-
|
I enabled the Access Proxy in Centralized Logging with OpenSearch console, and set the number of the instance to 1. But i saw more than 1 instance (maybe 5) started and then stoped after several minutes. And i still can not access the OpenSearch Dashboard through proxy domain name or ALB. Why and how to fix it? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
This situation often occurs when you choose the “Launch in existing VPC mode”. The Access Proxy use Auto Scaling group to manage proxy instances. These instances will be launched in the private subnets that you defined in the parameter “Private Subnet IDs” when deploying the initial CloudFormation stack. According to the description in the document, these two subnets must have routes point to an NAT Gateway, which allows the proxy instances download Nginx software from internet. So if your private subnets don’t have routes point to an NAT Gateway, the Nginx download and installation will be failed, which cause the Auto Scaling group health check regard the instance as an unhealthy instance. Then the Auto Scaling group will stop the instance and try to start a new one to replace it. That’s the reason why you saw multiple proxy instances (they are rolling, in fact) , while can’t access the OpenSearch Dashboard through proxy. You need to check the private subnets (“Private Subnet IDs” in parameters) to make sure they have routes point to an NAT Gateway. It also important to check the public subnets (“Public Subnet IDs” in parameters) to make sure they have routes point to an Internet Gateway, cause your ALB will be launched in these public subnets. Tips: Access Proxy is not the only way to visit OpenSearch Dashboard, you can also use bastion or build network connection with your office and VPC (VPN / dedicated line) to visit the OpenSearch dashboard URL directly. |
Beta Was this translation helpful? Give feedback.
-
|
Another possible issue was that there is a mismatch between the health check grace period and the instance startup time. See workaround in #202 |
Beta Was this translation helpful? Give feedback.
This situation often occurs when you choose the “Launch in existing VPC mode”. The Access Proxy use Auto Scaling group to manage proxy instances. These instances will be launched in the private subnets that you defined in the parameter “Private Subnet IDs” when deploying the initial CloudFormation stack. According to the description in the document, these two subnets must have routes point to an NAT Gateway, which allows the proxy instances download Nginx software from internet. So if your private subnets don’t have routes point to an NAT Gateway, the Nginx download and installation will be failed, which cause the Auto Scaling group health check regard the instance as an unhealthy instanc…