Help:Manage floating IP addresses assigned to Cloud VPS instances

A floating IP address is a public IP address that is associated to an instance via destination NAT. A floating IP address can be moved between instances at will. Typical use cases for floating IPs are:

• publicly exposing a non-HTTPS service from a Cloud VPS instance
• having a non-shared egress IPv4 address for traffic from your instance to the internet

Only request a Floating IP address if you need to expose non-HTTP/HTTPS endpoints. Floating IP addresses are not automatically available to projects, the default quota is 0.

You can find your quota on the Compute -> Overview tab in Horizon. If you want a new Public IP address, follow the Cloud-VPS (Quota-requests) project in Phabricator to make a request.

Horizon allows you to manage IP addresses for your instances.

1. In 'Project -> Compute -> Instances', locate the instance you want
2. Click the 'Associate Floating IP' action

1. In 'Project -> Compute -> Instances', locate the instance you want
2. Click the dropdown arrow on the actions and 'Disassociate Floating IP'

After disassociating IPs from an instance, the IP will still be allocated to your project (and thus counted in your quota usage). It can be released completely or associated with another instance on the 'Access & Security -> Floating IPs' tab.

Once an IP is allocated to your project it remains associated even when it is not assigned to any instance. This allows you to move the same IP from one instance to another. Associated IPs are displayed on the 'Access & Security -> Floating IPs' tab. From this screen you can associate the allocated IP to another instance or release it from your project.

You can insert an unlimited number of dns records for one public IP, however, you will need to make sure that the hosts file and server configuration are set-up to properly handle the multiple dns records pointing to your instance. DNS entries can be managed by going to 'Project -> DNS -> Domains', and clicking 'Manage Records' next to a domain. If no domains are listed or you want another domain, file a Phabricator task under the #cloud-vps project. Individual projects can no longer create domains directly under wmcloud.org without using the web proxy.

To actually use the floating IP address, you might have to add rules to the security group. The default policy is to drop all packets, so those rules add ACCEPT rules for services you need. To accept from anybody, use the CIDR range 0.0.0.0/0 (for IPv4) or ::/0 (for IPv6).

• Using a web proxy to reach Cloud VPS servers from the internet

Support and administration of the WMCS resources is provided by the Wikimedia Foundation Cloud Services team and Wikimedia movement volunteers. Please reach out with questions and join the conversation: