[Nix-dev] NixOps: How do I bind services to internal IP addresses on GCE?

roconnor at theorem.ca roconnor at theorem.ca
Wed Jun 24 00:45:58 CEST 2015 

I'm trying to deploy a small network of cassandra servers.  These servers 
will communicate with each other over an internal GCE network.  I've 
specified a gce network like so:


resources.gceNetworks.foo = credentials // {
   addressRange = "10.0.0.0/16";
   firewall.allow-cassandra = {
     allowed = { tcp = [ 9042 9160 ]; };
     targetTags = [ "cassandra-server" ];
   };
   firewall.allow-gossip = {
     allowed = { tcp = [ 7000 7001 7199 ]; };
     sourceTags = [ "cassandra-server" ];
     targetTags = [ "cassandra-server" ];
   };
};


I've also put some holes in the firewall for my server configuration:


networking.firewall.allowedTCPPorts = [ 7000 7001 7199 9042 9160 ];


Now my problem is that when cassandra starts up it tries to bind to the 
public IP address of my server instead of the internal IP address


cassandra[494]: Unable to bind to address db/104.154.75.66:7000. Set listen_address in cassandra.yaml to an interface you can bind to, e.g. your private IP address on EC2


When I, by hand, set the listen_address to the current internal IP 
address, 10.0.94.132, cassandra successfully binds to the port on startup. 
However, obviously this won't do as a solution as the internal IP address 
is going to change upon redeployment.

Unlike the Debian GCE machines, the /etc/hosts file doesn't even have the 
internal IP address listed anywhere:


127.0.0.1 localhost
::1 localhost

169.354.169.254 metadata.google.internal metadata

104.154.75.66 db db-unencrypted
192.168.105.1 db-encrypted


My question is, is there some way to access the internal IP address of a 
deployed machine so I can add it to my cassandra.yaml file during 
deployment?  Alternatively is there some way to have the /etc/hosts 
resolve the machines name, "db", to the internal IP address instead of the 
external IP address?  Or is there some other solution to this problem I am 
having?

Thanks.

-- 
Russell O'Connor                                      <http://r6.ca/>

More information about the nix-dev mailing list