{OCI ロード・バランサ} ロードバランサーでWebサーバーを負荷分散する

https://qiita.com/sugimount/items/6d060c03aa02837749c7
https://docs.oracle.com/ja-jp/iaas/Content/Balance/Tasks/managingloadbalancer_topic-Creating_Load_Balancers.htm

https://oracle-japan.github.io/ocitutorials/intermediates/using-load-balancer/

-- 1. コンパートメント
https://docs.oracle.com/ja-jp/iaas/Content/Identity/compartments/managingcompartments.htm

oci iam compartment list --include-root

compartment-idが親コンパートメントのID、ルートコンパートメントの場合null
idが当該コンパートメントのID

oci iam compartment create \
--compartment-id ocid1.tenancy.oc1..000000000000000000000000000000000000000000000000000000000000 \
--description cmp01 \
--name cmp01

oci iam compartment list \
--query 'data[?"name"==`'cmp01'`].id | [0]' \
--raw-output

oci iam compartment delete \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--force

削除されたことを確認する
最大2時間かかる場合があります

-- 2. VCN
https://docs.oracle.com/ja-jp/iaas/Content/Network/Tasks/managingVCNs.htm

oci network vcn list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network vcn create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--cidr-block 10.0.0.0/16 \
--display-name vcn01 \
--dns-label vcn01

oci network vcn list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data[?"display-name"==`'vcn01'`].id | [0]' \
--raw-output

oci network vcn delete \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- 3. サブネット

oci network subnet list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network subnet create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--display-name subnet01 \
--dns-label subnet01 \
--cidr-block 10.0.1.0/24

oci network subnet create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--display-name subnet02 \
--dns-label subnet02 \
--cidr-block 10.0.2.0/24

oci network subnet list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id"}' \
--output table

oci network subnet delete \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- 4. インターネット・ゲートウェイ
https://docs.oracle.com/ja-jp/iaas/Content/Network/Tasks/managingIGs.htm

oci network internet-gateway list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network internet-gateway create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--is-enabled true \
--display-name igw01

oci network internet-gateway list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data[?"display-name"==`'igw01'`].id | [0]' \
--raw-output

oci network internet-gateway delete \
--ig-id ocid1.internetgateway.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- 5. ルート表
https://docs.oracle.com/ja-jp/iaas/Content/Network/Tasks/managingroutetables_topic-working.htm

必要に応じて、サブネットごとにカスタム・ルート表を作成できます。

oci network route-table list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network route-table create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--display-name rt01 \
--route-rules '[
{"cidrBlock":"0.0.0.0/0","networkEntityId":"ocid1.internetgateway.oc1.iad.000000000000000000000000000000000000000000000000000000000000"},
]'

oci network route-table list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id"}' \
--output table

oci network route-table delete \
--rt-id ocid1.routetable.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

サブネットが使用するVCNルート表の変更

oci network subnet update \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--route-table-id ocid1.routetable.oc1.iad.000000000000000000000000000000000000000000000000000000000000

★ルート表削除前にサブネットにアタッチしたルート表をデフォルトルート表に変更必要
oci network subnet update \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--route-table-id ocid1.routetable.oc1.iad.000000000000000000000000000000000000000000000000000000000000

-- 6. セキュリティ・リスト
https://docs.oracle.com/ja-jp/iaas/Content/Network/Concepts/securitylists_working.htm

★デフォルトで作成されるセキュリティリストでSSHは許可されている

セキュリティ・リストを使用すると、サブネット全体のすべてのVNICに適用されるセキュリティ・ルールのセットを定義できます。
ネットワーク・セキュリティ・グループ(NSG)を使用すると、選択したVNICのグループに適用されるセキュリティ・ルールのセットを定義できます。

oci network security-list list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network security-list create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--ingress-security-rules '[
{"source": "0.0.0.0/0", "protocol": "6", "isStateless": false, "tcpOptions": {"destinationPortRange": {"max": 22, "min": 22}, "sourcePortRange": null }},
{"source": "0.0.0.0/0", "protocol": "6", "isStateless": false, "tcpOptions": {"destinationPortRange": {"max": 1522, "min": 1522}, "sourcePortRange": null }},
{"source": "0.0.0.0/0", "protocol": "6", "isStateless": false, "tcpOptions": {"destinationPortRange": {"max": 80, "min": 80}, "sourcePortRange": null }},
{"source": "0.0.0.0/0", "protocol": "6", "isStateless": false, "tcpOptions": {"destinationPortRange": {"max": 443, "min": 443}, "sourcePortRange": null }}
]' \
--egress-security-rules '[
{"destination": "0.0.0.0/0", "protocol": "all", "isStateless": false, "tcpOptions": null }
]' \
--display-name sl01

oci network security-list list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id"}' \
--output table

oci network security-list delete \
--security-list-id ocid1.securitylist.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

