2017-06-25

Hot Standby HA Architecture Pattern on AWS EC2


Hot Standby HA of No E/ALB by Unicast VRRP

This Hot Standby HA Architecture Pattern realizes VRRP monitor by Unicast in the AWS network that Multicast can not use.
In particular, this design is a useful HA architecture pattern in staging environments of small projects and so on which costs such as E/ALB SaaS need not be paid.


EC2 + RHEL7 + Unicast VRRP + Failure Scripts

  • IaaS: AWS EC2
  • OS: RHEL 7 or CentOS 7
  • Unicast VRRP: keepalived
  • Failover & Failback Scripts: Bash + AWS CLI


keepalived Install & Configuration

$ : Node 1
$ sudo yum -y install keepalived
$ sudo cp -a /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.org
$ sudo vim /etc/keepalived/keepalived.conf

  1. ! Configuration File for keepalived
  2.  
  3. global_defs {
  4.     notification_email {
  5.         admin@example.com
  6.     }
  7.     notification_email_from node1@example.com
  8.     smtp_server mail.example.com
  9.     smtp_connect_timeout 30
  10.     router_id node1.example.com
  11. }
  12.  
  13. vrrp_instance VI_0 {
  14.     state MASTER
  15.     interface eth0
  16.     virtual_router_id 10
  17.     priority 101
  18.     nopreempt
  19.     advert_int 1
  20.     authentication {
  21.         auth_type PASS
  22.         auth_pass foo
  23.     }
  24.  
  25.     ! VIP
  26.     virtual_ipaddress {
  27.         10.10.10.10 dev eth0
  28.     }
  29.  
  30.     ! Node 1
  31.     unicast_src_ip 10.10.10.11
  32.  
  33.     ! Node2
  34.     unicast_peer {
  35.         10.10.10.12
  36.     }
  37. }
$ : Node 2
$ sudo yum -y install keepalived
$ sudo cp -a /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.org
$ sudo vim /etc/keepalived/keepalived.conf

  1. ! Configuration File for keepalived
  2.  
  3. global_defs {
  4.     notification_email {
  5.         admin@example.com
  6.     }
  7.     notification_email_from node2@example.com
  8.     smtp_server mail.example.com
  9.     smtp_connect_timeout 30
  10.     router_id node2.example.com
  11. }
  12.  
  13. vrrp_instance VI_0 {
  14.     state BACKUP
  15.     interface eth0
  16.     virtual_router_id 10
  17.     priority 100
  18.     nopreempt
  19.     advert_int 1
  20.     authentication {
  21.         auth_type PASS
  22.         auth_pass foo
  23.     }
  24.  
  25.     ! VIP
  26.     virtual_ipaddress {
  27.         10.10.10.10 dev eth0
  28.     }
  29.  
  30.     ! Node 2
  31.     unicast_src_ip 10.10.10.12
  32.  
  33.     ! Node 1
  34.     unicast_peer {
  35.         10.10.10.11
  36.     }
  37.  
  38.     ! Failover Script
  39.     notify_master "/etc/keepalived/failover.sh"
  40. }

Failback Script (Bash + AWS CLI)

$ : Node 1
$ : for manual failback
$ sudo touch /etc/keepalived/failback.sh
$ sudo vim /etc/keepalived/failback.sh

  1. #!/bin/bash
  2. # failback.sh
  3.  
  4. # LAN VIP
  5. VIP=10.10.10.10
  6.  
  7. # WAN VIP
  8. ALLOCATION_ID=eipalloc-xxxxxxx0
  9.  
  10. # Instance 1 eth0 IF
  11. INTERFACE_ID_1=eni-xxxxxxx1
  12.  
  13. # Instance 2 eth0 IF
  14. INTERFACE_ID_2=eni-xxxxxxx2
  15.  
  16. # Instance ID
  17. INSTANCE_ID=`curl -s http://169.254.169.254/latest/meta-data/instance-id`
  18.  
  19. # Auth
  20. export AWS_DEFAULT_REGION=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | rev | cut -c 2- | rev`
  21.  
  22. # LAN VIP Unassitnment
  23. aws ec2 unassign-private-ip-addresses --private-ip-addresses $VIP --network-interface-id $INTERFACE_ID_2
  24.  
  25. # LAN VIP Assignment
  26. aws ec2 assign-private-ip-addresses --private-ip-addresses $VIP --network-interface-id $INTERFACE_ID_1 --allow-reassignment
  27.  
  28. # WAN VIP Asoociation
  29. aws ec2 associate-address --allocation-id $ALLOCATION_ID --network-interface-id $INTERFACE_ID_1 --private-ip-address $VIP

Failover Script (Bash + AWS CLI)

$ : Node 2
$ : for auto failover
$ sudo touch /etc/keepalived/faiover.sh
$ sudo vim /etc/keepalived/faiover.sh

  1. #!/bin/bash
  2. # failover.sh
  3.  
  4. # LAN VIP
  5. VIP=10.10.10.10
  6.  
  7. # WAN VIP
  8. ALLOCATION_ID=eipalloc-xxxxxxx0
  9.  
  10. # Instance 1 eth0 IF
  11. INTERFACE_ID_1=eni-xxxxxxx1
  12.  
  13. # Instance 2 eth0 IF
  14. INTERFACE_ID_2=eni-xxxxxxx2
  15.  
  16. # Instance ID
  17. INSTANCE_ID=`curl -s http://169.254.169.254/latest/meta-data/instance-id`
  18.  
  19. # Auth
  20. export AWS_DEFAULT_REGION=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | rev | cut -c 2- | rev`
  21.  
  22. # LAN VIP Unassitnment
  23. aws ec2 unassign-private-ip-addresses --private-ip-addresses $VIP --network-interface-id $INTERFACE_ID_1
  24.  
  25. # LAN VIP Assignment
  26. aws ec2 assign-private-ip-addresses --private-ip-addresses $VIP --network-interface-id $INTERFACE_ID_2 --allow-reassignment
  27.  
  28. # WAN VIP Asoociation
  29. aws ec2 associate-address --allocation-id $ALLOCATION_ID --network-interface-id $INTERFACE_ID_2 --private-ip-address $VIP

keepalived Daemon Start

$ : Node 1
$ sudo systemctl start keepalived
$ sudo systemctl enable keepalived
$ sudo systemctl status keepalived
$ sudo ip addr

$ : Node 2
$ sudo systemctl start keepalived
$ sudo systemctl enable keepalived
$ sudo systemctl status keepalived
$ sudo ip addr

Auto Failover Test

$ : Node 1
$ sudo systemctl stop keepalived
$ sudo systemctl status keepalived
$ sudo ip addr

$ : Node 2
$ sudo ip addr

Manual Failback Test

$ : Node 1
$ sudo systemctl start keepalived
$ sudo systemctl status keepalived

$ : Node 2
$ sudo /etc/keepalived/failback.sh
$ sudo ip addr

$ : Node 1
$ sudo ip addr
投稿者 時刻:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)