Sunday, 7 January 2018

Configuring AWS Instance For Failover


For AWS HA following is needed.
​1) All​ machines should be on the same subnet.
2) We need the ability to assign 6 secondary-private-ip on the network interface.
3) We need 6 of secondary-private-ip address and 6 of elastic IP's for all services.​
4) All 6 IP's can be assigned to a single AWS instance.
5) We need to use Amazon EC2 Tools to migrate the IP's to the failover node if failover happen.
Requirements for EC2 API
For configuring EC2 API we need following.
1) AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - The AWS Access Key and Secret Key serve the purpose of ID and Password to access Amazon S3 and your AWS (root) account. Navigate to Security Credentials and expand the Access Keys (Access Key ID and Secret Access Key) section to create a new Access Key ID and Secret Access Key pair or to view any current ​​Access Key ID(s).
2) EC2 URL - It is dependent on the region where the instance is present.
AWS-Instance-id - It is unique id for each instance that will be part of the cluster. Local Ip for these should not change. You can get the EC2 instance id from AWS console
3) Secondary private IP - It is the local IP that will be additionally assigned to the instance.
4) Additional Elastic IP - It is a global IP which is linked to the secondary private IP so that instance can be accessed from outside.
5) Network-id - It is unique id assigned by AWS to the network interface. You can get the network id from AWS console.                                                                                       
6) EC2_PRIVATE_KEY, EC2_CERT (may not be required)- EC2 private certificate key file and EC2 certificate file. I typically rename the X.509 certificate files as follows: private key file (ec2-pk.pem) and certificate file (ec2-cert.pem). Navigate to the Security Credentialspage to create a new X.509 certificate or to download a current EC2 certificate file
7) AWS_ACCOUNT_NUMBER=<999999999999> (may not be required)- AWS account number (sometimes called the account id) which shows up when you go to the Account Activity area of the AWS web site. The account number is a 12 digit number that appears in the top-right of the Account Activity page and is in the form 9999-9999-9999. When you use the account number in the context of the APIs, you should leave out the hyphens and just enter the 12 digits.                                                    
Installation of EC2 tools on System(on all the server which are part of the cluster):
Download and Install the CLI Tools
Download the tools. The CLI tools are available as a .zip file on this site: Amazon EC2 CLI Tools.
1) wget http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip
Unzip the files into a suitable installation directory, such as /usr/local/ec2.
2) sudo mkdir /usr/local/ec2
sudo unzip ec2-api-tools.zip -d /usr/local/ec2
Notice that the .zip file contains a folder ec2-api-tools-x.x.x.x, where x.x.x.x is the version number of the tools (for example, ec2-api-tools-1.7.5.0).
To check the JAVA_HOME environment variable
jdk should be installed.
Check the version as following
[root@failover2 ~]# $JAVA_HOME/bin/java -version

Output:

java version "1.6.0_23"
Java(TM) SE Runtime Environment (build 1.6.0_23-b05)
Java HotSpot(TM) Client VM (build 19.0-b09, mixed mode, sharing)
********************************************************************************************************
                                             Configure EC2 API and Access Details.

Add parameters to the Environment Variable.
echo "AWS_ACCESS_KEY=your-aws-access-key-id" > /etc/profile.d/ec2-api.sh  &&
echo "AWS_SECRET_KEY=your-aws-secret-key" >> /etc/profile.d/ec2-api.sh  &&
echo "EC2_HOME=/usr/local/ec2/ec2-api-tools-1.7.5.0"  >> /etc/profile.d/ec2-api.sh  && (upsdate the version accordingly)
echo 'PATH=$PATH:$EC2_HOME/bin'  >> /etc/profile.d/ec2-api.sh  &&
echo "AWS_INSTANCE_ID=<instance-id>"  >> /etc/profile.d/ec2-api.sh  &&
echo "NETWORK_INTERFACE_ID=network-interface-id"  >> /etc/profile.d/ec2-api.sh  &&
echo "DEVICE_NAME=<eth port eh eth0>"  >> /etc/profile.d/ec2-api.sh  &&
echo "SUBNET=<subnet of network> eg 24 for 255.255.255.0"  >> /etc/profile.d/ec2-api.sh  &&
echo "export AWS_ACCESS_KEY" >> /etc/profile.d/ec2-api.sh  &&
echo "export AWS_SECRET_KEY" >> /etc/profile.d/ec2-api.sh  &&
echo "export EC2_HOME" >> /etc/profile.d/ec2-api.sh  &&
echo  "export PATH"  >> /etc/profile.d/ec2-api.sh  &&
echo  "export AWS_INSTANCE_ID" >> /etc/profile.d/ec2-api.sh  &&
echo  "export NETWORK_INTERFACE_ID" >> /etc/profile.d/ec2-api.sh  &&
echo "export "
chmod 755 /etc/profile.d/ec2-api.sh
. /etc/profile

Verify the Tools Setup

Verify that your Amazon EC2 CLI tools are set up correctly. Run the following command to view your available regions.
ec2-describe-regions
If your environment variables are set correctly, the output lists regions and their corresponding service endpoints.
If you get an error that required option -W is missing, check the setting of AWS_SECRET_KEY, fix any errors, and try the command again.
If you get an error that required option -O is missing, check the setting of AWS_ACCESS_KEY, fix any errors, and try the command again.
If you get a Client.AuthFailure error, check that you've entered your AWS_ACCESS_KEY and AWS_SECRET_KEY correctly, and check that the date and time are set correctly on your computer.
If you're an IAM user and you get a Client.UnauthorizedOperation error, you may not have permission to use the ec2:DescribeRegions action. Check your IAM policies, and then test the tools using an action that you have permission to use.

Setup Region (If not Default)
By default, the Amazon EC2 CLI tools use the US East (Northern Virginia) region (us-east-1) with the https://ec2.us-east-1.amazonaws.com service endpoint URL.
To access a different region with the CLI tools, you must set the EC2_URL environment variable to the proper service endpoint URL.
For an already launched instance get the region and service endpoint URL.
****************************************************************************************************

Add following lines to /etc/profile.d/ec2-api.sh
echo "EC2_URL=https://ec2.sa-east-1.amazonaws.com"  >> /etc/profile.d/ec2-api.sh  && (chose url as per the region of instance)
echo  "export EC2_URL" >> /etc/profile.d/ec2-api.sh
Reload the profile.
. /etc/profile

Steps to Check the API:
ec2-describe-address | grep <IP or instance ID> - To get details of instances and IPs running on it.  
ec2-describe-addresses -  Describes one or more of your Elastic IP addresses.  
ec2-assign-private-ip-addresses --secondary-private-ip-address "SECONDARY_PRIVATE_IP" -n "NETWORK_INTERFACE_ID" --allow-reassignment true - To assign local IP to the network interface.    
SECONDARY_PRIVATE_IP will be from the list of secondary IPs provided by customer should be in same subnet as the static IP.
NETWORK_INTERFACE_ID will the ID of the network interface on which the static IP of instance is running.
ip addr add "$SECONDARY_PRIVATE_IP/$SUBNET" dev "$DEVICE_NAME" eg. ip  addr add "172.31.24.132/24" dev "$DEVICE_NAME"  
ec2-associate-address "ELASTIC_IP" -i "AWS_INSTANCE_ID" -p "SECONDARY_PRIVATE_IP" --allow-reassociation - To link the elastic IP to the private IP.  
ELASTIC_IP this will be from the list of elastic IP provided by the customer
AWS_INSTANCE_ID this will be the instance ID of the server instances given by the customer
SECONDARY_PRIVATE_IP will be from the list of secondary IPs provided by customer should be in same subnet as the static IP.
ec2-unassign-private-ip-addresses --secondary-private-ip-address "SECONDARY_PRIVATE_IP" -n "NETWORK_INTERFACE_ID" - to unassign the private IP
SECONDARY_PRIVATE_IP will be from the list of secondary IPs provided by customer should be in same subnet as the static IP.
NETWORK_INTERFACE_ID will the ID of the network interface on which the static IP of instance is running.
ec2-disassociate-address "ELASTIC_IP" - To detach the elastic IP from the physical P.  
ELASTIC_IP this will be from the list of elastic IP provided by the customer

No comments:

Step-by-step OpenLDAP Installation and Configuration on server

This tutorial describes how to install and configure an OpenLDAP server and also an OpenLDAP client. Step by Step Installation and Conf...