elastic bamboo uses public ip even for VPC

We're using local Bamboo server installation and trying to start elastic bamboo instances from original bamboo image.

We're using VPC, we've configured Elastic Bamboo to use VPC - nodes start as intended, in right subnets, this part goes fine.

 

But then they are stuck on 'Pending' status. In node description I see its public name like 'ec2-*-us-west-2.compute.amazonaws.com' and their public IP address.

If we connect to bamboo server and use tcpdump then we can see it trying to connect to that public IP.

The problem is that:

  1. That's what we're using VPC for - our local bamboo server has no access to outer network (exception is made for http(s) requests via proxy).
  2. Even on server itself dns resolves that 'ec2-*-amazonaws.com' with local (VPC) IP. But bamboo prefers to get its Public IP from AWS API for some reason.

Is there any way to force bamboo server using VPC addresses to connect elastic agents instead of public ones?

3 answers

This widget could not be displayed.

Check out Miscallenious section in Elastic Bamboo configuration, you should have an option

This option changes nothing. Being enabled or disabled, elastic instances always get public ip (as mentioned in documentation- to be able to connect to s3 and other aws services), and bamboo server itself always uses public ip (and only public) to connect to these instances.

Even if local system itself resolves that public dns name with local (vpc) ip, bamboo tends to get public ip of the instance from aws api and use it, instead of dns resolved, or private one from api.

btw, we're using Bamboo 5.12.2.1 (will try updating soon, but I could not find anything related to such issues in release notes of recent versions).

This widget could not be displayed.

I've managed it out. I were creating elastic instances in VPC subnet, which allowed (and by default did) public ip addresses. So this was instances were created with Public IP, and Bamboo server were totally ignoring its 'Assign public IP' checkbox and tried to use that public ip just 'because it exists'.

Now I moved elastic bamboo instances to fully private subnet and now server uses local ip to reach those nodes, because it has no choice =)

I'm running into the same issue – are you implying that because the subnet has a route out to IGW that it will automatically assign a public IP address even though the subnet 'auto-assign public ip' setting is disabled?

Can you confirm that moving the elastic agents to a subnet with no IGW forced a private ip only instance?

This widget could not be displayed.

I am having the same issue. Elastic instances are connecting to the Bamboo server using the server's public IP, rather than the private IP.

I'm trying to restict incoming access for the Bamboo server to just the VPC subnet (and our office IP for SSH/HTTPS) but because the elastic agents connect via the public IP, this doesn't work as incoming address is the agent's public IP rather than its private IP.

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

124 views 2 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you