借助 Amazon Route 53 Application Recovery Controller 中的路由控制,您可以触发在不同 AWS 区域或可用区中运行的冗余应用程序副本或副本之间的流量故障转移。
您可以将路由控件组织成在集群上配置的称为控制面板的组。Route 53 ARC 集群是在全球范围内部署的一组区域端点。集群端点提供了一个高度可用的 API,您可以使用它来设置和检索路由控制状态。有关路由控制功能组件的更多信息,请参阅 路由控制组件 。
我们的***步是创建一个集群。Route 53 ARC 集群是一组部署在全球分布中的五个区域端点。Route 53 ARC 中的基础架构支持这些端点协同工作,以保证故障转移操作的高可用性和顺序一致性。
--region us-west-2
Route 53 ARC 是一项全球服务,支持多个 AWS 区域中的终端节点,但您必须在大多数 Route 53 ARC CLI 命令中指定美国西部(俄勒冈)区域(即指定参数)。例如,创建恢复组、就绪检查或集群等资源。
创建集群时,Route 53 ARC 为您提供一组区域终端节点。要获取或更新路由控制状态,您必须在 CLI 命令中指定区域终端节点(AWS 区域和终端节点 URL)。
有关使用 AWS CLI 的更多信息,请参阅 AWS CLI 命令参考。有关 Route 53 ARC API 操作的更多信息,请参阅 Amazon Route 53 应用程序恢复控制器的恢复控制配置 API 参考。
1a。创建一个集群。
aws route53-recovery-control-config --region us-west-2 create-cluster --cluster-name NewCluster
{"Cluster": {"ClusterArn": "arn:aws:route53-recovery-control::111122223333:cluster/5678abcd-abcd-5678-abcd-5678abcdefgh","Name": "NewCluster","Status": "PENDING" } }
首次创建 Route 53 ARC 对象时,它的状态PENDING
为创建集群时。您可以通过调用来检查其进度describe-cluster
。
1b。描述一个集群。
aws route53-recovery-control-config --region us-west-2 \ describe-cluster --cluster-arn arn:aws:route53-recovery-control::111122223333:cluster/5678abcd-abcd-5678-abcd-5678abcdefgh
{"Cluster":{"ClusterArn": "arn:aws:route53-recovery-control::111122223333:cluster/5678abcd-abcd-5678-abcd-5678abcdefgh","ClusterEndpoints":[ {"Endpoint": "https://host-aaaaaa.us-east-1.example.com", "Region":"us-east-1"}, {"Endpoint": "https://host-bbbbbb.ap-southeast-2.example.com", "Region":"ap-southeast-2"}, {"Endpoint": "https://host-cccccc.eu-west-1.example.com", "Region":"eu-west-1"}, {"Endpoint": "https://host-dddddd.us-west-2.example.com", "Region":"us-west-2"}, {"Endpoint": "https://host-eeeeee.ap-northeast-1.example.com", "Region":"ap-northeast-1"} ]"Name": "NewCluster","Status": "DEPLOYED" } }
当状态为 DEPLOYED 时,Route 53 ARC 已成功创建具有一组端点的集群以供您交互。您可以通过调用列出所有集群list-clusters
。
1c。列出您的集群。
aws route53-recovery-control-config --region us-west-2 list-clusters
{"Clusters": [ {"ClusterArn": "arn:aws:route53-recovery-control::111122223333:cluster/1234abcd-abcd-1234-abcd-1234abcdefgh","ClusterEndpoints":[ {"Endpoint": "https://host-aaaaaa.us-east-1.example.com", "Region":"us-east-1"}, {"Endpoint": "https://host-bbbbbb.ap-southeast-2.example.com", "Region":"ap-southeast-2"}, {"Endpoint": "https://host-cccccc.eu-west-1.example.com", "Region":"eu-west-1"}, {"Endpoint": "https://host-dddddd.us-west-2.example.com", "Region":"us-west-2"}, {"Endpoint": "https://host-eeeeee.ap-northeast-1.example.com", "Region":"ap-northeast-1"} ],"Name": "AnotherCluster","Status": "DEPLOYED" }, {"ClusterArn": "arn:aws:route53-recovery-control::111122223333:cluster/5678abcd-abcd-5678-abcd-5678abcdefgh","ClusterEndpoints": [ {"Endpoint": "https://host-ffffff.us-east-1.example.com", "Region":"us-east-1"}, {"Endpoint": "https://host-gggggg.ap-southeast-2.example.com", "Region":"ap-southeast-2"}, {"Endpoint": "https://host-hhhhhh.eu-west-1.example.com", "Region":"eu-west-1"}, {"Endpoint": "https://host-iiiiii.us-west-2.example.com", "Region":"us-west-2"}, {"Endpoint": "https://host-jjjjjj.ap-northeast-1.example.com", "Region":"ap-northeast-1"} ],"Name": "NewCluster","Status": "DEPLOYED" } ] }
控制面板是用于组织 Route 53 ARC 路由控件的逻辑分组。创建集群时,Route 53 ARC 会自动为您提供一个名为DefaultControlPanel
. 您可以立即使用此控制面板。
一个控制面板只能存在于一个集群中。如果要将控制面板移动到另一个集群,则必须将其删除,然后在第二个集群中创建它。您可以通过调用查看您帐户中的所有控制面板list-control-panels
。要仅查看特定集群中的控制面板,请添加该 --cluster-arn
字段。
2a. 列出控制面板。
aws route53-recovery-control-config --region us-west-2 \ list-control-panels --cluster-arn arn:aws:route53-recovery-control::111122223333:cluster/eba23304-1a51-4674-ae32-b4cf06070bdd
{"ControlPanels": [ {"ControlPanelArn": "arn:aws:route53-recovery-control::111122223333:controlpanel/1234567dddddd1234567dddddd1234567","ClusterArn": "arn:aws:route53-recovery-control::111122223333:cluster/5678abcd-abcd-5678-abcd-5678abcdefgh","DefaultControlPanel": true,"Name": "DefaultControlPanel","RoutingControlCount": 0,"Status": "DEPLOYED" } ] }
或者,通过调用创建您自己的控制面板create-control-panel
。
2b。创建一个控制面板。
aws route53-recovery-control-config --region us-west-2 --control-panel-name NewControlPanel2 \ --cluster-arn arn:aws:route53-recovery-control::111122223333:cluster/5678abcd-abcd-5678-abcd-5678abcdefgh
{"ControlPanel": {"ControlPanelArn": "arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456","ClusterArn": "arn:aws:route53-recovery-control::111122223333:cluster/5678abcd-abcd-5678-abcd-5678abcdefgh","DefaultControlPanel": false,"Name": "NewControlPanel2","RoutingControlCount": 0,"Status": "PENDING" } }
首次创建 Route 53 ARC 资源时,它的状态为PENDING
正在创建中。您可以通过调用来查看进度describe-control-panel
。
2c。描述一个控制面板。
aws route53-recovery-control-config --region us-west-2 describe-control-panel \ --control-panel-arn arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456
{"ControlPanel": {"ControlPanelArn": "arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456","ClusterArn": "arn:aws:route53-recovery-control::111122223333:cluster/5678abcd-abcd-5678-abcd-5678abcdefgh","DefaultControlPanel": true,"Name": "DefaultControlPanel","RoutingControlCount": 0,"Status": "DEPLOYED" } }
现在您已经设置了集群并查看了控制面板,您可以开始创建路由控件。创建路由控件时,您必须至少指定您希望路由控件所在的集群的 Amazon 资源名称 (ARN)。您还可以为路由控件指定控制面板的 ARN。您还需要指定控制面板所在的集群。
如果您不指定控制面板,您的路由控制将添加到自动创建的控制面板中,DefaultControlPanel
.
