Stating with v9.2.2 LifeKeeper supports the use of an IAM role Prior to v9.2.2, it was necessary to enter the AWS access key (access key ID and secret access key) when creating EC2 and Route53 resources, but if you create these resources after granting access privilege described in the Requirements section, you do not need to enter the AWS access key.
For EC2 and Route53 resources created prio to v9.2.2 , an IAM role can be supported by using the IAM role support tool. Information on AWS access key that was previously entered will be deleted when executing the IAM role support tool.
How to use the IAM Role Support Tool
Please check the following before running the IAM role support tool.
- Make sure that EC2 or Route53 resourceswere created prior to LifeKeeper v9.2.2.
- Check the Requirements section and make sure that necessary privileges have been given.
- Refer to the Requirements section and install the AWS CLI.
After performing the above procedures without error, execute the IAM role support tool as follows.
Perform the following steps on the standby nodes.
- Stop EC2 and Route53 resources on each standby node.
- Upgrade LifeKeeper to v9.2.2 or later by referring to Upgrading SPS.
- Make sure that EC2 and Route53 resources are stopped after the upgrade but LifeKeeper is running.
- Execute the IAM role support tool without arguments as follows. /opt/LifeKeeper/lkadm/bin/aws_iam_migration
- Make sure that there are no error messages in /var/log/lifekeeper.log
Perform the following steps on the active node.
- Make sure that EC2 and Route53 resources are stopped on all nodes. Switch over to the standby system.
- Upgrade LifeKeeper to v9.2.2 or later by referring to Upgrading SPS.
- After upgrading, make sure that LifeKeeper is running while EC2 and Route53 resources are stopped.
- Execute the IAM role support tool without arguments as follows. /opt/LifeKeeper/lkadm/bin/aws_iam_migration
- Make sure that there are no error messages in /var/log/lifekeeper.log
- Restart resources if necessary.
IAM role is now supported for the existing EC2 and Route53 resources
Verification
You can check whether the IAM role is supported for EC2 and Route53 resources by following the steps below.
- Activate EC2, Route53 and the IP resources dependent on them on the active system.
- Confirm that the IP addresses protected by the IP resources can be reached via ping or other tools.
- Switch over EC2 , Route53 and the IP resources dependent on them to the standby system.
- Confirm that the IP addresses protected by the IP resources can be reached via ping or other tools.
If you can perform the above steps without problems,the IAM role is now supported for EC2 and Route53 resources.
このトピックへフィードバック