Accessing SWR Enterprise Edition from an On-Premises Data Center Over the Private Network

Scenario

If your on-premises data center needs to access SWR Enterprise Edition, you can connect to the VPC using Direct Connect or VPN and access cloud services over VPC endpoints. This method does not require the Internet and greatly improves the access speed.

Prerequisites

• A VPC is available. For details, see Creating a VPC with a Subnet.
• You have purchased the required VPC endpoints. For details, see Buying a VPC Endpoint.
• You have created a Direct Connect connection or VPN to connect the data center to the VPC. For details, see Using Direct Connect to Connect an On-Premises Data Center to the Cloud or VPN.

Procedure

1. Obtain the domain name and IP address of the target SWR Enterprise Edition instance.
   1. Access the SWR console and select the desired region.
   2. In the navigation pane, choose Enterprise Edition. On the Repositories page, click the name of the target repository to go to the repository details page.
   3. On the Dashboard page, record the access address (or the access domain name) of the instance.
   4. In the navigation pane, choose Access > Access Control. On the Private Network Access, and record the private IP address of the instance.

2. Configure the hosts file on on-premises servers using either of the following methods:

   Configuring the /etc/hosts file directly

   Configuring the on-premises DNS server (recommended)

   Table 1 Comparison between two methods

   Configuration Method	Scenario	Advantage and Disadvantage
   Configuring the /etc/hosts file directly	The scenario where no DNS server is available in the on-premises data center	Advantage: No DNS server needs to be deployed in the on-premises data center. Disadvantage: You need to configure the hosts file on each on-premises servers. This is inconvenient.
   Configuring the on-premises DNS server (recommended)	The scenario where a DNS server is available in the on-premises data center	Advantage: You need to configure the DNS server only once. This is easy to complete. Disadvantage: A DNS server needs to be deployed in the on-premises data center.

   • Configuring the /etc/hosts file directly

     The following are steps in Linux:

     1. Log in to an on-premises server and run the following command to open /etc/hosts:

        sudo vim /etc/hosts

     2. Add a custom domain name. The address in hosts consists of the IP address and private domain name of the corresponding VPC endpoint, for example, xx.xx.xx.xx xxxx.swr-pro.myhuaweicloud.com.
        

        xx.xx.xx.xx is the node IP address queried in 1.d, and xxxx.swr-pro.myhuaweicloud.com is the repository access address queried in 1.c.

     3. Run the following command to restart the network:

        sudo/etc/init.d/networking restart

   • Configuring the on-premises DNS server

     Configure forwarding rules on the on-premises DNS server.

     The method of configuring DNS forwarding rules varies depending on OSs. For details, see the operation guide of the corresponding DNS software.

     The following uses Linux and the common DNS software Bind as an example:

     1. Edit the /etc/named.conf file to add a zone.

        zone " xxxx.swr-pro.myhuaweicloud.com " IN {
          type master;
          file " /var/named/xxxx.swr-pro.myhuaweicloud.com.zone"; 
        };

        

        xxxx.swr-pro.myhuaweicloud.com is the repository access address obtained in 1.c.

     2. Configure the DNS server to map the custom domain name to the corresponding IP address. Create the file /var/named/xxxx.swr-pro.myhuaweicloud.com.zone corresponding to the file in 2.a.

        $TTL     604800
        @ IN      SOA      xxxx.swr-pro.myhuaweicloud.com. root.localhost. (
                                   2         ; Serial
                              604800         ; Refresh
                               86400         ; Retry
                             2419200         ; Expire
                              604800 )       ; Negative Cache TTL
        ;
        @    IN   NS   xxxx.swr-pro.myhuaweicloud.com.
        xxxx.swr-pro.myhuaweicloud.com.    IN   A     xx.xx.xx.xx

     3. Run the following command to restart the service:

        /sbin/service named restart

     

     • You can query SWR endpoints in different regions in Regions and Endpoints.

     • If no DNS server is available in the on-premises data center, add the endpoint IP address for accessing DNS to the /etc/resolv.conf file on the on-premises servers.

3. Verify that the configuration is successful.

   Log in to any on-premises server, run the ping xxxx.swr-pro.myhuaweicloud.com command, and check the command output.

   • Successful configuration: A message similar to "Reply from..." is displayed. You can then access SWR using xxxx.swr-pro.myhuaweicloud.com.
   • Failed configuration: If "Request timed out" or "Destination host unreachable" is displayed, submit a service ticket to contact Huawei O&M engineers.

The preceding configuration only allows you to push images. To pull images, you also need to configure a VPC endpoint for accessing the private IP address of OBS.