[OOTB-infra] connecting to internal server

Martin Cosgrave martin at ocretail.com
Tue Feb 17 16:28:32 GMT 2015 

On 17/02/15 17:03, Heiko Robert wrote:
> Hi Martin,
>
> most virtualisation servers like VMWare handls/encapsulate the VMs in 
> a sandbox without any shared resource, network between the management 
> server and VMs (baremetal concept). The linux embedded virtualisation 
> frameworks like KVM, Vagrant are not so strict and run inside a full 
> blown OS and may not so focused on hosting enterprise apps rather than 
> getting easy virtualisation for linux admins on any hardware. So you 
> should keep this in mind when accessing the ootb environment. You can 
> get only network access to the internal network using the interface of 
> a VM. In our case it's gw1 for direct access from the internet or the 
> internal address via VPN (which is routed thru gw1).

OK so if one has access to the esx box via ssh, that's for controlling 
and inititating vms. But from there you can't get access to the network 
hosted by the VMWare host. So each time I make a new VM I have to also 
go into pfsense and set up port forwards etc.

You know what would be really great? If the ESXi box could join the 
pfsense VPN, then we could just join a VPN without any funky routing 
stuff going on and be able to see the ESX management ports from our 
local networks.

Alternatively how would you feel about connecting one of the boxes 
inside the bee infra into my own vpn? It probably wouldn't solve all my 
issues but I would have an easier route for a lot of things.

>
> There is no way to connect to the internal network from the esx 
> embedded system itself because there is no internal interface by 
> design. That's a feature, not a restriction ;-)
You may have to explain that one to me.

> Connecting to the esx IP is for managing host services only like 
> backup/recovery, copying or manipulating VM config resources directly, 
> calling services commands from a ssh shell.
>
> Again: try to forget the esx1 address and work with the gw1 address. 
> Only use gw1 for connecting from vShere Client or from VMWare 
> Converter or ovftool command line tool

you say 'again', it's the first time I've heard that you have to connect 
to gw1 to use the client. Have you never heard of the principle of least 
surprise? Wouldn't it make sense in this case to connect to the 'esx1' 
host to use the esx ports? No wonder I was not able to connect with any 
tools I tried. >.<

>
> A new VM should be configured to use dhcp and you could forward ports 
> to the internal IP from the gw1 address in case you really need to 
> access a port from the internet.

OK so your base VM has dhcp set, when I create a new VM I am going to 
have to go to pfsense and look at the dhcp leases to find out what the 
new address is, a bit awkward but I guess manageable.


> If you want to predefine IPs you can configure this in the guest VM 
> (we need to document and define static ip ranges) or better you add 
> MAC address to fixed IPs using the pfsense user interface: 
> https://pfsense.ecm4u.intra/status_dhcp_leases.php --> just click on 
> the (+) sign and define IP and name.

I don't mind configuring networking from inside the guest but I need to 
connect to it first :-P

I guess I need to connect to it to find out its mac address too.

>
> Heiko
>
> P.S.: I cc'd lanre and Ole to share the knowledge

I added the list, couldn't see anything sensitive within. Redacted a 
couple of port numbers.

Martin

>
> Am 17.02.2015 um 16:30 schrieb Martin Cosgrave:
>>
>> Why can't I connect to the internal IP address? If I create new VMs 
>> does that mean I won't be able to connect to them internally but I 
>> will have to set up a port forward?
>>
>> I have another issue, once I clone a VM (I note there is no ovftool 
>> on the esx server, could be useful) how do I set its IP address?
>>
>> On 17/02/15 16:24, Heiko Robert wrote:
>>> Hi Martin,
>>>
>>> you should try to ban the esx address out of your mind unless you're 
>>> trying to call service commands on the esx which may be easier for 
>>> you to run from esx vsphere client.
>>>
>>> Instead you should always use the /gateway /ip to connect to the 
>>> internal network:
>>>
>>> e.g.
>>> ssh ootb at gw1.orderofthebee.org -pxxxx --> web (reverse proxy machine)
>>> ssh ootb at gw1.orderofthebee.org -pyyyy --> ubuntu desktop (not zzzz!)
>>>
>>> s. list here: 
>>> https://support.orderofthebee.org/projects/infra/wiki/VMs_external_and_internal_network#network-dmz1orderofthebeeorg
>>>
>>> Heiko
>>>
>>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.xtreamlab.net/pipermail/ootb-infra/attachments/20150217/68850326/attachment.html>

More information about the OOTB-infra mailing list