How To
Summary
This document provides steps configuring an Overlay IP as a Virtual IP address for HADR and Mutual Failover cluster on AWS with Db2 V11.5.8.0 and later.
For releases prior to V11.5.8.0, and for an overview of the AWS Overlay IP, refer to the original document.
Objective
To set up an AWS overlay IP, which can serve as a single point of access for clients in both on premise datacenters, and on the cloud. This document includes steps utilizing new functionality included in V11.5.8.0. Refer to the original document for more details.
Environment
1. Refer to the following Db2 documentation page for a list of platforms supported by Pacemaker, these same restrictions apply here:
2. In shared VPC environments, participant accounts cannot be grant themselves the authority to update the routing tables. The configured policy and credentials provided to allow the application to update the route tables must come from the VPC owning account. Otherwise the Overlay IP will encounter authorization errors when attempting to start the Overlay IP resource.
Steps
Prerequisites
Prior to creating an overlay IP, ensure the follow prerequisites have been met.
1. Ensure you have set up your environment including the AWS Identity and Access Management (IAM) as described here:
2. Ensure the latest AWS CLI utility has been installed as described the AWS documentation.
Once installed the ‘aws’ command must be accessible from /usr/bin/aws, this might require creating a symbolic link.
ln –s <aws cli location> /usr/bin/aws
ln –s <aws cli location> /usr/bin/aws
For example:
ln –s /usr/local/aws-cli/v2/current/bin/aws /usr/bin/aws
3. The following must be true:
- Both hosts must be AWS hosts.
- Both hosts must be in the same VPC.
- Both hosts must use network interfaces with the same name (for example, eth0).
Create an Overlay IP
1. Decide on an IP address and a network interface:
A key requirement for the Overlay IP is that it must not be used elsewhere in your VPC or on premises. It must be part of the private IP address range defined in RFC1918, and the CIDR block must be /32.
In this document, the following IP address and Ethernet devices are used as an example:
192.168.1.81/32
eth0
eth0
2. Disable "source/destination check" for the EC2 instances hosting the IBM Db2 primary and standby database.
To do so, select your EC2 Instance in the EC2 Management Console, select “Networking” from the “Actions” drop down menu and then set “Change source / destination checking” to “stop”
What is needed?
- EC2-instance-id: Instance ID for the Db2 primary instance
- EC2-instance-id: Instance ID for the Db2 standby instance
3. Create a policy and attach it to your IAM role by using the IAM Management Console.
What is needed?
- Region-name: the name of the AWS region
- Account-id: The name of the AWS account in which the policy is being used, note that this account must be capable of updating the VPC route table. See restrictions above for more details.
- rtb-00: The identifier of the routing table, which needs to be updated (This can be found in the VPC console under “Route Tables” section)
The first line starting with “Resource” needs to be updated with the values mentioned previously:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt000",
"Effect": "Allow",
"Action": "ec2:ReplaceRoute",
"Resource": "arn:aws:ec2:<region-name>:<account-id>:route-table/<route-id>"
},
{
"Sid": "Stmt001",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeRouteTables",
"ec2:DescribeVpcs"
],
"Resource": "*"
}
]
}
4. Create a profile by using the aws configure command.
Note: You need an Access Key ID and the Access Key itself to configure the profile. For more information how to obtain the access key, refer to the following AWS documentation: Understanding and getting your AWS credentials - AWS General Reference
aws configure --profile <profile_name>
You can choose a meaningful name for the profile or leave it blank and use the ‘default’ profile.
5. Update the route table with the Overlay IP pointing to the node with the Db2 primary instance or point to the standby instance if creating an Overlay IP for read on standby.
aws ec2 create-route --route-table-id <route table id> --destination-cidr-block 192.168.1.81/32 --instance-id <EC2-instance-id>
The command returns the following if successful:
{
"Return": true
}
"Return": true
}
7. If an Overlay IP address needs to be created for the standby database as well, then Step 5 can be followed for the standby IP
8. Add the Overlay IP resource using the following db2cm command.
db2cm -create -aws -primaryVIP <ip-address> -rtb <route-table-id> -profile <profile> -db <database name> -instance <instance name>
If creating a standby Overlay IP, use the -standbyVIP option instead.
db2cm -create -aws -standbyVIP <ip-address> -rtb <route-table-id> -profile <profile> -db <database name> -instance <instance name>
Alternatively, if the overlay IP is being created for a Mutual Failover cluster, it must be associated with the Db2 instance partition instead.
db2cm -create -aws -primaryVIP <ip-address> -rtb <route-table-id> -profile <profile> -partition <partition-number> -instance <instance-name>
10.Validate the resources are running correctly and on the correct node.
The primary overlay IP must be started on the same node as the primary HADR node, which is shown as the master.
The standby overlay IP must be started on the standby HADR node, which is shown in the following output.
ip-10-1-15-31:~ # crm status
Cluster Summary:
* Stack: corosync
* Current DC: ip-10-1-24-227 (version 2.1.2+20220331.1ad8bbddd-1.1.db2pcmk-2.1.2+20220331.1ad8bbddd) - partition with quorum
* Last updated: Thu Sep 1 17:49:53 2022
* Last change: Thu Sep 1 14:45:24 2022 by root via cibadmin on ip-10-1-15-31
* 2 nodes configured
* 11 resource instances configured
Node List:
* Online: [ ip-10-1-15-31 ip-10-1-24-227 ]
Full List of Resources:
* db2_ip-10-1-15-31_eth0 (ocf::heartbeat:db2ethmon): Started ip-10-1-15-31
* db2_ip-10-1-24-227_eth0 (ocf::heartbeat:db2ethmon): Started ip-10-1-24-227
* db2_ip-10-1-15-31_db2inst1_0 (ocf::heartbeat:db2inst): Started ip-10-1-15-31
* db2_ip-10-1-24-227_db2inst1_0 (ocf::heartbeat:db2inst): Started ip-10-1-24-227
* Clone Set: db2_db2inst1_db2inst1_CORAL-clone [db2_db2inst1_db2inst1_CORAL] (promotable):
* Masters: [ ip-10-1-24-227 ]
* Slaves: [ ip-10-1-15-31 ]
* Clone Set: db2_db2inst1_db2inst1_CORAL2-clone [db2_db2inst1_db2inst1_CORAL2] (promotable):
* Masters: [ ip-10-1-24-227 ]
* Slaves: [ ip-10-1-15-31 ]
* db2_db2inst1_db2inst1_CORAL2-primary-OIP (ocf::heartbeat:aws-vpc-move-ip): Started ip-10-1-24-227
* db2_db2inst1_db2inst1_CORAL-primary-OIP (ocf::heartbeat:aws-vpc-move-ip): Started ip-10-1-24-22
Delete an Overlay IP
1. Remove the Overlay IP resource using the db2cm command.
db2cm -delete -aws -primaryVIP -db <database name> -instance <instance name>
2. Verify that the Overlay IP has been removed using the db2cm –list.
3. Remove the route entry from the route table if it is no longer needed. Refer to the AWS documentation for the different methods of removing routes from a route table.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"ARM Category":[{"code":"a8m3p0000006xc1AAA","label":"High Availability-\u003EPacemaker"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
23 February 2024
UID
ibm16830009