通过调用创建路由控件https://quip-amazon.com/yWLRA7BLmAj8/PerRC-API-Rev10-Data-Plane-Internal-Review create-routing-control
。
3a。创建路由控件。
aws route53-recovery-control-config --region us-west-2 create-routing-control \ --routing-control-name NewRc1 \ --cluster-arn arn:aws:route53-recovery-control::111122223333:cluster/5678abcd-abcd-5678-abcd-5678abcdefgh
{"RoutingControl": {"ControlPanelArn": " arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456","Name": "NewRc1","RoutingControlArn": "arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456/routingcontrol/abcdefg1234567","Status": "PENDING" } }
路由控件遵循与其他 Route 53 ARC 资源相同的创建模式,因此您可以通过调用描述操作来跟踪它们的进度。
3b。描述路由控制。
aws route53-recovery-control-config --region us-west-2 describe-routing-control \ --routing-control-arn arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456/routingcontrol/abcdefg1234567
{"RoutingControl": {"ControlPanelArn": "arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456","Name": "NewRc1","RoutingControlArn": "arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456/routingcontrol/abcdefg1234567","Status": "DEPLOYED" } }
您可以通过调用在控制面板中列出路由控件list-routing-controls
。需要控制面板 ARN。
3c。列出路由控件。
aws route53-recovery-control-config --region us-west-2 list-routing-controls \ --control-panel-arn arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456
{"RoutingControls": [ {"ControlPanelArn": "arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456","Name": "Rc1","RoutingControlArn": "arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456/routingcontrol/abcdefg1234567","Status": "DEPLOYED" }, {"ControlPanelArn": "arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456","Name": "Rc2","RoutingControlArn": "arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456/routingcontrol/hijklmnop987654321","Status": "DEPLOYED" } ] }
在以下示例中,我们使用路由控制状态,我们假设您拥有本节中列出的两个路由控制(Rc1 和 Rc2)。在此示例中,每个路由控件代表您的应用程序部署到的可用区。
当您同时使用多个路由控件时,您可能会决定在启用和禁用它们时需要一些保护措施,以避免意外后果,例如关闭两个路由控件并停止所有流量。要创建这些保护措施,您需要创建 Route 53 ARC 安全规则。
有两种类型的安全规则:断言规则和门控规则。要了解有关安全规则的更多信息,请参阅在 Route 53 ARC 中创建安全规则。
以下调用提供了一个创建断言规则的示例,该规则确保On
在任何给定时间至少设置两个路由控件之一。要创建规则,请create-safety-rule
使用assertion-rule
参数运行。
有关断言规则 API 操作的详细信息,请参阅 Amazon Route 53 应用程序恢复控制器的路由控制 API 参考指南中的AssertionRule 。
4a。创建断言规则。
aws route53-recovery-control-config --region us-west-2 create-safety-rule \ --assertion-rule '{"Name": "TestAssertionRule", "ControlPanelArn": "arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx", "WaitPeriodMs": 5000, "AssertedControls": ["arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx/routingcontrol/def123def123def", "arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx/routingcontrol/ghi456ghi456ghi"], "RuleConfig": {"Threshold": 1, "Type": "ATLEAST", "Inverted": false}}'
{ "Rule": { "ASSERTION": { "Arn": "arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx/safetyrule/333333444444", "AssertedControls": [ "arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx/routingcontrol/def123def123def", "arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx/routingcontrol/ghi456ghi456ghi"], "ControlPanelArn": "arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx", "Name": "TestAssertionRule", "RuleConfig": { "Inverted": false, "Threshold": 1, "Type": "ATLEAST" }, "Status": "PENDING", "WaitPeriodMs": 5000 } } }
以下调用提供了一个创建门控规则的示例,该规则为控制面板中的一组目标路由控件提供整体“开/关”或“门控”开关。这使您可以禁止更新目标路由控件,例如,自动化无法进行未经授权的更新。在这个例子中,门控开关是由GatingControls
参数指定的路由控制,并且被控制或“门控”的两个路由控制由TargetControls
参数指定。
在创建门控规则之前,您必须创建门控路由控制,它不包括 DNS 故障转移记录,以及您使用 DNS 故障转移记录配置的目标路由控制。
要创建规则,请create-safety-rule
使用gating-rule
参数运行。
有关断言规则 API 操作的详细信息,请参阅 Amazon Route 53 应用程序恢复控制器的路由控制 API 参考指南中的GatingRule 。
4b。创建门控规则。
aws route53-recovery-control-config --region us-west-2 create-safety-rule \ --gating-rule '{"Name": "TestGatingRule", "ControlPanelArn": "arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx", "WaitPeriodMs": 5000, "GatingControls": ["arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx/routingcontrol/def123def123def"], "TargetControls": ["arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx/routingcontrol/ghi456ghi456ghi", "arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx/routingcontrol/lmn789lmn789lmn"], "RuleConfig": {"Threshold": 0, "Type": "OR", "Inverted": false}}'
