Help:Addresses

From Wikitech
Jump to: navigation, search
Horizon allows projectadmins the ability to manage public IP address(es) assigned to their instance(s). Note that if all you want to do is expose a web service, you should just use the proxy under 'Project -> DNS -> Web Proxies'. That also gives you HTTPS for free. Only request a public IP if you need to expose non-HTTP/HTTPS endpoints.

Request a Public IP address

Public (Floating) IP addresses are not automatically available to projects, the default quota is 0. You can find your quota on the 'Project -> Compute -> Overview' page. If you want a new Public IP address, follow https://phabricator.wikimedia.org/T140904 to make a request.

Manage Public IP address(es)

Horizon allows you to manage your instance(s) IP address(es):

  1. In 'Project -> Compute -> Instances', locate the instance you want
  2. 'Associate Floating IP' or click the dropdown arrow to the right and 'Disassociate Floating IP'

If associating fails, you may need to request a quota increase, or ask for an existing one to be released from your project.

After disassociating IPs from an instance, the IP will still be reserved for your project (and thus counted in your quota usage) until it is revoked by a labs administrator using 'nova floating-ip-delete $IP'

Note: there is no web page at the moment that lists unallocated IP addresses for your project(s). Labs administrators can find them by grepping 'nova floating-ip-bulk-list'

Add host name

You can insert an unlimited number of dns records for one public IP, however, you will need to make sure that the hosts file and server configuration are set-up to properly handle the multiple dns records pointing to your instance. DNS entries can be managed by going to 'Project -> DNS -> Domains', and clicking 'Manage Records' next to a domain. If no domains are listed or you want another domain, file a Phabricator task under the labs project. Individual projects can no longer create domains directly under wmflabs.org anymore without using the web proxy.

Use the IP

To actually use the IP, you might have to add rules to the security group. The default policy is to drop all packets, so those rules add ACCEPT rules for services you need. To accept from anybody, use the CIDR range 0.0.0.0/0.