Displaying present location in the site.
October 31st, 2022
Machine translation is used partially for this article. See the Japanese version for the original article.
We have released EXPRESSCLUSTER X 5.0, the latest version of EXPRESSCLUSTER X, on April 22nd, 2022.
In EXPRESSCLUSTER X 5.0, we have further enhanced the supported functions for the various clouds and add the functions that allow you to build a cluster system easier. For other enhancements of EXPRESSCLUSTER X 5.0, please refer to the EXPRESSCLUSTER X 5.0 New Enhancement document.
This time, we will introduce AWS Secondary IP resource, which is one of the new enhancements of EXPRESSCLUSTER X 5.0, and the building procedure of the HA cluster on Amazon Web Services (hereinafter called "AWS").
1. What is AWS Secondary IP Resource?
AWS Secondary IP resource is a resource that provides the function to switch the connection destination using IP address by assigning the secondary IP address of the server for the HA cluster in the AWS environment.
Using this resource, we can build an HA cluster within a Single Availability Zone (hereinafter called “AZ”) configuration on AWS more simply than before. This resource is available for CLUSTERPRO X 5.0 for Windows/Linux respectively.
An Amazon EC2 instance (hereinafter called “instance”) can have multiple private IP addresses (the primary IP address and the secondary IP addresses) for one virtual network interface (hereinafter called "ENI").
AWS Secondary IP resource uses the AWS CLI to assign secondary IP address to servers for the HA cluster to achieve connection switching.
In addition, AWS Secondary IP monitor resource that monitors the status for assignment of the secondary IP address has also been added, and it is possible to set it using the Cluster WebUI.
- * In order to re-assign the secondary IP address in the same subnet, the servers for the HA cluster must be located in the same Virtual Private Cloud (hereinafter called “VPC”), the same AZ, and the same subnet.
1.2 Use Case
AWS Secondary IP resources are recommended if you are building an HA cluster that can be accessed by IP address from outside the VPC without using AWS Transit Gateway.
As introduced in the previous article, the AWS Transit Gateway is required when you will access an HA cluster using AWS Virtual IP resources from outside the VPC via AWS Direct Connect. However, depending on the environment, such as the "hosted virtual interface" of AWS Direct Connect used in, you may not be able to use AWS Transit Gateway directly.
AWS Secondary IP resource uses the private IP address of the subnet where the servers for the HA cluster belong as the virtual IP address for connecting to the cluster, so we don’t need to link the setting of the virtual IP address to Route Tables or AWS Transit Gateway.
Therefore, even in an environment where you cannot use AWS Transit Gateway for reasons such as having to use the "hosted virtual interface" of AWS Direct Connect, you can build an HA cluster environment by switching IP addresses.
In addition, since AWS Secondary IP resources are premised on Single-AZ configuration, it can be combined with the shared disk configuration introduced in the previous article that also is assumed on a Single-AZ.
- * The clusters in a Single-AZ cannot avoid failures for the AZ, resulting in reduced availability compared to clusters in Multi-AZ.
2. HA Cluster Configuration
In this article, we will build a "mirror disk type HA cluster using a secondary IP address for switching the connection destination" in the N. Virginia region.
The configuration is as follows:
The instances (server01, server02) as the servers for the HA cluster will be located on the same subnet (same AZ).
For switching the connection destination, we will use AWS Secondary IP resources to switch the connection destination using IP address by re-assigning the secondary IP address between the servers for the HA cluster.
In addition, as described above, AWS Secondary IP resources use the AWS CLI to control the secondary IP address, so the servers for the HA cluster need to communicate with the regional endpoint. Therefore, we have added an Internet gateway and a NAT instance to this configuration, but it is also possible to build a closed HA cluster within AWS by using the VPC endpoint.
3. HA Cluster Building Procedure
3.1 Settings of AWS
Follow the steps below to create the resources to build an HA cluster on AWS.
3.1.1 Creating a VPC and Subnets
First, create a VPC and subnets. The VPC and subnets configuration created this time is as follows:
- - CIDR : 10.0.0.0/16
- - Subnets
- ■Subnet-A1(Public): 10.0.10.0/24
- ■Subnet-A2(Private): 10.0.110.0/24
Security groups should be configured appropriately according to the policies of the system.
3.1.2 Creating Instances for HA Cluster
Create instances as the servers for the HA cluster on the private subnet.
The instances created this time are as follows:
- *ENI IDs in this article are fictitious values.
