Automatically associating Elastic IP addresses to Elastic Agents

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

シナリオ

You want your Elastic (EC2) Agents to have known IPs, but you don't want to have to assign these manually each time an agent starts.

Having known IPs can allow you to white-list these IP addresses in your firewall. (Note that this is not the same as VPC.)

(info) The steps in the article applies for both Linux and Windows with the AWS tools.

ソリューション

How to associate an EIP

Amazon provides Elastic IP (EIP) addresses, bound to your account, that can be associated to Elastic Instances. This allows instances to have known IPs rather than random ones.

They also provide a number of tools for managing these Elastic IPs. A good overview of these tools can be found here.

The command to associate an Elastic IP to a running EC2 instance is:

$ ec2-associate-address -i i-b2e019da 75.101.157.145

Once an Elastic IP has been associated to a running Elastic Agent, Bamboo will automatically pick up the change and start communicating with the agent over this new IP.

How to automate it

If you want an instance to have an EIP associated with it automatically when it starts, you will need to customise your instance in such a way that:

  1. your AWS private key (pk.pem) and certificate (cert.pem) are on the instance, and
  2. the instance runs this command on start-up:

    $ ec2-associate-address -K /root/pk.pem -C /root/cert.pem -i $(curl -s http://169.254.169.254/latest/meta-data/instance-id) 75.101.157.145

    This will associate the EIP 75.101.157.145 with itself.

If you will have more than one concurrently running Elastic Agent, you will probably want multiple EIPs and some logic added to the script so that it will only assign an unused EIP to itself. e.g:

ec2-associate-address -K /root/pk.pem -C /root/cert.pem -i $(curl -s http://169.254.169.254/latest/meta-data/instance-id) $(ec2-describe-addresses | grep -v "i-" | head -n1 | cut -f2) 


How to customise your instance

The most common way to customise your instance is by using EBS. You can add the necessary commands into /mnt/bamboo-ebs/bin/customise-extras.sh.

You can also put the command into an image configuration's "", for example:

export EC2_HOME=/opt/aws/apitools/ec2
export JAVA_HOME=/opt/jdk-8
export EC2_URL=https://ec2.us-east-1.amazonaws.com
PATH=$PATH:$EC2_HOME/bin
/opt/aws/bin/ec2-associate-address -K /root/pk.pem -C /root/cert.pem -i $(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/instance-id) 75.101.157.145
 

If you do not want your private key and certificate files on the instance, you can also use the following command:

export EC2_HOME=/opt/aws/apitools/ec2
export JAVA_HOME=/opt/jdk-8
export EC2_URL=https://ec2.us-east-1.amazonaws.com
PATH=$PATH:$EC2_HOME/bin
/opt/aws/bin/ec2-associate-address --aws-access-key YOUR_ACCESS_KEY --aws-secret-key YOUR_SECRET_KEY -i $(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/instance-id) 75.101.157.145


If your Agent does not start

It's possible that your Agents now fails to start, this is caused by Amazon delaying the actual association of the Elastic IP and causing the Agent to be disconnected during start-up. Add the following line to the startup script above:

sleep 180

This will delay the start-up of the Elastic agent for 3 minutes, which will give Amazon enough to time to associate the Elastic IP without interrupting any of the Bamboo processes.


最終更新日 2020 年 1 月 6 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.