Global Site
Displaying present location in the site.
June 13th, 2022
Machine translation is used partially for this article. See the Japanese version for the original article.
Introduction
EXPRESSCLUSTER X supports operating on Amazon Web Services (hereinafter called "AWS"). In this article, we introduce some points to note when building an HA cluster with EXPRESSCLUSTER.
Please refer to this article when you will use EXPRESSCLUSTER on AWS.
Contents
This time, we introduce some points to note when building an "HA cluster based on VIP control" on AWS. This article is written assuming you are using EXPRESSCLUSTER X 5.0.
HA Cluster Configuration
The following figure shows an HA cluster configuration of 2-node mirror disk type "HA cluster based on VIP control".
By using AWS virtual IP resources, you can use a virtual IP address (hereinafter called "VIP") on AWS. Clients in the VPC can access a cluster node (Active) via Route Table (VIP).
* We publish the configuration guide for clustering on AWS. For more details, please refer to the following URL:
https://www.nec.com/en/global/prod/expresscluster/en/doc/guide.html
Point 1: Are IAM Role Settings Correct?
First of all, confirm that IAM role settings assigned to EC2 instances are correct.
This procedure requires an environment where AWS CLI can be executed. It does not have to execute on the node that EXPRESSCLUSTER is installed.
You have to make a note each instance ID of the nodes (EC2 instances) on which EXPRESSCLUSTER is installed in advance.
The following example assumes that IAM role name is "expresscluster-role" and the policy name is "ExpressClusterPolicy".
Confirm the IAM Role
Confirm that the name of IAM role attached on the node (Instance ID: i-0123456789abcdef0) where EXPRESSCLUSTER is installed is correct.
{
"IamInstanceProfileAssociations": [
{
"InstanceId": "i-0123456789abcdef0",
"State": "associating", <- Confirm that the value of "State" is "associating" or "associated"
"AssociationId": "iip-assoc-0123456789abcdef0",
"IamInstanceProfile": {
"Id": "AGJAJVQN4F5WVLGCJABCM",
"Arn": "arn:aws:iam::123456789012:instance-profile/clusterpro-role" <- Confirm that the attached IAM role name (e.g. expresscluster-role) is correct.
}
}
]
}
Confirm the IAM Policy
Confirm that the name of the IAM policy attached to the IAM role is correct.
(In the following example, one IAM policy is attached to an IAM role. However, in some cases, multiple IAM policies are attached to an IAM role.)
{
"AttachedPolicies": [
{
"PolicyName": "ExpressClusterPolicy", <- Confirm that the attached IAM policy name (e.g. ExpressClusterPolicy) is correct.
"PolicyArn": "arn:aws:iam::123456789012:policy/ExpressClusterPolicy"
}
]
}
IAM policy has its version. therefore, confirm the version applied to the IAM policy.
{
"Policy": {
"PolicyName": "ExpressClusterPolicy",
"CreateDate": "2015-06-17T19:23;32Z",
"AttachmentCount": "1",
"IsAttachable": "true",
"PolicyId": "Z27SI6FQMGNQ2EXAMPLE1",
"DefaultVersionId": "v1", <- Confirm that the applied version is correct.
"Path": "/",
"Arn": "arn:aws:iam::123456789012:policy/ExpressClusterPolicy",
"UpdateDate": "2015-06-17T19:23:32Z"
}
}
Confirm that the IAM policy settings in the applied version are correct.
PolicyVersion.Document
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*", <- Permissions required for the AWS VIP resource to work
"ec2:ReplaceRoute" <- Permissions required for the AWS VIP resource to work
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Note: If multiple policies are attached to the IAM role, confirm that the required permissions have set in the whole policies.
Point 2: Is Python Installed Correctly?
The AWS virtual IP resource uses Python. Therefore, confirm that Python works correctly with the following steps.
Execute the following steps on all nodes where EXPRESSCLUSTER is installed.
Confirm Version of Python
For Windows, Log in as Administrator user, and execute the following command:
Python 3.10.4 <- Confirm that the version number of Python is 2.7.5 or later, or 3.6.7 or later.
For Linux, Log in as root user, and execute the following command:
Python 3.7.10 <- Confirm that the version number of Python is 2.7.5 or later, or 3.5.2 or later.
Confirm Value of Environment Variable (path)
For Windows, AWS virtual IP resources work with SYSTEM privileges. Therefore, the path to the python.exe must be registered in the PATH system environment variable.
C:\Python310\python.exe <- Confirm that the path to python.exe is correct
C:\Users\Administrator>wmic environment where (name='PATH' and SystemVariable='TRUE') get VariableValue <- Execute this command to display the PATH system environment variable
VariableValue
C:\Program Files\EXPRESSCLUSTER\bin;C:\Program Files\EXPRESSCLUSTER\runtime\x64;C:\Program Files\EXPRESSCLUSTER\runtime\x86;C:\Python310\Scripts\;C:\Python310\;
<- Confirm that the path to python.exe (C:\Python310) is registered in the PATH system environment variable
%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Amazon\cfn-bootstrap\;C:\Program Files\Amazon\AWSCLI\bin\
For Linux, python must be under the default PATH(/sbin/bin, /usr/sbin, or /usr/bin).
/usr/bin/python <- Confirm that the python exists under the default PATH(/sbin /bin, /usr/sbin or /usr/bin).
Point 3: Does AWS CLI work correctly?
AWS virtual IP resource executes AWS CLI for activation.
Therefore, confirm that AWS CLI is installed correctly with the following steps.
Execute the following steps on all nodes where EXPRESSCLUSTER is installed.
Confirm Version of AWS CLI
For Windows, excute the following command to confirm the version number of AWS CLI.
aws-cli/1.22.93 Python/3.10.4 Windows/10 exec-env/EC2 botocore/1.24.38 <- Confirm that the version number of aws-cli is 1.6 or later.
For Linux, excute the following command to confirm the version number of AWS CLI.
aws-cli/1.18.147 Python/2.7.18 Linux/5.10.109-104.500.amzn2.x86_64 botocore/1.18.6 <- Confirm that the version number of aws-cli is 1.6 or later.
Confirm Value of Environment Variable (path)
For Windows, AWS virtual IP resources work with SYSTEM privileges. Therefore, the path to the aws.exe must be registered in the PATH system environment variable.
C:\Program Files\Amazon\AWSCLI\aws.exe <- Confirm that the path to aws.exe is correct
C:\Users\Administrator>wmic environment where (name='PATH' and SystemVariable='TRUE') get VariableValue <- Execute this command to display the PATH system variable.
VariableValue
C:\Program Files\EXPRESSCLUSTER\bin;C:\Program Files\EXPRESSCLUSTER\runtime\x64;C:\Program Files\EXPRESSCLUSTER\runtime\x86;C:\Python310\Scripts\;C:\Python310\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Amazon\cfn-bootstrap\;C:\Program Files\Amazon\AWSCLI\Bin <- Confirm that the path to aws.exe (C:\Program Files\Amazon\AWSCLI) is registered in the PATH system variable
For Linux, aws must be under the default PATH(/sbin, /bin, /usr/sbin, /usr/bin, or /usr/local/bin).
/usr/bin/aws <- Confirm the aws is under the default PATH(/sbin, /bin, /usr/sbin, /usr/bin, or /usr/local/bin).
Setup the AWS CLI
Execute the following command to confirm the region specification is correct in the AWS CLI settings.
For Windows (execute as "Administrator"),
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****************ABCD iam-role <- Confirm that "iam-role" is set in the "Type" column of the "access_key" row
secret_key ****************ABCD iam-role <- Confirm that "iam-role" is set in the "Type" column of the "secret_key" row
region us-east-1 config-file ~/.aws/config <- Confirm the value of the AWS region you are using appears in the "Value" column of the "region" row
For Linux (execute as "root"),
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****************ABCD iam-role <- Confirm that "iam-role" is set in the "Type" column of the "access_key" row
secret_key ****************ABCD iam-role <- Confirm that "iam-role" is set in the "Type" column of the "secret_key" row
region us-east-1 config-file ~/.aws/config <- Confirm the value of the AWS region you are using appears in the "Value" column of the "region" row
Confirm the Operation of the AWS CLI
Execute the following command to confirm that VPC information is displayed. Make a note of the VPC ID of your VPC in advance.
And, confirm that you can get the VPC (e.g. VPC ID:vpc-01234567) information, where the nodes (EC2 instances) installed EXPLESSCLUSTER are located, using the AWS CLI.
For Windows, the execution command and result are as follows.
{
"Vpcs": [
{
"VpcId": "vpc-01234567",
"InstanceTenancy": "default",
"Tags": [
{
"Value": "MyVPC",
"Key": "Name"
}
],
"State": "available",
"DhcpOptionsId": "dopt-01234567",
"CidrBlock": "10.0.0.0/16",
"IsDefault": false
}
]
}
For Linux, the execution command and result are as follows.
{
"Vpcs": [
{
"VpcId": "vpc-01234567",
"InstanceTenancy": "default",
"Tags": [
{
"Value": "MyVPC",
"Key": "Name"
}
],
"State": "available",
"DhcpOptionsId": "dopt-01234567",
"CidrBlock": "10.0.0.0/16",
"IsDefault": false
}
]
}
If you wait more than a minute and you don't get a response, it may have lost a communication path to the Internet. In that case, confirm your network settings are correct.
Confirm the Operation of the AWS Virtual IP Resource
After checking the above three points, you can try starting the AWS virtual IP resource.
Start "Failover group" or "AWS virtual IP resource", then, confirm that appear the green icon.
And, try moving "Failover group" between servers. If you see green icons on the another server instance, you can determine that they are working properly.
Conclusion
This time, we introduced on frequently asked questions (including items that developers inadvertently make mistakes when building the environment). How did you like it?
If you consider introducing the configuration described in this article, you can perform a validation with the trial module of EXPRESSCLUSTER. Please do not hesitate to contact us if you have any questions.