elastic bamboo uses public ip even for VPC

We're using local Bamboo server installation and trying to start elastic bamboo instances from original bamboo image.

We're using VPC, we've configured Elastic Bamboo to use VPC - nodes start as intended, in right subnets, this part goes fine.

 

But then they are stuck on 'Pending' status. In node description I see its public name like 'ec2-*-us-west-2.compute.amazonaws.com' and their public IP address.

If we connect to bamboo server and use tcpdump then we can see it trying to connect to that public IP.

The problem is that:

  1. That's what we're using VPC for - our local bamboo server has no access to outer network (exception is made for http(s) requests via proxy).
  2. Even on server itself dns resolves that 'ec2-*-amazonaws.com' with local (VPC) IP. But bamboo prefers to get its Public IP from AWS API for some reason.

Is there any way to force bamboo server using VPC addresses to connect elastic agents instead of public ones?

3 answers

0 vote

Check out Miscallenious section in Elastic Bamboo configuration, you should have an option

This option changes nothing. Being enabled or disabled, elastic instances always get public ip (as mentioned in documentation- to be able to connect to s3 and other aws services), and bamboo server itself always uses public ip (and only public) to connect to these instances.

Even if local system itself resolves that public dns name with local (vpc) ip, bamboo tends to get public ip of the instance from aws api and use it, instead of dns resolved, or private one from api.

btw, we're using Bamboo 5.12.2.1 (will try updating soon, but I could not find anything related to such issues in release notes of recent versions).

I've managed it out. I were creating elastic instances in VPC subnet, which allowed (and by default did) public ip addresses. So this was instances were created with Public IP, and Bamboo server were totally ignoring its 'Assign public IP' checkbox and tried to use that public ip just 'because it exists'.

Now I moved elastic bamboo instances to fully private subnet and now server uses local ip to reach those nodes, because it has no choice =)

I'm running into the same issue – are you implying that because the subnet has a route out to IGW that it will automatically assign a public IP address even though the subnet 'auto-assign public ip' setting is disabled?

Can you confirm that moving the elastic agents to a subnet with no IGW forced a private ip only instance?

I am having the same issue. Elastic instances are connecting to the Bamboo server using the server's public IP, rather than the private IP.

I'm trying to restict incoming access for the Bamboo server to just the VPC subnet (and our office IP for SSH/HTTPS) but because the elastic agents connect via the public IP, this doesn't work as incoming address is the agent's public IP rather than its private IP.

Suggest an answer

Log in or Join to answer
Community showcase
Renan Battaglin
Published May 18, 2017 in Bamboo

FAQ: How to Upgrade Bamboo Server

Bamboo 5.9 will no longer be supported after June 12, 2017. What does this mean? As part of our End of Life policy, Atlassian supports major versions for two years after the first major iteratio...

1,087 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot