I am trying to get all the IPs (attached to VMs) from an azure subscription.
I have pulled all the VMs using
compute_client = ComputeManagementClient(credentials, subscription_id)
network_client = NetworkManagementClient(credentials,subscription_id)
for vm in compute_client.virtual_machines.list_all():
print(vm.network_profile.network_interface)
But the network_profile object seems to only be a pointer, I have read through the documentation and can not figure out how to link each vm to its attached IP addresses
I came across this: Is there any python API which can get the IP address (internal or external) of Virtual machine in Azure
But it seems that something has changed.
I am able to resolve the IPs of a machine only if I know the name of the Public_IP address object(Which not all of them have public IPs).
I need to be able to take this network_interface and resolve the IP on it
So It seems that in order to get the IPs, you need to parse the URI given in the vm.network_profile.network_interface. Then use the the subscription and the nic name to get the IP using network_client.network_interfaces.get().
The code I used is below:
compute_client = ComputeManagementClient(credentials, subscription_id)
network_client = NetworkManagementClient(credentials,subscription_id)
try:
get_private(compute_client, network_client)
except:
print("Auth failed on "+ subscription_id)
def get_private(compute_client, network_client):
for vm in compute_client.virtual_machines.list_all():
for interface in vm.network_profile.network_interfaces:
name=" ".join(interface.id.split('/')[-1:])
sub="".join(interface.id.split('/')[4])
try:
thing=network_client.network_interfaces.get(sub, name).ip_configurations
for x in thing:
print(x.private_ip_address)
except:
print("nope")
In this example you could also do x.public_ip_address to get the public IPs
As your said, indeed, something has changed, but not much.
First as below, NetworkManagementClientConfiguration has been remove, see the details in the link.
network_client = NetworkManagementClient(credentials,subscription_id)
Second, according to the source code, the parameter public_ip_address_name is the name of the subnet, cease to be the vm name.
# Resource Group
GROUP_NAME = 'azure-sample-group-virtual-machines'
# Network
SUBNET_NAME = 'azure-sample-subnet'
PUBLIC_IP_NAME = SUBNET_NAME
public_ip_address = network_client.public_ip_addresses.get(GROUP_NAME, PUBLIC_IP_NAME)
Then, you can also the private_ip_address & public_ip_address via the IPConfiguration from the PublicIPAddress
print(public_ip_address.ip_configuration.private_ip_address)
print(public_ip_address.ip_configuration.public_ip_address)
Related
I've created an ec2 instance with AWS CDK in python. I've added a security group and allowed ingress rules for ipv4 and ipv6 on port 22. The keypair that I specified, with the help of this stack question has been used in other EC2 instances set up with the console with no issue.
Everything appears to be running, but my connection keeps timing out. I went through the checklist of what usually causes this provided by amazon, but none of those common things seems to be the problem (at least to me).
Why can't I connect with my ssh keypair from the instance I made with AWS CDK? I'm suspecting the KeyName I am overriding is not the correct name in Python, but I can't find it in the cdk docs.
Code included below.
vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_name=os.getenv("VPC_NAME"))
sec_group = ec2.SecurityGroup(self, "SG", vpc=vpc, allow_all_outbound=True)
sec_group.add_ingress_rule(ec2.Peer.any_ipv4(), connection=ec2.Port.tcp(22))
sec_group.add_ingress_rule(ec2.Peer.any_ipv6(), connection=ec2.Port.tcp(22))
instance = ec2.Instance(
self,
"name",
vpc=vpc,
instance_type=ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.MICRO),
machine_image=ec2.AmazonLinuxImage(
generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2
),
security_group=sec_group,
)
instance.instance.add_property_override("KeyName", os.getenv("KEYPAIR_NAME"))
elastic_ip = ec2.CfnEIP(self, "EIP", domain="vpc", instance_id=instance.instance_id)
This is an issue with internet reachability, not your SSH key.
By default, your instance is placed into a private subnet (docs), so it will not have inbound connectivity from the internet.
Place it into a public subnet and it should work.
Also, you don't have to use any overrides to set the key - use the built-in key_name argument. And you don't have to create the security group - use the connections abstraction. Here's the complete code:
vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_name=os.getenv("VPC_NAME"))
instance = ec2.Instance(
self,
"name",
vpc=vpc,
instance_type=ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.MICRO),
machine_image=ec2.AmazonLinuxImage(
generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2
),
key_name=os.getenv("KEYPAIR_NAME"),
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
)
instance.connections.allow_from_any_ipv4(ec2.Port.tcp(22))
elastic_ip = ec2.CfnEIP(self, "EIP", domain="vpc", instance_id=instance.instance_id)
I am working on a python3.6 script that provisions a network and subnet using the openstack sdk module on OSP16. The subnet I need to add needs to have the gateway set to none. I see in the openstack CLI documentation that the --gateway switch has several options - the default is 'auto', or you specify an IP address, or you can enter none. However, if I use none via the python module I get an error:
Invalid input for gateway_ip. Reason: 'none' is not a valid IP address.
The CLI commands that work look like this:
openstack network create NW-1-PVT
openstack subnet create NW-1-PVTv6 --subnet-range FD02:F160:02:06:0:10F:0:0/64 --no-dhcp --gateway none --ip-version 6 --network NW-1-PVT
When I use the python module I get an error stating that the IP is invalid for the gateway IP, even though none is a valid parameter for the gateway IP (at least for the CLI).
# Create the Network
netw = conn.network.create_network(
name='NW-1-PVT'
)
# Create the subnet
subn = conn.network.create_subnet(
name = 'NW-1-PVTv6',
network_id = netw.id,
ip_version = '6',
cidr = FD02:F160:02:06:0:10F:0:0/64,
gateway_ip = 'none',
is_dhcp_enabled = False
)
Any assistance is appreciated.
I need to get primary domain name from ip. I have some doubts about how functions like gethostbyaddr and getfqdn work.
In the following example I'm going to reverse ip a random domain and then try to get the domain name back:
import socket
domain = 'heroku.com'
# get ip from domain
ip = socket.gethostbyname(domain)
print('ip =', ip)
# get domain from ip
print(socket.gethostbyaddr(ip))
print(socket.getfqdn(ip))
# OUTPUT
# ip = 50.19.85.154
# ('ec2-50-19-85-154.compute-1.amazonaws.com', ['154.85.19.50.in-addr.arpa'], ['50.19.85.154'])
# ec2-50-19-85-154.compute-1.amazonaws.com
It seems both gethostbyaddr and getfqdn are returning the public DNS of one of the load balanced ec2 on AWS. My question is why they don't return the domain heroku.com which is probably the domain registered on Route53?
Another example with google.com:
import socket
domain = 'google.com'
# get ip from domain
ip = socket.gethostbyname(domain)
print('ip =', ip)
# get domain from ip
print(socket.gethostbyaddr(ip))
print(socket.getfqdn(ip))
# OUTPUT
# ip = 216.58.208.174
# ('mil07s10-in-f14.1e100.net', ['174.208.58.216.in-addr.arpa', 'lhr25s09-in-f14.1e100.net', 'lhr25s09-in-f174.1e100.net'], ['216.58.208.174'])
# mil07s10-in-f14.1e100.net
Here again it seems they are returning the public DNS of some machine on GCP. How can I get the real primary domain name from an ip address (heroku.com and google.com in these examples)?
When we do a DNS lookup of a hostname, in the most of the cases we are returned with the CNAME. We take that CNAME, and further resolve it to get an IP. But multiple CNAME's in the (n-1)th stage can be mapped to the CNAME in the (n)th stage. Therefore getting back the CNAME from the CNAME of the later stages is a not a trivial task.
Another Possible Way
Well, now the discussion is moving away from the DNS, but I hope it helps you. Every router or node in the internet is mapped to a Autonomous System, and there are some organizations or sites which maintain this mapping database. So by having the IP, we can contact one such database to get its Autonomous System Number (ASN) and the organization to which the node belongs to. whois.cymru.com:43 is one such site. You can use simple network client like nc to query its database. Below I attached the screenshot of one such query.
I currently have a .csv file in an S3 bucket that I'd like to append to a table in a Redshift database using a Python script. I have a separate file parser and upload to S3 that work just fine.
The code I have for connecting to/copying into the table is below here. I get the following error message:
OperationalError: (psycopg2.OperationalError) could not connect to server: Connection timed out (0x0000274C/10060)
Is the server running on host "redshift_cluster_name.unique_here.region.redshift.amazonaws.com" (18.221.51.45) and accepting
TCP/IP connections on port 5439?
I can confirm the following:
Port is 5439
Not encrypted
Cluster name/DB name/username/password are all correct
Publicly accessible set to "Yes"
What should I be fixing to make sure I can connect my file in S3 to Redshift? Thank you all for any help you can provide.
Also I have looked around on Stack Overflow and ServerFault but these seem to either be for MySQL to Redshift or the solutions (like the linked ServerFault CIDR solution) did not work.
Thank you for any help!
DATABASE = "db"
USER = "user"
PASSWORD = "password"
HOST = "redshift_cluster_name.unique_here.region.redshift.amazonaws.com"
PORT = "5439"
SCHEMA = "public"
S3_FULL_PATH = 's3://bucket/file.csv'
#ARN_CREDENTIALS = 'arn:aws:iam::aws_id:role/myRedshiftRole'
REGION = 'region'
############ CONNECTING AND CREATING SESSIONS ############
connection_string = f"redshift+psycopg2://{USER}:{PASSWORD}#{HOST}:{PORT}/{DATABASE}"
engine = sa.create_engine(connection_string)
session = sessionmaker()
session.configure(bind=engine)
s = session()
SetPath = f"SET search_path TO {SCHEMA}"
s.execute(SetPath)
###########################################################
############ RUNNING COPY ############
copy_command = f
'''
copy category from '{S3_FULL_PATH}'
credentials 'aws_iam_role={ARN_CREDENTIALS}'
delimiter ',' region '{REGION}';
'''
s.execute(copy_command)
s.commit()
######################################
#################CLOSE SESSION################
s.close()
##############################################
Connecting via a Python program would require the same connectivity as connecting from an SQL Client.
I created a new cluster so I could document the process for you.
Here's the steps I took:
Created a VPC with CIDR of 10.0.0.0/16. I don't really need to create another VPC, but I want to avoid any problems with prior configurations.
Created a Subnet in the VPC with CIDR of 10.0.0.0/24.
Created an Internet Gateway and attached it to the VPC.
Edited the default Route Table to send 0.0.0.0/0 traffic to the Internet Gateway. (I'm only creating a public subnet, so don't need a route table for private subnet.)
Created a Redshift Cluster Subnet Group with the single subnet I created.
Launch a 1-node Redshift cluster into the Cluster Subnet Group. Publicly accessible = Yes, default Security Group.
Went back to the VPC console to edit the Default Security Group. Added an Inbound rule for Redshift from Anywhere.
Waited for the Cluster to become ready.
I then used DbVisualizer to login to the database. Success!
The above steps made a publicly-available Redshift cluster and I connected to it from my computer on the Internet.
I want let some IPs can access to site.
example :
bottle server IP : 192.168.0.1
and I want let 192.168.0.1/29 can access to site,
so 192.168.0.2 can access to site, 192.168.0.11 can't access to site.
my way is create a function to check client IP,
if out of range return status 403.
check IP function like this:
from netaddr import IPSet,IPAddress
def authIP(clientIP=None):
rules = IPSet(['192.168.0.1/29'])
if(IPAddress(clientIP) in rules):
return 'ok.'
else:
abort(403,'access denied.')
but, use this way,I will add this function to every route function to check it.
Like:
#route('/ip')
def tip():
cip = request.environ['REMOTE_ADDR']
return authIP(cip)
Have any other ideas ...?