Stating with v9.2.2 LifeKeeper supports the use of an IAM role Prior to v9.2.2, it was necessary to enter the AWS access key (access key ID and secret access key) when creating EC2 and Route53 resources, but if you create these resources after granting access privilege described in the Requirements section, you do not need to enter the AWS access key.

For EC2 and Route53 resources created prio to v9.2.2 , an IAM role can be supported by using the IAM role support tool. Information on AWS access key that was previously entered will be deleted when executing the IAM role support tool.

How to use the IAM Role Support Tool

Please check the following before running the IAM role support tool.

  • Make sure that EC2 or Route53 resourceswere created prior to LifeKeeper v9.2.2.

After performing the above procedures without error, execute the IAM role support tool as follows.

Perform the following steps on the standby nodes.

  1. Stop EC2 and Route53 resources on each standby node.
  2. Upgrade LifeKeeper to v9.2.2 or later by referring to Upgrading SPS.
  3. Make sure that EC2 and Route53 resources are stopped after the upgrade but LifeKeeper is running.
  4. Execute the IAM role support tool without arguments as follows. /opt/LifeKeeper/lkadm/bin/aws_iam_migration
  5. Make sure that there are no error messages in /var/log/lifekeeper.log

Perform the following steps on the active node.

  1. Make sure that EC2 and Route53 resources are stopped on all nodes. Switch over to the standby system.
  2. Upgrade LifeKeeper to v9.2.2 or later by referring to Upgrading SPS.
  3. After upgrading, make sure that LifeKeeper is running while EC2 and Route53 resources are stopped.
  4. Execute the IAM role support tool without arguments as follows. /opt/LifeKeeper/lkadm/bin/aws_iam_migration
  5. Make sure that there are no error messages in /var/log/lifekeeper.log
  6. Restart resources if necessary.

IAM role is now supported for the existing EC2 and Route53 resources

Verification

You can check whether the IAM role is supported for EC2 and Route53 resources by following the steps below.

  1. Activate EC2, Route53 and the IP resources dependent on them on the active system.
  1. Confirm that the IP addresses protected by the IP resources can be reached via ping or other tools.
  1. Switch over EC2 , Route53 and the IP resources dependent on them to the standby system.
  1. Confirm that the IP addresses protected by the IP resources can be reached via ping or other tools.

If you can perform the above steps without problems,the IAM role is now supported for EC2 and Route53 resources.

フィードバック

フィードバックありがとうございました

このトピックへフィードバック

送信