Oct 26 18:24:53 hecate-elk2 boundary[13355]: Log Level: debug
Oct 26 18:24:53 hecate-elk2 boundary[13355]: Mlock: supported: true, enabled: false
Oct 26 18:24:53 hecate-elk2 boundary[13355]: Public Addr: xxx:9202
Oct 26 18:24:53 hecate-elk2 boundary[13355]: Version: Boundary v0.1.1
Oct 26 18:24:53 hecate-elk2 boundary[13355]: Version Sha: eccd68d73c3edf14863ecfd31f9023063b809d5a
Oct 26 18:24:53 hecate-elk2 boundary[13355]: ==> Boundary server started! Log data will stream in below:
Oct 26 18:24:53 hecate-elk2 boundary[13355]: 2020-10-26T18:24:53.835Z [INFO] controller: cluster address: addr=[::]:9201
Oct 26 18:24:53 hecate-elk2 boundary[13355]: 2020-10-26T18:24:53.835Z [INFO] worker: connected to controller: address=0.0.0.0:9201
Oct 26 18:24:53 hecate-elk2 boundary[13355]: 2020-10-26T18:24:53.839Z [INFO] controller: worker successfully authed: name=demo-worker-1
Oct 26 18:24:53 hecate-elk2 boundary[13355]: 2020-10-26T18:24:53.851Z [INFO] controller: worker successfully authed: name=demo-worker-1
However, i get connection refused when doing a telnet ip 9200/9202. The firewall is open for these ports. I believe this is because OCI like AWS does not bind the public ip to a NIC. So how exactly does this work? Any ideas would be most welcomed!
You can set the advertised address for the worker via public_addr. That will allow you to use an EIP or other address not bound to an interface on the worker.
that is what I have done. but i still have no access to the API on 9200. As according to your documentation both the 9200 and 9202 need to be accessible to the client.
or is it possible to remove the address from the api listener and the api will utilize the public_addr?
You didn’t include all of the output so we can’t see the listener information, and you aren’t specifying listener blocks in your config so it’s hard to know what it’s actually listening on. Can you include some more information?
Huh – yesterday only the second and third blocks from your original post were showing up for me. Now the first one (with the config) is too. Sorry about that…no idea if something was up with Discuss or PEBKAC
From what I can tell, everything looks fine. Are you able to telnet to those ports from the same machine? That would at least rule out some listener issue and confirm it’s something about the ingress to the machine in OCI.
i can telnet, i can authorize through the api on the host machine. however, anything trying to connect to this machine is rejected. I know it isnt the ports. Why, i have elasticseach on 9200 and it worked. I moved that to a different port and try to telnet boundary on 9200 and i get connection refused.
What i do not understand you have the worker with a public_addr on PORT 9202, how does this work with the API listener which listens on port 9200? Shouldn’t a public_addr exist for the api as well? Do you have a working example on AWS with EIP? I would assume this almost follows the same idea of OCI where no interface (NIC) is created for the public ip. Cause from what i can see the following is occurring: i have 0.0.0.0:9200 listening however, the public ip is not an interface, and is automatically rejected.
I built a dockerfile etc and i got this working on the same machine. No difference in configs. just weird. I will post the docker-compose setup tomorrow for those that are interested.