aws(学习笔记第四十五课) route53-failover

aws(学习笔记第四十五课 route53-failover

• 使用route53
• 尝试route53的health check

学习内容：

• 使用route53的domain以及sub domain
• 使用route53的health check

1. 代码链接以及微调整

1.1 代码链接

代码连接(route53-failover)

1.2 准备hostedzone

1.2.1 理解hostedzone

这里理解hostedzone就是一个父domain的定义，在这个父domain里面，可以定义多个arecord，即子的sub domain。

1.2.2 提前创建hostedzone

这里不采用cdk创建的方式，现直接创建hostedzone。

1.3 代码修改

1.3.1 从cdk.json开始

修改如下设定：

• domain : finlay.com
• mail : 自己的email
• primaryRegion : ap-northeast-1 # 这里是亚洲的region
• secondaryRegion : ap-northeast-1 # 这里是亚洲的region
  

1.3.2 修改app.py

• region都修改成ap-northeast-1
• AliasHealthcheckRecordStack暂时都注释掉
  

1.3.3 修改healthcheck_alarm_stack.py

• 将region都修改成ap-northeast-1

1.3.4 修改hosted_zone_stack.py

如下，将hostedzone修改成预先定义的形式，进行from_lookup调用。

self.zone = route53.HostedZone.from_lookup(self, "HostedZone", domain_name=domain)

2. 代码整体架构

• 在两个Region A和Regiono B，分别启动一个vpc，在里面分别启动一个Fargate，和一个NLB。
• 通过from_lookup，得到已经提前创建的hostedzone (finlay.com)。
• 在hostedzone里面创建Failover Record(failover.finlay.com)。
• 并对Failover Record分别注册一个primary和sencondary分别指向两个Region的Fargate。
• 对primary和secondary进行创建health check。
• 创建healthCheckMetric，对primay health check进行监视。
• 创建healthCheckAlarm，添加alarm_action给snsTopic
• 对snsTopic进行subsribe，如果primary的Fargate有问题，进行email通知。

3. 代码解析

3.1 对提前创建好的hostedzone进行from_lookup

前面的步骤创建了hostedzone。这里可以使用from_lookup进行使用。

class HostedZoneStack(Stack):def __init__(self, scope: Construct, construct_id: str, domain: str, **kwargs) -> None:super().__init__(scope, construct_id, **kwargs)# Test Env# self.zone = route53.PublicHostedZone(self, "HostedZone", zone_name=domain)# use below code to use already created hosted zoneself.zone = route53.HostedZone.from_lookup(self, "HostedZone", domain_name=domain)

3.2 FargateAppStack的Fargate定义

• 定义一个vpc
• 在里面定义ecs cluster
• 定义Fargate service
• 最后定义network

# Need to Change different app
class FargateAppStack(Stack):def __init__(self, scope: Construct, id: str, **kwargs) -> None:super().__init__(scope, id, **kwargs)# Create VPC and Fargate Cluster# NOTE: Limit AZs to avoid reaching resource quotasvpc = ec2.Vpc(self, "MyVpc",max_azs=2)cluster = ecs.Cluster(self, 'Ec2Cluster',vpc=vpc)self.fargate_service = ecs_patterns.NetworkLoadBalancedFargateService(self, "FargateService",cluster=cluster,task_image_options=ecs_patterns.NetworkLoadBalancedTaskImageOptions(image=ecs.ContainerImage.from_registry("amazon/amazon-ecs-sample")))self.fargate_service.service.connections.security_groups[0].add_ingress_rule(peer = ec2.Peer.ipv4(vpc.vpc_cidr_block),connection = ec2.Port.tcp(80),description="Allow http inbound from VPC")CfnOutput(self, "LoadBalancerDNS",value=self.fargate_service.load_balancer.load_balancer_dns_name)

3.3 HealthcheckAlarmStack

3.3.1 创建primary health check

# primary recordprimaryHealthCheck = route53.CfnHealthCheck(self, "DNSPrimaryHealthCheck", health_check_config=route53.CfnHealthCheck.HealthCheckConfigProperty(fully_qualified_domain_name=primaryLoadBalancer.load_balancer_dns_name,type="HTTP",port=80))

创建primaryHealthCheck，指向primaryLoadBalancer.load_balancer_dns_name。

3.3.2 创建failover.finlay.com的primary

 primary = route53.ARecord(self, "PrimaryRecordSet",zone = zone,record_name="failover",target = route53.RecordTarget.from_alias(route53_targets.LoadBalancerTarget(primaryLoadBalancer)),)primaryRecordSet = primary.node.default_childprimaryRecordSet.failover = "PRIMARY"primaryRecordSet.health_check_id = primaryHealthCheck.attr_health_check_idprimaryRecordSet.set_identifier = "Primary"

3.3.3 创建secondary health check

       # secondary recordsecondaryHealthCheck = route53.CfnHealthCheck(self, "DNSSecondaryHealthCheck", health_check_config=route53.CfnHealthCheck.HealthCheckConfigProperty(fully_qualified_domain_name=secondaryLoadBalancer.load_balancer_dns_name,type="HTTP",port=80,))

创建secondaryHealthCheck，指向secondaryLoadBalancer.load_balancer_dns_name。

3.3.4 创建failover.finlay.com的secondary

# secondary recordsecondary = route53.ARecord(self, "SecondaryRecordSet",zone = zone,record_name="failover",target= route53.RecordTarget.from_alias(route53_targets.LoadBalancerTarget(secondaryLoadBalancer)),)secondaryRecordSet = secondary.node.default_childsecondaryRecordSet.failover = "SECONDARY"secondaryRecordSet.health_check_id = secondaryHealthCheck.attr_health_check_idsecondaryRecordSet.set_identifier = "Secondary"

3.3.5 创建snsTopic

创建snsTopic，并且subscribe通知email。

# cloudwatch metric & alarm to SNSsnsTopic = sns.Topic(self, "AlarmNotificationTopic")snsTopic.add_subscription(EmailSubscription(email_address=email))

3.3.6 创建healthCheckMetric

 healthCheckMetric = cloudwatch.Metric(metric_name="HealthCheckStatus",namespace="AWS/Route53",statistic="Minimum",period=Duration.minutes(1),region="ap-northeast-1",dimensions_map={"HealthCheckId": primaryHealthCheck.attr_health_check_id})

3.3.7 对healthCheckMetrics创建alarm

healthCheckAlarm = healthCheckMetric.create_alarm(self, 'HealthCheckFailureAlarm', evaluation_periods=1,threshold=1,comparison_operator=cloudwatch.ComparisonOperator.LESS_THAN_THRESHOLD)

3.3.8 将snsTopic添加到alarm

healthCheckAlarm.add_alarm_action(SnsAction(snsTopic))

4 执行stacks

4.1 创建public hosted zone

默认每个hostedzone会生成两个record

4.2 执行cdk部署

cd aws-cdk-examples/python/route53-failover
python -m venv .venv
source .venv/Script/activate
pip install -r requirements.txt
cdk --require-approval never deploy --all

创建将会花费一些时间。

4.3 primary和secondary的两个record都会被创建

注意，http://failover.finaly-renew.com 访问80端口，还是不好用，因为dns传播会花费一点时间。
注意，finlay.com在之前的学习中被创建了，虽然delete了但是还是会报错，这里使用finaly-renew.com

这里，虽然由于传播时间的原因failover.finlay-renew.com没有好用，但是
http://primar-farga-u8pxawhqffia-76faf5e45781a628.elb.ap-northeast-1.amazonaws.com/
已经有效。

4.4 cleanup

最后注意cdk destroy和删除hostedzone。