- - IP address: 10.0.110.110
- - ENI ID: eni-xxxxxxxxxxxxxxxxx
- - IP address: 10.0.110.120
- - ENI ID: eni-yyyyyyyyyyyyyyyyy
Applying the IAM Policy Required for AWS Secondary IP Resources
For the instances you created, specify the IAM policy described the following permissions for actions. These are required for AWS Secondary IP Resources execution.
|Required when getting ENIs and subnet information.
|Required when assigning a secondary IP address.
|Required when unassigning a secondary IP address.
Setting the Primary IP Address Static (For Windows)
AWS Secondary IP resources assign a secondary IP address to the server for the HA cluster by running a command from EXPRESSCLUSTER. Therefore, the user does not need to assign a secondary IP address to the server for the HA cluster.
However, in the case of Windows, you must first perform a static assignment of the primary IP address on the servers for the HA cluster.
For more details, please refer to the step 1 of the AWS official documentation below:
In the case of Linux, it is not required to set the primary IP address static.
3.2 Building HA Cluster Using EXPRESSCLUSTER
Install EXPRESSCLUSTER X 5.0 in the servers for the HA cluster and build the HA Cluster on AWS environment.
This time, we added the following resources to EXPRESSCLUSTER X 5.0 (internal version Windows: 13.01, Linux: 5.0.1-1) and checked the operation. The configuration of EXPRESSCLUSTER is as follows:
- - Failover group (failover)
- ■AWS Secondary IP resource
- - IP Address: 10.0.110.200
- ■Mirror disk resource (Windows)
- - Data partition: E:\
- - Cluster partition: F:\
- ■Mirror disk resource (Linux)
- - Data partition: /dev/nvme1n1p2
- - Cluster partition: /dev/nvme1n1p1
On the [Info] of the Resource Definition of Group, make the following settings and click [Next].
On the [Dependency] and the [Recovery Operation], do not change the default values and click [Next].
On the [Details], set as follows:
After setting the above, click [Finish] to create the AWS Secondary IP resource.
For details of AWS Secondary IP resource setting, please refer to the system construction guide below.
Documentation - Manuals
- EXPRESSCLUSTER X 5.0 > EXPRESSCLUSTER X 5.0 for Windows > Reference Guide > 3.20 Understanding AWS secondary IP resources
- EXPRESSCLUSTER X 5.0 > EXPRESSCLUSTER X 5.0 for Linux > Reference Guide > 3.17 Understanding AWS Secondary IP resources
4. Checking the Operation
- *The following images are examples for Windows.
Start a Web browser on the Client and access the following URL to display the Cluster WebUI.
http://<IP address of server01>:29003
From the [Status] tab of the Cluster WebUI, check that the failover group is started on the server01, and that [Servers], [Groups], and [Monitors] are all started normally.
Also, check whether a secondary IP address has been assigned on the OS of server01.
For Windows, run ipconfig command from the command prompt to check that a secondary IP address has been assigned.
Finally, check the status of server01's ENI in the AWS Management Console. If the AWS Secondary IP resource is working properly, the secondary IP address is displayed.
After checking all the above statuses, check that the Client can access the secondary IP address (10.0.110.200) and connect to server01.
Then manually move the failover group to server02 and check that the secondary IP address will be re-assigned to server02.
By using the Cluster WebUI, manually move the failover group from server01 to server02.
Check on the Cluster WebUI that the failover group has been moved to server02 and that [Servers], [Groups], and [Monitors] are all starting normally.
After the failover to server02 is complete, check whether a secondary IP address has been assigned on the OS of server02.
Run ipconfig command from the command prompt to check that a secondary IP address has been assigned.
Next, check the status of server02's ENI in the AWS Management Console, and the secondary IP address is displayed.
Finally, connect the secondary IP address (10.0.110.200) again from the Client and check that the Client can connect to server02.
Based on the above operation, we were able to check that the secondary IP address can be accessed before and after failover.
This time, we tried to build an HA cluster using AWS Secondary IP resource, which is a new function of EXPRESSCLUSTER X 5.0.
If you consider introducing the configuration described in this article, you can perform a validation with the trial module of EXPRESSCLUSTER. Please do not hesitate to contact us if you have any questions.
Also, as introduced at the “Introduction” of this article, EXPRESSCLUSTER X 5.0 has implemented various new features besides AWS Secondary IP resource. If you are planning to deploy a new cluster or upgrade an existing cluster, please take this opportunity to consider deploying EXPRESSCLUSTER X 5.0. Details of EXPRESSCLUSTER X 5.0 new features are published, so please refer to it.