https://prefect.io logo
w

Will Skelton

05/26/2022, 3:28 PM
Hi All! I'm working on getting a Linux VM in Azure to host a prefect 2.0 server for POC/Dev purposes. I've followed the tutorial I've linked here but have gotten to a roadblock when trying to connect to the UI from my local computer. I've enabled Firewall rules successfully enough to allow SSH access into the vm via port 22 and have also added ports 8080 and 4200 as described in the tutorial. My issue comes when trying to bind the server to the public IP address for the vm. I've added the config.toml file as shown in the tutorial and have also tried to bind the IP using the "prefect orion start --host" command. Any thoughts on what I'm missing? Thanks! Will https://mortimer.xyz/prefect-on-azure/
k

Kevin Kho

05/26/2022, 3:34 PM
Did you set
PREFECT_ORION_UI_API_URL
from you local to point your local UI to the VM?
Oh I see the image it’s just failing
I don’t know enough here but will try to find someone
👍 1
c

Christopher Boyd

05/26/2022, 3:44 PM
Hi Will, There is a terraform azure vm recipe here; I can’t say I have tested running Orion locally just yet, so I can certainly test that and see if I can reproduce this issue and get back to you https://github.com/PrefectHQ/prefect-recipes/tree/main/azure/prefect-agent-on-avm
can you export PREFECT_LOGGING_LEVEL=“DEBUG” and try again to see if we get any more verbosity?
Also, I was unaware of this tutorial, but will be a great resource for expanding this terraform recipe - I’ll test it out and report back if I can address this issue
z

Zanie

05/26/2022, 3:47 PM
You’ll want to bind the host to
0.0.0.0
Then set the
PREFECT_ORION_UI_API_URL
to the public IP
w

Will Skelton

05/26/2022, 4:34 PM
To be more clear, The screen shot above is an ssh connection into the VM in azure. (not sure if that was understood or not).
@Christopher Boyd, I've tried to enable Debug logging in the profile and when calling "start" but I don't seem to be getting any more info. Is there a file getting created that I can't find?
k

Kevin Kho

05/26/2022, 5:48 PM
No file being created. It would just have more verbose logs with Orion and the Flow (potentially)
w

Will Skelton

05/26/2022, 6:19 PM
Didn't really get anything more than the first time, assuming I enabled it correctly.
c

Christopher Boyd

05/26/2022, 6:38 PM
HI Will, For setting the PREFECT_ORION_UI_API_URL, it looks like you are blocking out your IP address (presumably because it’s the public) but that should be listening on 0.0.0.0 to listen on all interfaces (--expose does this for 1.0, but this is for 2.0 as you mentioned)
I’m checking the config.toml setting as well, because I believe that is also a 1.0 setting
The apollo_url would have been the 1.0 endpoint, for 2.0 , I believe this would be the orion_url although I’m confirming that
w

Will Skelton

05/26/2022, 6:54 PM
Thanks @Christopher Boyd, Lots of different places, it appears, to apply settings. Here is what I've got going now. Still no connection from my local PC into Azure.
c

Christopher Boyd

05/26/2022, 6:55 PM
Are you able to curl this endpoint locally through a 2nd ssh session? That way we can verify it’s actually running and returning data locally, then move onto exposing it publicly
w

Will Skelton

05/26/2022, 6:57 PM
so... sudo curl "http://publicip:8080" ? or port 4200?
sorry.. doing lots of learning today 🙂
c

Christopher Boyd

05/26/2022, 6:58 PM
All good - from the azure ssh session, something like :
Copy code
curl -I localhost:4200
If that’s functioning, we know it’s listening and serving, and we would just need to expose the public traffic at that point - I might need a few minutes for a follow up
w

Will Skelton

05/26/2022, 6:59 PM
c

Christopher Boyd

05/26/2022, 7:00 PM
Ok that’s good - give me a few moments to review and I can circle back
w

Will Skelton

05/26/2022, 7:00 PM
10-4. Thank so much!
c

Christopher Boyd

05/26/2022, 7:24 PM
Sorry Will, circling back - from your localhost (your actual desktop / laptop) assuming Mac based, you can run:
Copy code
curl <http://ifconfig.co|ifconfig.co>
That will return your public IP address - that’s what you would want to allow as an inbound rule for 22, 8080, and 4200
With those inbound rules set, you should be able to re-run that curl command:
Copy code
curl -I azure-public-ip:8080
curl -I azure-public-ip:4200
I’m not 100% sure and can confirm, but I don’t believe 8080 is in use for 2.0
w

Will Skelton

05/26/2022, 7:30 PM
I'm using a Windows Desktop, but I know what my IP is that gets presented when connected outside of our network. Do I need to run those curl statements on the ssh or my local host?
c

Christopher Boyd

05/26/2022, 7:31 PM
You would run those commands from your localhost, and test against the azure VM once the rule forwarding is in place (for your public IP on the localhost)
w

Will Skelton

05/26/2022, 7:40 PM
I have rule forwarding in place and it is working successfully for ssh via port 22. (I'm connected via Windows cmd ssh) Running curl against the public IP and port 22 returns a "Received HTTP/0.9 when not allowed" response... port 4200 Fails with "Connection refused"... The rule on port 22 is the same as port 4200.
c

Christopher Boyd

05/26/2022, 7:48 PM
I was able to get this working successfully in our Azure environment; can you send me a screenshot of your inbound network rule?
Your source IP address should be your external IP address from your localhost. The destination port range should be set to 4200: TCP, and the action set to allow. I currently have two inbound rules set, one for SSH (from localhost TO azure public IP), and GraphQL (from localhost to azure public IP);
Reaching it via browser is functional ; it’s possible if this is still not working you might be behind some other firewalls, or there is something else in the way?
w

Will Skelton

05/26/2022, 7:59 PM
Yes, Looks like our corporate firewall isn't allowing traffic on those ports to Azure. Forwarding works with traffic from my home network. Thanks so much for your help!
🙌 2
4 Views