2017-06-25

Hot Standby HA Architecture Pattern on AWS EC2


Hot Standby HA of No E/ALB by Unicast VRRP

This Hot Standby HA Architecture Pattern realizes VRRP monitor by Unicast in the AWS network that Multicast can not use.
In particular, this design is a useful HA architecture pattern in staging environments of small projects and so on which costs such as E/ALB SaaS need not be paid.


EC2 + RHEL7 + Unicast VRRP + Failure Scripts

  • IaaS: AWS EC2
  • OS: RHEL 7 or CentOS 7
  • Unicast VRRP: keepalived
  • Failover & Failback Scripts: Bash + AWS CLI


keepalived Install & Configuration

$ : Node 1
$ sudo yum -y install keepalived
$ sudo cp -a /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.org
$ sudo vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
    notification_email {
        admin@example.com
    }
    notification_email_from node1@example.com
    smtp_server mail.example.com
    smtp_connect_timeout 30
    router_id node1.example.com
}

vrrp_instance VI_0 {
    state MASTER
    interface eth0
    virtual_router_id 10
    priority 101
    nopreempt
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass foo
    }

    ! VIP
    virtual_ipaddress {
        10.10.10.10 dev eth0
    }

    ! Node 1
    unicast_src_ip 10.10.10.11

    ! Node2
    unicast_peer {
        10.10.10.12
    }
}

$ : Node 2
$ sudo yum -y install keepalived
$ sudo cp -a /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.org
$ sudo vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
    notification_email {
        admin@example.com
    }
    notification_email_from node2@example.com
    smtp_server mail.example.com
    smtp_connect_timeout 30
    router_id node2.example.com
}

vrrp_instance VI_0 {
    state BACKUP
    interface eth0
    virtual_router_id 10
    priority 100
    nopreempt
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass foo
    }

    ! VIP
    virtual_ipaddress {
        10.10.10.10 dev eth0
    }

    ! Node 2
    unicast_src_ip 10.10.10.12

    ! Node 1
    unicast_peer {
        10.10.10.11
    }

    ! Failover Script
    notify_master "/etc/keepalived/failover.sh"
}

Failback Script (Bash + AWS CLI)

$ : Node 1
$ : for manual failback
$ sudo touch /etc/keepalived/failback.sh
$ sudo vim /etc/keepalived/failback.sh

#!/bin/bash
# failback.sh

# LAN VIP
VIP=10.10.10.10

# WAN VIP
ALLOCATION_ID=eipalloc-xxxxxxx0

# Instance 1 eth0 IF
INTERFACE_ID_1=eni-xxxxxxx1

# Instance 2 eth0 IF
INTERFACE_ID_2=eni-xxxxxxx2

# Instance ID
INSTANCE_ID=`curl -s http://169.254.169.254/latest/meta-data/instance-id`

# Auth
export AWS_DEFAULT_REGION=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | rev | cut -c 2- | rev`

# LAN VIP Unassitnment
aws ec2 unassign-private-ip-addresses --private-ip-addresses $VIP --network-interface-id $INTERFACE_ID_2

# LAN VIP Assignment
aws ec2 assign-private-ip-addresses --private-ip-addresses $VIP --network-interface-id $INTERFACE_ID_1 --allow-reassignment

# WAN VIP Asoociation
aws ec2 associate-address --allocation-id $ALLOCATION_ID --network-interface-id $INTERFACE_ID_1 --private-ip-address $VIP

Failover Script (Bash + AWS CLI)

$ : Node 2
$ : for auto failover
$ sudo touch /etc/keepalived/faiover.sh
$ sudo vim /etc/keepalived/faiover.sh

#!/bin/bash
# failover.sh

# LAN VIP
VIP=10.10.10.10

# WAN VIP
ALLOCATION_ID=eipalloc-xxxxxxx0

# Instance 1 eth0 IF
INTERFACE_ID_1=eni-xxxxxxx1

# Instance 2 eth0 IF
INTERFACE_ID_2=eni-xxxxxxx2

# Instance ID
INSTANCE_ID=`curl -s http://169.254.169.254/latest/meta-data/instance-id`

# Auth
export AWS_DEFAULT_REGION=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | rev | cut -c 2- | rev`

# LAN VIP Unassitnment
aws ec2 unassign-private-ip-addresses --private-ip-addresses $VIP --network-interface-id $INTERFACE_ID_1

# LAN VIP Assignment
aws ec2 assign-private-ip-addresses --private-ip-addresses $VIP --network-interface-id $INTERFACE_ID_2 --allow-reassignment

# WAN VIP Asoociation
aws ec2 associate-address --allocation-id $ALLOCATION_ID --network-interface-id $INTERFACE_ID_2 --private-ip-address $VIP

keepalived Daemon Start

$ : Node 1
$ sudo systemctl start keepalived
$ sudo systemctl enable keepalived
$ sudo systemctl status keepalived
$ sudo ip addr

$ : Node 2
$ sudo systemctl start keepalived
$ sudo systemctl enable keepalived
$ sudo systemctl status keepalived
$ sudo ip addr

Auto Failover Test

$ : Node 1
$ sudo systemctl stop keepalived
$ sudo systemctl status keepalived
$ sudo ip addr

$ : Node 2
$ sudo ip addr

Manual Failback Test

$ : Node 1
$ sudo systemctl start keepalived
$ sudo systemctl status keepalived

$ : Node 2
$ sudo /etc/keepalived/failback.sh
$ sudo ip addr

$ : Node 1
$ sudo ip addr
投稿者 時刻:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)