Help Center/ Cloud Eye/ FAQs/ Server Monitoring/ Agent Installation/ How Do I Configure DNS and Security Groups?
Updated on 2024-01-11 GMT+08:00

How Do I Configure DNS and Security Groups?

This topic describes how to add DNS server addresses and security groups to a Linux ECS to ensure successful Agent downloading and monitoring data collection. Here, ECSs are used as an example. The operations for other types of hosts are similar.

You can modify DNS configurations of an ECS in either of the following ways: command lines and management console. You can choose one as needed.

DNS and security group configurations are intended for the primary NIC.

DNS

  • Modifying a DNS Server Address (Command Lines)

    The following describes how to add a DNS server address to the resolv.conf file using command lines.

    To use the management console, see Modifying a DNS Server Address (Management Console).

    1. Log in to an ECS as user root.
    2. Run the vi /etc/resolv.conf command to open the file resolv.conf.
    3. Add nameserver 100.125.1.250 and nameserver 100.125.21.250 to the file. Enter :wq, and press Enter to save the settings and exit.
      Figure 1 Adding a DNS server address (Linux)

      The nameserver value varies depending on the region. For details, see What Are Huawei Cloud Private DNS Server Addresses?

  • Modifying a DNS Server Address (Management Console)

    The following describes how to modify a DNS server address of an ECS on the management console. Here, ECSs are used as an example. The operations for BMSs are similar.

    1. Log in to the management console.
    2. In the upper left corner, select a region and project.
    3. Under Service List, choose Computing > Elastic Cloud Server.

      On the ECS console, click the name of the target ECS to view its details.

    4. In the ECS Information area of the Summary tab, click the VPC name as is shown in Figure 2.
      The Virtual Private Cloud page is displayed.
      Figure 2 VPC in ECS basic information
    5. Click the name of a target VPC.
    6. In the Networking Components area, click the number next to Subnets.

      The Subnets page is displayed.

    7. In the subnet list, click the name of a target subnet.
    8. In the Gateway and DNS Information area, click after the DNS Server Address.

      Set the DNS server address to the value of nameserver in 3.

      Figure 3 Modifying a DNS server address
    9. Click OK.

      The new DNS server address takes effect after the ECS or BMS is restarted.

Security Groups

  • Modifying the ECS Security Group Rules (Management Console)

The following describes how to modify security group rules for an ECS on the management console. ECSs are used as an example. The operations for BMSs are similar.

  1. On the ECS details page, select the Security Groups tab.

    The security group list is displayed.

  2. Click a security group name.
  3. Click Modify Security Group Rule.

    The security group details page is displayed.

    Procedure for BMS:

    1. Click the security group ID on the upper left corner of the list.
    2. Click Manage Rule in the Operation column of the security group.
  4. In the Outbound Rules tab, click Add Rule.
  5. Add rules based on Table 1.
    Table 1 Security group rules

    Protocol

    Port

    Type

    Destination IP Address

    Description

    TCP

    80

    IPv4

    100.125.0.0/16

    Used to download the Agent installation package from an OBS bucket to an ECS or BMS and obtain the ECS or BMS metadata and authentication information.

    TCP and UDP

    53

    IPv4

    100.125.0.0/16

    Used by DNS to resolve domain names, for example, the OBS domain name for downloading the Agent installation package, and the Cloud Eye endpoint for sending monitoring data to Cloud Eye.

    TCP

    443

    IPv4

    100.125.0.0/16

    Used to collect monitoring data to Cloud Eye.