1.6. Additional Requirements for Amazon and Azure

Installing Virtuozzo DevOPs installation on top of Azure or Amazon hardware has certain peculiarities, as these cloud providers do not offer external IP addresses and do not support attaching external IP addresses to containers. For these reasons, you will need to perform additional steps before installing Virtuozzo DevOps on AWS or Azure.

  1. On the hardware node that Virtuozzo DevOps will be installed on, add endpoints for the following ports:

    • TCP 80, 443, 3022, 4848, 4949, 7979, 8081,
    • TCP and UDP 11000-11999, these ports will be used by default for Jelastic endpoints in user containers (11999 is an example endpoint limit that can be changed according to your needs).

    Depending on the cloud provider, you may also need to meet the requirements listed in Azure endpoints setup or AWS security group creation, respectively.

  2. On the same hardware node, add additional iptables rules for the ports set in the previous step to configure DNAT from the hardware node IP address to the Platform Entry Point IP address, e.g.:

    # iptables -t nat -A PREROUTING -i {UPLINK_NODE_INTERFACE} -d {UPLINK_NODE_IP} -p tcp \
    -m multiport --dports 80,443,3022,4848,4949,7979,8081,11000:11999 -j DNAT \
    --to {ENTRY_POINT_IP}
    # iptables -t nat -A PREROUTING -i {UPLINK_NODE_INTERFACE} -d {UPLINK_NODE_IP} -p udp \
    -dport 11000:11999 -j DNAT --to  {ENTRY_POINT_IP}

    To obtain the UPLINK_NODE_IP and UPLINK_NODE_INTERFACE parameters, run

    # ip r get 1 | head -n1 | awk '{print "UPLINK_NODE_INTERFACE: " $5 "\n" \
    "UPLINK_NODE_IP: " $7}'
  3. Set up NAT for the external platform network in order to forward outgoing external traffic properly.

    # iptables -t nat -A POSTROUTING -i venet0 -s {ENTRY_POINT_IP} -o {UPLINK_NODE_INTERFACE} \
  4. Instead of setting zone delegation (described in DNS and Zone Delegation Requirements), add the “*” A-Record for your hardware node’s external IP address (used as the Platform Entry Point) to the DNS server zone file or in your domain registrar’s admin panel.