File ofc_suse_aws-vpc-move-ip.8 of Package aws-vpc-move-ip.11113
.\"/* .\" * All rights reserved .\" * Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. .\" * Authors: Howard Guo <hguo@suse.com> .\" * .\" * This program is free software; you can redistribute it and/or .\" * modify it under the terms of the GNU General Public License .\" * as published by the Free Software Foundation; either version 2 .\" * of the License, or (at your option) any later version. .\" * .\" * This program is distributed in the hope that it will be useful, .\" * but WITHOUT ANY WARRANTY; without even the implied warranty of .\" * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" * GNU General Public License for more details. .\" */ .\" .TH ofc_suse_aws-vpc-move-ip "8" "2 Feb 2016" "" "OCF resource agent" .SH NAME aws\-vpc\-move\-ip - Resource agent for re-mapping private IP addresses on EC2 .SH SYNOPSIS \fBaws\-vpc\-move\-ip\fP [ meta-data | monitor | stop | start | validate-all ] .SH DESCRIPTION \fBaws\-vpc\-move\-ip\fP is a resource agent for SUSE Enterprise Linux products running in Amazon Web Service's VPC (Virtual Private Cloud). The resource agent emulates a floating private IP address for an EC2 instance running in a VPC, by altering the VPC's routing table and manipulating IP address assignment in the system. .SH PREREQUISITES Before using the resource agent, make sure you have the following items in-place: .SS .TP .B Determine the floating private IP address Carefully choose the private IP address that is going to be used by the EC2 instances participating in the resource agent setup. The IP address must be in the CIDR block 10.0.0.0/8, but not within any CIDR block of your VPC subnets. For example: if your VPC has only one subnet 10.0.0.0/16, then a viable floating private IP address can be 10.1.0.123(/32). .TP .B Disable Source/Destination Check on all involved EC2 instances Because the floating private IP address does not belong to any VPC subnet, Amazon infrastructure will refuse to route to the address unless source/destination check is disabled on the network interface. Make sure to disable source/destination check on all EC2 instances involved in the setup. .TP .B Add an entry in the routing table for the private IP address After having chosen your floating private IP address, an entry must exist in the routing table of your VPC subnet, the entry must point the floating IP address to any of the EC2 instances participating in the resource agent setup. The entry destination is the floating private IP address in CIDR block /32 (e.g. 10.1.0.123/32), and the entry target is an EC2 instance ID (e.g. i-98765432) .TP .B Prepare AWS credentials for API access The resource agent will use your AWS API credentials to change the VPC subnet routing table, make sure that the credentials have the right privilege to access your VPC and EC2 instances. .TP .B Configure AWS CLI tools The resource agent uses AWS command line tools in The package "aws-cli", therefore it must be installed in the system. The resource agent runs as root and reads AWS configuration profiles from home directory in the default location /root/.aws To enter AWS API credentials, invoke AWS command line as root. Be aware: you must specify region name to match with the region of your VPC, and output format must use "text". Here is an example: .br ~ # aws configure .br AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE .br AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY .br Default region name [None]: eu-west-1 .br Default output format [None]: text .SH CONFIGURATION You may configure the resource agent using pacemaker command line tools, or the Hawk web-UI. The resource agent uses the following parameters: .SS .TP .B address This parameter is deprecated. Please, refer to the ip parameter instead. It is still accepted for backward compatibility purposes, but will be dropped in a future major release. .B interface Name of the network interface in Linux system that is going to carry the floating private IP address, for example "eth0". .B ip This is the floating private IP address without suffix /32. It must be in the CIDR block 10.0.0.0/8 but not within any CIDR block of your VPC subnets. For example "10.1.0.123". .B routing_table Name of the routing table(s), where the route for the IP address should be changed. If declaring multiple routing tables they should be separated by comma. Example: rtb-XXXXXXXX,rtb-YYYYYYYYY .SH ACTIONS .SS .TP .B meta-data Describe the resource agent and its parameters in XML format. .TP .B monitor Check VPC routing table and return OCF_SUCCESS if the VPC routing table points the configured private IP address to this EC2 instance; return OCF_NOT_RUNNING if the VPC routing table does not point the private IP address to this EC2 instance, or the private IP address cannot be reached. .TP .B stop Remove the configured private IP address from this EC2 instance. .TP .B start Adjust VPC routing table to point the configured private IP address to this EC2 instance, and assign the private IP address to this system. .TP .B validate-all Check and make sure that all configuration parameters are present and the system has all the necessary software packages required to run this resource agent. .SH FILES The resource agent script is located at: .NF /usr/lib/ocf/resource.d/suse/aws-vpc-move-ip .SH AUTHOR The resource agent was written by Markus Guertler and further maintained by Howard Guo <hguo@suse.com>.
