elastic bamboo uses public ip even for VPC

Sergey November 2, 2016

We're using local Bamboo server installation and trying to start elastic bamboo instances from original bamboo image.

We're using VPC, we've configured Elastic Bamboo to use VPC - nodes start as intended, in right subnets, this part goes fine.

 

But then they are stuck on 'Pending' status. In node description I see its public name like 'ec2-*-us-west-2.compute.amazonaws.com' and their public IP address.

If we connect to bamboo server and use tcpdump then we can see it trying to connect to that public IP.

The problem is that:

  1. That's what we're using VPC for - our local bamboo server has no access to outer network (exception is made for http(s) requests via proxy).
  2. Even on server itself dns resolves that 'ec2-*-amazonaws.com' with local (VPC) IP. But bamboo prefers to get its Public IP from AWS API for some reason.

Is there any way to force bamboo server using VPC addresses to connect elastic agents instead of public ones?

3 answers

0 votes
Paul Crockett August 8, 2017

I am having the same issue. Elastic instances are connecting to the Bamboo server using the server's public IP, rather than the private IP.

I'm trying to restict incoming access for the Bamboo server to just the VPC subnet (and our office IP for SSH/HTTPS) but because the elastic agents connect via the public IP, this doesn't work as incoming address is the agent's public IP rather than its private IP.

0 votes
Sergey November 6, 2016

I've managed it out. I were creating elastic instances in VPC subnet, which allowed (and by default did) public ip addresses. So this was instances were created with Public IP, and Bamboo server were totally ignoring its 'Assign public IP' checkbox and tried to use that public ip just 'because it exists'.

Now I moved elastic bamboo instances to fully private subnet and now server uses local ip to reach those nodes, because it has no choice =)

Kai Paro February 17, 2017

I'm running into the same issue – are you implying that because the subnet has a route out to IGW that it will automatically assign a public IP address even though the subnet 'auto-assign public ip' setting is disabled?

Can you confirm that moving the elastic agents to a subnet with no IGW forced a private ip only instance?

0 votes
Przemek Bruski
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 3, 2016

Check out Miscallenious section in Elastic Bamboo configuration, you should have an option

Sergey November 3, 2016

This option changes nothing. Being enabled or disabled, elastic instances always get public ip (as mentioned in documentation- to be able to connect to s3 and other aws services), and bamboo server itself always uses public ip (and only public) to connect to these instances.

Even if local system itself resolves that public dns name with local (vpc) ip, bamboo tends to get public ip of the instance from aws api and use it, instead of dns resolved, or private one from api.

btw, we're using Bamboo 5.12.2.1 (will try updating soon, but I could not find anything related to such issues in release notes of recent versions).

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events