{OCI DNS管理} ヘルスチェック & トラフィック管理

https://docs.oracle.com/ja-jp/iaas/Content/DNS/home.htm
https://oracle-japan.github.io/ocidocs/services/edge%20service/health-check-and-traffic-management/
https://docs.oracle.com/ja-jp/iaas/Content/HealthChecks/Tasks/managinghealthchecks.htm

ポリシー・タイプ

(1) ロード・バランサ
(2) フェイルオーバー
(3) ジオロケーション・ステアリング
(4) ASNステアリング
(5) IP接頭辞ステアリング

前提:
ashburnとtokyoにVCN作成済
ドメイン取得済
80番ポートアクセス許可済

ashburnとtokyoにHTTPサーバーを作成し、ashburn優先でフェイルオーバー

-- 1. コンピュートインスタンス作成(OL9)
-- 1.1 ashburnのHTTPサーバー

oci compute image list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--all \
--query 'data.{"operating-system":"operating-system","operating-system-version":"operating-system-version","display-name":"display-name"}' \
--output=table

oci compute image list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--all \
--query 'data[?"display-name"==`'Oracle-Linux-9.2-2023.12.08-0'`].id | [0]' \
--raw-output

oci compute shape list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--image-id ocid1.image.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--query 'sort_by(data, &"ocpus").{"shape":"shape","ocpus":"ocpus","memory-in-gbs":"memory-in-gbs"}' \
--output=table

cat <<-'EOF' > a.yaml
#cloud-config
timezone: Asia/Tokyo
locale: ja_JP.utf8
package_update: true
packages:
- httpd
runcmd:
- setenforce 0
- sed -i -e 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
- systemctl stop firewalld
- systemctl disable firewalld
- systemctl start httpd
- systemctl enable httpd
- echo $(hostname) > /var/www/html/index.html

EOF

oci compute instance launch \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--availability-domain OEIw:US-ASHBURN-AD-1 \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--assign-public-ip true \
--boot-volume-size-in-gbs 50 \
--display-name vm01 \
--fault-domain FAULT-DOMAIN-1 \
--image-id ocid1.image.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--shape VM.Standard.E2.1 \
--ssh-authorized-keys-file "$HOME/.ssh/id_rsa.pub" \
--user-data-file "./a.yaml" \
--preemptible-instance-config '{
"preemption-action": {
"preserve-boot-volume": false,
"type": "TERMINATE"
}
}'

oci compute instance list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table

-- 1.2 tokyoのHTTPサーバー

oci compute shape list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--image-id ocid1.image.oc1.ap-tokyo-1.000000000000000000000000000000000000000000000000000000000000 \
--query 'sort_by(data, &"ocpus").{"shape":"shape","ocpus":"ocpus","memory-in-gbs":"memory-in-gbs"}' \
--output=table \
--region ap-tokyo-1

EOF

oci iam availability-domain list \
--region ap-tokyo-1

oci iam fault-domain list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--availability-domain OEIw:AP-TOKYO-1-AD-1 \
--region ap-tokyo-1

oci compute instance launch \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--availability-domain OEIw:AP-TOKYO-1-AD-1 \
--subnet-id ocid1.subnet.oc1.ap-tokyo-1.000000000000000000000000000000000000000000000000000000000000 \
--assign-public-ip true \
--boot-volume-size-in-gbs 50 \
--display-name vm02 \
--fault-domain FAULT-DOMAIN-1 \
--image-id ocid1.image.oc1.ap-tokyo-1.000000000000000000000000000000000000000000000000000000000000 \
--shape VM.Standard.E2.1 \
--ssh-authorized-keys-file "$HOME/.ssh/id_rsa.pub" \
--user-data-file "./a.yaml" \
--preemptible-instance-config '{
"preemption-action": {
"preserve-boot-volume": false,
"type": "TERMINATE"
}
}' \
--region ap-tokyo-1

-- 2. DNSゾーン追加

oci dns zone create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--name example.com \
--zone-type PRIMARY \
--scope GLOBAL

oci dns zone list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

-- 3. ヘルスチェック(HTTPモニター)作成

oci health-checks http-monitor list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci health-checks http-monitor create --generate-full-command-json-input

oci health-checks http-monitor create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--display-name hc01 \
--interval-in-seconds 10 \
--targets '[
"192.0.2.1",
"192.0.2.2",
]' \
--is-enabled true \
--method GET \
--path "/" \
--port 80 \
--protocol HTTP \
--timeout-in-seconds 10

-- 4. フェイルオーバー・ポリシー作成

oci dns steering-policy list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci dns steering-policy create --generate-full-command-json-input

cat <<-'EOF' > sp01.json
[
{
"cases": null,
"default-answer-data": [
{
"answer-condition": "answer.isDisabled != true",
"should-keep": true
}
],
"description": "Removes disabled answers.",
"rule-type": "FILTER"
},
{
"cases": null,
"description": "Removes unhealthy answers.",
"rule-type": "HEALTH"
},
{
"cases": null,
"default-answer-data": [
{
"answer-condition": "answer.pool == 'pool01'",
"value": 0
},
{
"answer-condition": "answer.pool == 'pool02'",
"value": 1
}
],
"description": null,
"rule-type": "PRIORITY"
},
{
"cases": null,
"default-count": 1,
"description": null,
"rule-type": "LIMIT"
}
]
EOF

oci dns steering-policy create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--display-name sp01 \
--template "FAILOVER" \
--health-check-monitor-id ocid1.httpmonitor.oc1..000000000000000000000000000000000000000000000000000000000000 \
--ttl 60 \
--answers '[
{
"is-disabled": false,
"name": "pool01",
"pool": "pool01",
"rdata": "192.0.2.1",
"rtype": "A"
},
{
"is-disabled": false,
"name": "pool02",
"pool": "pool02",
"rdata": "192.0.2.2",
"rtype": "A"
}
]' \
--rules file://sp01.json

oci dns steering-policy get \
--steering-policy-id ocid1.dnspolicy.oc1.iad.000000000000000000000000000000000000000000000000000000000000

-- 5. ドメインへのポリシーアタッチ

oci dns steering-policy-attachment list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci dns steering-policy-attachment create \
--domain-name www.example.com \
--steering-policy-id ocid1.dnspolicy.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--zone-id ocid1.dns-zone.oc1..000000000000000000000000000000000000000000000000000000000000 \
--display-name spa01

-- 6. パブリックDNSゾーンの委任

レコード名:
www.example.com

値:
ns1.p999.dns.oraclecloud.net.
ns2.p999.dns.oraclecloud.net.
ns3.p999.dns.oraclecloud.net.
ns4.p999.dns.oraclecloud.net.

-- 7. 動作確認

while true; do
curl http://www.example.com
sleep 1;
done

ashburnのサーバー停止により
vm01 → vm02 にフェイルオーバーすることを確認

-- 8. クリーンアップ

-- ドメインからのポリシーデタッチ

oci dns steering-policy-attachment list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci dns steering-policy-attachment delete \
--steering-policy-attachment-id ocid1.dnspolicyattachment.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- フェイルオーバー・ポリシー削除

oci dns steering-policy list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci dns steering-policy delete \
--steering-policy-id ocid1.dnspolicy.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- ヘルスチェック(HTTPモニター)削除

oci health-checks http-monitor list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci health-checks http-monitor delete \
--monitor-id ocid1.httpmonitor.oc1..000000000000000000000000000000000000000000000000000000000000 \
--force

-- DNSゾーン削除

oci dns zone list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci dns zone delete \
--zone-name-or-id example.com \
--force

-- コンピュートインスタンス削除

oci compute instance terminate \
--instance-id ocid1.instance.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

oci compute instance terminate \
--instance-id ocid1.instance.oc1.ap-tokyo-1.000000000000000000000000000000000000000000000000000000000000 \
--force \
--region ap-tokyo-1