Ops Manager versions 1.8.17+, 1.9.8+, and 1.10.3+
Previously, Ops Manager assigned Public IPs within a Service Network. All On Demand Service Instances (ODSI) that used this service network had internet connectivity. However, there are certain ODSI’s that should never have this kind of internet connectivity.
To resolve this issue, the Ops Manager team decided to remove this functionality from the Service Network.
Tile Authors that want their ODSI jobs to have internet connectivity can now do so using a vm_extension called `public_ip.` ODSIs that require internet connectivity will have to use this vm_extension since they have no control over the cloud config and the Service Network will no longer have Public IPs by default.
The vm_extension will exist on all IaaSs that tiles currently support: GCP, Azure, AWS, vSphere, and OpenStack. If this vm_extension is included for a job, Ops Manager will create the corresponding cloud_properties required to assign a Public IP on the IaaS in use. On IaaSs like vSphere and OpenStack that do not support Public IPs, Ops Manager will simply make an empty vm_extension with no cloud_properties.
For the impact of vm_extension on the currently supported set of IaaSs, please refer to the table below:
|IaaS||VM Extension Enabled||VM Extension Enabled|
VMs will get an ephemeral public IP that they use for egress (and not ingress unless operator disables firewall)
|VMs will not have internet access unless the operator has created a NAT box and changed routing table. No supported way to make a NAT box for you on GCP|
|Azure||VMs will attach to automatically created "dynamic" public IP addresses used for egress (and not ingress unless security rules changed)||VMs will use automatic Azure SNAT functionality to access the internet, which has some scalability concerns but is supposedly fixed now|
|AWS||Automatically assign ephemeral public IP to each VM||VMs will use an existing NAT gateway or NAT box (with route table change) if the operator has set it up|