{ "Rule": { "GATING": { "Arn": "arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx/safetyrule/444444444444", "GatingControls": [ "arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx/routingcontrol/def123def123def" ], "TargetControls": [ "arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx/routingcontrol/ghi456ghi456ghi", "arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx/routingcontrol/lmn789lmn789lmn" ], "ControlPanelArn": "arn:aws:route53-recovery-control::888888888888:controlpanel/zzz123yyy456xxx789zzz123yyy456xxx", "Name": "TestGatingRule", "RuleConfig": { "Inverted": false, "Threshold": 0, "Type": "OR" }, "Status": "PENDING", "WaitPeriodMs": 5000 } } }
与其他 Route 53 ARC 资源一样,您可以在安全规则传播到数据平面后对其进行描述、列出或删除。
设置一个或多个安全规则后,您可以继续与集群交互,设置或检索路由控制的状态。如果 set-routing-control-state
操作违反了您创建的规则,您将收到类似于以下内容的异常:
Cannot modify control state for [0123456bbbbbbb0123456bbbbbb01234560123 abcdefg1234567] due to failed rule evaluation 0123456bbbbbbb0123456bbbbbb0123456333333444444
***个标识符是与路由控制 ARN 连接的控制面板 ARN。第二个标识符是与安全规则 ARN 连接的控制面板 ARN。
要使用路由控制对流量进行故障转移,您可以在 Amazon Route 53 中创建运行状况检查,并将运行状况检查与您的 DNS 记录相关联。例如,假设您有两个单元,一个已配置为应用程序的主单元,另一个已配置为辅助单元,用于故障转移。
要设置故障转移的运行状况检查,请执行以下操作:
5a。为每个单元格创建一个路由控件。
aws route53-recovery-control-config --region us-west-2 create-routing-control \ --routing-control-name RoutingControlCell1 \ --cluster-arn arn:aws:route53-recovery-control::111122223333:cluster/5678abcd-abcd-5678-abcd-5678abcdefgh
aws route53-recovery-control-config --region us-west-2 create-routing-control \ --routing-control-name RoutingControlCell2 \ --cluster-arn arn:aws:route53-recovery-control::111122223333:cluster/5678abcd-abcd-5678-abcd-5678abcdefgh
5b。为每个路由控制创建健康检查。
您可以使用 Amazon Route 53 CLI 创建 Route 53 ARC 运行状况检查。
aws route53 create-health-check --caller-reference RoutingControlCell1 \ --health-check-config \ Type=RECOVERY_CONTROL,RoutingControlArn=arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456/routingcontrol/abcdefg1234567
{"Location": "https://route53.amazonaws.com/2015-01-01/healthcheck/11111aaaa-bbbb-cccc-dddd-ffffff22222","HealthCheck": {"Id": "xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","CallerReference": "RoutingControlCell1","HealthCheckConfig": {"Type": "RECOVERY_CONTROL","Inverted": false,"Disabled": false,"RoutingControlArn": "arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456/routingcontrol/abcdefg1234567" },"HealthCheckVersion": 1 } }
aws route53 create-health-check --caller-reference RoutingControlCell2 \ --health-check-config \ Type=RECOVERY_CONTROL,RoutingControlArn=arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456/routingcontrol/abcdefg1234567
{"Location": "https://route53.amazonaws.com/2015-01-01/healthcheck/11111aaaa-bbbb-cccc-dddd-ffffff22222","HealthCheck": {"Id": "xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","CallerReference": "RoutingControlCell2","HealthCheckConfig": {"Type": "RECOVERY_CONTROL","Inverted": false,"Disabled": false,"RoutingControlArn": "arn:aws:route53-recovery-control::111122223333:controlpanel/0123456bbbbbbb0123456bbbbbb0123456/routingcontrol/abcdefg1234567" },"HealthCheckVersion": 1 } }
5c。创建两个故障转移 DNS 记录,并将运行状况检查与每个记录相关联。
您可以使用 Route 53 CLI 在 Route 53 中创建故障转移 DNS 记录。要创建记录,请按照 Amazon Route 53 AWS CLI 命令参考中有关change-resource-record-sets 命令的说明进行操作。在记录中,指定每个单元格的 DNS 值以及HealthCheckID
Route 53 为运行状况检查创建的相应值(请参阅 6b)。
对于主细胞:
{"Name": "myapp.yourdomain.com","Type": "CNAME","SetIdentifier": "primary","Failover": "PRIMARY","TTL": 0,"ResourceRecords": [ {"Value": "cell1.yourdomain.com" } ],"HealthCheckId": "xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}
对于辅助电池:
{"Name": "myapp.yourdomain.com","Type": "CNAME","SetIdentifier": "secondary","Failover": "SECONDARY","TTL": 0,"ResourceRecords": [ {"Value": "cell2.yourdomain.com" } ],"HealthCheckId": "yyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"}
现在,要从主单元故障转移到辅助单元,您可以按照步骤 4b 中的 CLI 示例更新 RoutingControlCell1
toOFF
和RoutingControlCell2
to的状态ON
。