName line but setting it to something like www.mysite.com doesnt seem to work. I also tried to use my external ip(https://www.whatismyip.com) as server name but it doesnt connect. It only works if I try to connect to 192.168.0.102 or localhost. How do i solve this? Thanks
There are three basic things you need to know.
Virtual name hosting
HTTP allows multiple websites to be hosted on the same IP address and port. The client uses the Host request header to tell the server which site it wants to get data for.
ServerName is used as part of this.
… but the client needs to know how to send a request to the server first.
DNS
When a client makes a request to a server, it uses the IP address of the server in order to allow it to be passed over the network (or networks) to it. It is the address.
IP addresses are sequence so of numbers, which aren't very friendly for humans to work with.
DNS translates friendly names (like www.example.com) into IP addresses.
The client has to look up the name to find the IP address. It normally does this through the main DNS system, and in order to get your name linked to your IP address you will need to find a domain name registrar and pay them.
It is also possible to set up DNS at a local level on a private network, and on a computer-by-computer level using a hosts file.
Routing
The IP address of the server has to be routable from the computer the client is running on.
192.168.0.102 is a private address, accessibly only on the same LAN. To make it accessible to clients on the Internet you need to either:
Set up your router to use port forwarding and then use the Internet facing IP address of the router (which https://www.whatismyip.com tells you) or
Give your computer a public IP address and configure your router to route traffic to it (this generally isn't possible on consumer grade routers).
In short, you can't. 192.168.0.102 is not accessible from the Internet it is internal IP.
But you have some alternatives, like if you like to access your computer from a hostname you can use dynamic DNS servers.
Or you want to test your code on a spectacular domain, you can add 192.168.0.102 with a domain to your hosts file, then only you can use this domain with your local computer.
But, If you really want to serve some content to the Internet from your local computer you have to find a DNS server service (like cloudflare) to point your domain to your public Internet ip not to 192.168.0.102.
You configure the virtual host and set the server name to the domain name you want. After that, Apache will check the requests and will use that virtual host if a request was made for that domain name. In order for that to work, that domain should point to your IP address where the server is running.
If you want to test if the configuration works, edit your /etc/hosts file and add that domain name to 127.0.0.1. After that you will be able to access to that virtual host if you try to access to that domain name from your browser.
More info here : https://httpd.apache.org/docs/current/vhosts/name-based.html
I was wondering if it is possible to make my database have a DNS name instead of an IP address with Amazon RDS? We currently own a website and were wondering if there was a solution to have something like db.website.com refer to our Amazon Web Services database? Is this possible?
When a database instance is launched under Amazon RDS (Relational Database Service), an endpoint is provided in the form of:
db.crwobkqad31a.ap-southeast-2.rds.amazonaws.com:3306
If you wish to apply a more friendly DNS name, configure a CNAME record in your DNS server (eg Amazon Route 53) that maps the friendly name (eg db.website.com) to the database endpoint.
The DNS name will resolve to an IP address. If the database is publicly-accessible and the name is resolved outside your Amazon VPC, a public IP address will be returned. If the name is resolved within your Amazon VPC, a private IP address will be returned.
You will typically want to protect your database from outside access by placing it into a private subnet. It is unusual to want to give end-users direct access to a database (which I'm assuming you want to do, given the desire for a friendly DNS name), but that is your choice.
I was wondering if it is possible to make my database have a DNS name instead of an IP address with Amazon RDS?
Not only can you, but you must. Your RDS will have an endpoint like something.random-string.us-west-2.rds.amazonaws.com. Correcting directly to its IPs is dangerous as the server's IP may change unexpectedly (if the server is modified, scaled, has an issue, or fails over).
You can use a CNAME pointed at your RDS endpoint, if you like, to use something like db.example.com instead of your RDS endpoint.