サブネットが使用するセキュリティ・リストの変更

oci network subnet update \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--security-list-ids '[
"ocid1.securitylist.oc1.iad.000000000000000000000000000000000000000000000000000000000000",
]' \
--force

★セキュリティ・リスト削除前にサブネットにアタッチしたセキュリティ・リストをデフォルトセキュリティ・リストに変更必要
oci network subnet update \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--security-list-ids '[
"ocid1.securitylist.oc1.iad.000000000000000000000000000000000000000000000000000000000000",
]' \
--force

-- 7. コンピュートインスタンス作成

oci compute image list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--all \
--query 'data.{"operating-system":"operating-system","operating-system-version":"operating-system-version","display-name":"display-name"}' \
--output=table

oci compute image list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--all \
--query 'data[?"display-name"==`'Oracle-Linux-9.2-2023.12.08-0'`].id | [0]' \
--raw-output

oci compute shape list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--image-id ocid1.image.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--query 'sort_by(data, &"ocpus").{"shape":"shape","ocpus":"ocpus","memory-in-gbs":"memory-in-gbs"}' \
--output=table

oci compute instance launch \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--availability-domain OEIw:US-ASHBURN-AD-1 \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--assign-public-ip true \
--boot-volume-size-in-gbs 50 \
--display-name vm01 \
--fault-domain FAULT-DOMAIN-1 \
--image-id ocid1.image.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--shape VM.Standard.E2.1 \
--ssh-authorized-keys-file "$HOME/.ssh/id_rsa.pub" \
--hostname-label vm01 \
--private-ip 10.0.1.10

oci compute instance launch \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--availability-domain OEIw:US-ASHBURN-AD-2 \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--assign-public-ip true \
--boot-volume-size-in-gbs 50 \
--display-name vm02 \
--fault-domain FAULT-DOMAIN-1 \
--image-id ocid1.image.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--shape VM.Standard.E2.1 \
--ssh-authorized-keys-file "$HOME/.ssh/id_rsa.pub" \
--hostname-label vm02 \
--private-ip 10.0.2.10

oci compute instance list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table

oci compute instance list-vnics \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","public-ip":"public-ip","private-ip":"private-ip"}' \
--output table

oci compute instance terminate \
--instance-id ocid1.instance.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- 8. インスタンスにApacheインストール

ssh -i $HOME/.ssh/id_rsa opc@192.0.2.1
ssh -i $HOME/.ssh/id_rsa opc@192.0.2.2

sudo su -

sudo dnf -y install httpd
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload
systemctl start httpd
systemctl enable httpd
systemctl status httpd

echo $(hostnamectl hostname) >> /var/www/html/index.html
exit
exit

-- 9. Load Balancer作成

oci lb shape list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci lb load-balancer list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci lb load-balancer create --generate-full-command-json-input

oci lb load-balancer create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--display-name lb01 \
--shape-name flexible \
--subnet-ids '[
"ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000"
]' \
--ip-mode IPV4 \
--is-private false \
--shape-details '{
"maximumBandwidthInMbps": 10,
"minimumBandwidthInMbps": 10
}'

oci lb load-balancer list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data[].{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table

oci lb load-balancer delete \
--load-balancer-id ocid1.loadbalancer.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- 10. バックエンドセット作成

oci lb backend-set list \
--load-balancer-id ocid1.loadbalancer.oc1.iad.000000000000000000000000000000000000000000000000000000000000

oci lb policy list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci lb backend-set create --generate-full-command-json-input

cat <<-'EOF' > a.json
[
{
"backup": false,
"drain": false,
"ip-address": "10.0.1.10",
"offline": false,
"port": 80,
"weight": 1
},
{
"backup": false,
"drain": false,
"ip-address": "10.0.2.10",
"offline": false,
"port": 80,
"weight": 1
}
]
EOF

oci lb backend-set create \
--health-checker-protocol HTTP \
--load-balancer-id ocid1.loadbalancer.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--name bs01 \
--policy ROUND_ROBIN \
--backends file://a.json \
--health-checker-interval-in-ms 100000 \
--health-checker-port 80 \
--health-checker-retries 3 \
--health-checker-return-code 200 \
--health-checker-timeout-in-ms 3000 \
--health-checker-url-path "/"

oci lb backend-set list \
--load-balancer-id ocid1.loadbalancer.oc1.iad.000000000000000000000000000000000000000000000000000000000000

oci lb backend-set delete \
--backend-set-name bs01 \
--load-balancer-id ocid1.loadbalancer.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- 11. リスナー作成

oci lb listener create \
--default-backend-set-name bs01 \
--load-balancer-id ocid1.loadbalancer.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--name lis01 \
--port 80 \
--protocol HTTP

oci lb listener delete \
--listener-name lis01 \
--load-balancer-id ocid1.loadbalancer.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- 12. 動作確認

while true; do
curl http://192.0.2.3;
sleep 1;
done