https://docs.oracle.com/ja-jp/iaas/Content/DNS/home.htm
https://oracle-japan.github.io/ocidocs/services/edge%20service/health-check-and-traffic-management/
https://docs.oracle.com/ja-jp/iaas/Content/HealthChecks/Tasks/managinghealthchecks.htm
ポリシー・タイプ
(1) ロード・バランサ
(2) フェイルオーバー
(3) ジオロケーション・ステアリング
(4) ASNステアリング
(5) IP接頭辞ステアリング
前提:
ashburnとtokyoにVCN作成済
ドメイン取得済
80番ポートアクセス許可済
ashburnとtokyoにHTTPサーバーを作成し、ashburn優先でフェイルオーバー
-- 1. コンピュートインスタンス作成(OL9)
-- 1.1 ashburnのHTTPサーバー
oci compute image list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--all \
--query 'data.{"operating-system":"operating-system","operating-system-version":"operating-system-version","display-name":"display-name"}' \
--output=table
oci compute image list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--all \
--query 'data[?"display-name"==`'Oracle-Linux-9.2-2023.12.08-0'`].id | [0]' \
--raw-output
oci compute shape list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--image-id ocid1.image.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--query 'sort_by(data, &"ocpus").{"shape":"shape","ocpus":"ocpus","memory-in-gbs":"memory-in-gbs"}' \
--output=table
cat <<-'EOF' > a.yaml
#cloud-config
timezone: Asia/Tokyo
locale: ja_JP.utf8
package_update: true
packages:
- httpd
runcmd:
- setenforce 0
- sed -i -e 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
- systemctl stop firewalld
- systemctl disable firewalld
- systemctl start httpd
- systemctl enable httpd
- echo $(hostname) > /var/www/html/index.html
EOF
oci compute instance launch \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--availability-domain OEIw:US-ASHBURN-AD-1 \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--assign-public-ip true \
--boot-volume-size-in-gbs 50 \
--display-name vm01 \
--fault-domain FAULT-DOMAIN-1 \
--image-id ocid1.image.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--shape VM.Standard.E2.1 \
--ssh-authorized-keys-file "$HOME/.ssh/id_rsa.pub" \
--user-data-file "./a.yaml" \
--preemptible-instance-config '{
"preemption-action": {
"preserve-boot-volume": false,
"type": "TERMINATE"
}
}'
oci compute instance list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table
-- 1.2 tokyoのHTTPサーバー
oci compute image list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--all \
--query 'data.{"operating-system":"operating-system","operating-system-version":"operating-system-version","display-name":"display-name"}' \
--output=table \
--region ap-tokyo-1
oci compute image list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--all \
--query 'data[?"display-name"==`'Oracle-Linux-9.2-2023.12.08-0'`].id | [0]' \
--raw-output \
--region ap-tokyo-1
oci compute shape list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--image-id ocid1.image.oc1.ap-tokyo-1.000000000000000000000000000000000000000000000000000000000000 \
--query 'sort_by(data, &"ocpus").{"shape":"shape","ocpus":"ocpus","memory-in-gbs":"memory-in-gbs"}' \
--output=table \
--region ap-tokyo-1
cat <<-'EOF' > a.yaml
#cloud-config
timezone: Asia/Tokyo
locale: ja_JP.utf8
package_update: true
packages:
- httpd
runcmd:
- setenforce 0
- sed -i -e 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
- systemctl stop firewalld
- systemctl disable firewalld
- systemctl start httpd
- systemctl enable httpd
- echo $(hostname) > /var/www/html/index.html
EOF
oci iam availability-domain list \
--region ap-tokyo-1
oci iam fault-domain list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--availability-domain OEIw:AP-TOKYO-1-AD-1 \
--region ap-tokyo-1
oci compute instance launch \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--availability-domain OEIw:AP-TOKYO-1-AD-1 \
--subnet-id ocid1.subnet.oc1.ap-tokyo-1.000000000000000000000000000000000000000000000000000000000000 \
--assign-public-ip true \
--boot-volume-size-in-gbs 50 \
--display-name vm02 \
--fault-domain FAULT-DOMAIN-1 \
--image-id ocid1.image.oc1.ap-tokyo-1.000000000000000000000000000000000000000000000000000000000000 \
--shape VM.Standard.E2.1 \
--ssh-authorized-keys-file "$HOME/.ssh/id_rsa.pub" \
--user-data-file "./a.yaml" \
--preemptible-instance-config '{
"preemption-action": {
"preserve-boot-volume": false,
"type": "TERMINATE"
}
}' \
--region ap-tokyo-1
oci compute instance list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table \
--region ap-tokyo-1
-- 2. DNSゾーン追加
oci dns zone create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--name example.com \
--zone-type PRIMARY \
--scope GLOBAL
oci dns zone list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000
-- 3. ヘルスチェック(HTTPモニター)作成
oci health-checks http-monitor list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000
oci health-checks http-monitor create --generate-full-command-json-input
oci health-checks http-monitor create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--display-name hc01 \
--interval-in-seconds 10 \
--targets '[
"192.0.2.1",
"192.0.2.2",
]' \
--is-enabled true \
--method GET \
--path "/" \
--port 80 \
--protocol HTTP \
--timeout-in-seconds 10
-- 4. フェイルオーバー・ポリシー作成
oci dns steering-policy list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000
oci dns steering-policy create --generate-full-command-json-input
cat <<-'EOF' > sp01.json
[
{
"cases": null,
"default-answer-data": [
{
"answer-condition": "answer.isDisabled != true",
"should-keep": true
}
],
"description": "Removes disabled answers.",
"rule-type": "FILTER"
},
{
"cases": null,
"description": "Removes unhealthy answers.",
"rule-type": "HEALTH"
},
{
"cases": null,
"default-answer-data": [
{
"answer-condition": "answer.pool == 'pool01'",
"value": 0
},
{
"answer-condition": "answer.pool == 'pool02'",
"value": 1
}
],
"description": null,
"rule-type": "PRIORITY"
},
{
"cases": null,
"default-count": 1,
"description": null,
"rule-type": "LIMIT"
}
]
EOF
oci dns steering-policy create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--display-name sp01 \
--template "FAILOVER" \
--health-check-monitor-id ocid1.httpmonitor.oc1..000000000000000000000000000000000000000000000000000000000000 \
--ttl 60 \
--answers '[
{
"is-disabled": false,
"name": "pool01",
"pool": "pool01",
"rdata": "192.0.2.1",
"rtype": "A"
},
{
"is-disabled": false,
"name": "pool02",
"pool": "pool02",
"rdata": "192.0.2.2",
"rtype": "A"
}
]' \
--rules file://sp01.json
oci dns steering-policy get \
--steering-policy-id ocid1.dnspolicy.oc1.iad.000000000000000000000000000000000000000000000000000000000000
-- 5. ドメインへのポリシーアタッチ
oci dns steering-policy-attachment list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000
oci dns steering-policy-attachment create \
--domain-name www.example.com \
--steering-policy-id ocid1.dnspolicy.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--zone-id ocid1.dns-zone.oc1..000000000000000000000000000000000000000000000000000000000000 \
--display-name spa01
-- 6. パブリックDNSゾーンの委任
レコード名:
www.example.com
値:
ns1.p999.dns.oraclecloud.net.
ns2.p999.dns.oraclecloud.net.
ns3.p999.dns.oraclecloud.net.
ns4.p999.dns.oraclecloud.net.
-- 7. 動作確認
while true; do
curl http://www.example.com
sleep 1;
done
ashburnのサーバー停止により
vm01 → vm02 にフェイルオーバーすることを確認
-- 8. クリーンアップ
-- ドメインからのポリシーデタッチ
oci dns steering-policy-attachment list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000
oci dns steering-policy-attachment delete \
--steering-policy-attachment-id ocid1.dnspolicyattachment.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force
-- フェイルオーバー・ポリシー削除
oci dns steering-policy list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000
oci dns steering-policy delete \
--steering-policy-id ocid1.dnspolicy.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force
-- ヘルスチェック(HTTPモニター)削除
oci health-checks http-monitor list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000
oci health-checks http-monitor delete \
--monitor-id ocid1.httpmonitor.oc1..000000000000000000000000000000000000000000000000000000000000 \
--force
-- DNSゾーン削除
oci dns zone list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000
oci dns zone delete \
--zone-name-or-id example.com \
--force
-- コンピュートインスタンス削除
oci compute instance list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table
oci compute instance terminate \
--instance-id ocid1.instance.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force
oci compute instance list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table \
--region ap-tokyo-1
oci compute instance terminate \
--instance-id ocid1.instance.oc1.ap-tokyo-1.000000000000000000000000000000000000000000000000000000000000 \
--force \
--region ap-tokyo-1