How Do I Configure DNS and Security Groups?
This topic describes how to add DNS server addresses and security groups to a Linux ECS to ensure successful Agent downloading and monitoring data collection. Here, ECSs are used as an example. The operations for other types of hosts are similar.
You can modify DNS configurations of an ECS in either of the following ways: command lines and management console. You can choose one as needed.
DNS and security group configurations are intended for the primary NIC.
DNS
- Modifying a DNS Server Address (Command Lines)
The following describes how to add a DNS server address to the resolv.conf file using command lines.
To use the management console, see Modifying a DNS Server Address (Management Console).
- Log in to an ECS as user root.
- Run the vi /etc/resolv.conf command to open the file resolv.conf.
- Add nameserver 100.125.1.250 and nameserver 100.125.21.250 to the file. Enter :wq, and press Enter to save the settings and exit.
Figure 1 Adding a DNS server address (Linux)
The nameserver value varies depending on the region. For details, see What Are Huawei Cloud Private DNS Server Addresses?
- Modifying a DNS Server Address (Management Console)
The following describes how to modify a DNS server address of an ECS on the management console. Here, ECSs are used as an example. The operations for BMSs are similar.
- Log in to the management console.
- In the upper left corner, select a region and project.
- Under Service List, choose Computing > Elastic Cloud Server.
On the ECS console, click the name of the target ECS to view its details.
- In the ECS Information area of the Summary tab, click the VPC name as is shown in Figure 2.
- Click the name of a target VPC.
- In the Networking Components area, click the number next to Subnets.
The Subnets page is displayed.
- In the subnet list, click the name of a target subnet.
- In the Gateway and DNS Information area, click after the DNS Server Address.
Set the DNS server address to the value of nameserver in 3.
Figure 3 Modifying a DNS server address
- Click OK.
The new DNS server address takes effect after the ECS or BMS is restarted.
Security Groups
- Modifying the ECS Security Group Rules (Management Console)
The following describes how to modify security group rules for an ECS on the management console. ECSs are used as an example. The operations for BMSs are similar.
- On the ECS details page, select the Security Groups tab.
The security group list is displayed.
- Click a security group name.
- Click Modify Security Group Rule.
The security group details page is displayed.
Procedure for BMS:
- Click the security group ID on the upper left corner of the list.
- Click Manage Rule in the Operation column of the security group.
- In the Outbound Rules tab, click Add Rule.
- Add rules based on Table 1.
Table 1 Security group rules Protocol
Port
Type
Destination IP Address
Description
TCP
80
IPv4
100.125.0.0/16
Used to download the Agent installation package from an OBS bucket to an ECS or BMS and obtain the ECS or BMS metadata and authentication information.
TCP and UDP
53
IPv4
100.125.0.0/16
Used by DNS to resolve domain names, for example, the OBS domain name for downloading the Agent installation package, and the Cloud Eye endpoint for sending monitoring data to Cloud Eye.
TCP
443
IPv4
100.125.0.0/16
Used to collect monitoring data to Cloud Eye.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot