If you also get errors related to the bastion host plugin or configuration while setting up in OCI then this blog is for you. Read the blog till the end for solutions related to the Bastion host error.
Bastion Host Overview in OCI
Oracle Cloud Infrastructure Bastion provides restricted and time-limited access to target resources that don’t have public endpoints.
Bastions let authorized users connect from specific IP addresses to target resources using Secure Shell (SSH) sessions. When connected, users can interact with the target resource by using any software or protocol supported by SSH.
Source: Oracle
Bastion management tasks include the following:
- Creating a bastion
- Viewing bastion configuration details
- Updating a bastion
- Terminating a bastion
- Moving a bastion to a different compartment
You can access Bastion using the Console (a browser-based interface), the command line interface (CLI), or the REST API.
Some common Bastion Host Error
Error Statement 1: Error while enabling Bastion Service: To create a Managed SSH session, the Bastion plugin must be enabled on the target instance, but the plugin is disabled on <OCID Host>
Enable the Bastion plugin on the target instance before creating the session.
Solution:
To solve this issue you just have to check if the bastion service is enabled on the host where you’re trying to configure the bastion service.
Step 1: Check on the Host for which you want to configure Bastion Service
Step 2: Search for Bastion host and enable the service if disabled.
Error Statement 2: Plugin Bastion not present for instance ocid1.instance.***
Solution: This error statement implies that this machine cannot reach to Oracle Yum Repository to download the plug-in.
It happens because Oracle Cloud Agent running on the instance cannot access OCI services. The OCI services are out of the network where the instance resides. The instance’s network is a private subnet and does not have access to outside. Therefore a Service Gateway or NAT Gateway and proper route table rules are needed in the private subnet.
To solve this bastion host error check the following steps:
Step 1: Configure Service Gateway in VCN that this VM belongs (ensure you select all services)
Step 2: Ensure Subnet’s Route table (VM belongs to the subnet) is pointing to this Service Gateway.
Step 3: If the route is not added then add a route.
Step 4: After adding the route, reboot the VM , wait for few minutes OR try stopping & starting the Plug-In again.
Step 5: Finally verify that the Bastion is running successfully.
These were two of the most frequently encountered errors that customers face. Hope this blog help in resolving the error.
Realated/References
- 1Z0-1072-22 Oracle Cloud Infrastructure 2022 Architect Associate: All You Need To Know About
- Transit Routing: Access To Multiple VCNs From On-Premise
- OCI Networking | OCI Networking Architecture Overview
- OCI Gateways & OCI NAT Gateway
Begin Your Cloud Journey
Begin your journey towards becoming a Certified Oracle Cloud Infrastructure Architect and earning a lot more in 2022 by joining our FREE CLASS. You will also know more about the Roles and Responsibilities, Job opportunities for OCI Architects in the market, and what to study Including Hands-On labs you must perform to clear the Oracle Cloud Architect Associate Certification (OCI) certification exam by registering for our FREE Masterclass.
Click on the below image to Register Our FREE Class on Master Oracle Cloud (OCI) and Get a Higher Paying Job!
Leave a Reply