Before You Begin
As when making any substantial change to a production system, it's strongly recommended that you take measures to ensure a successful roll-back is possible in case unexpected failures occur. These measures include making sure there are current backups of the Commander SQL database and snapshots of the Commander application server.
Additionally, you may want to implement and test the configuration in a staging environment to make sure it operates as expected prior to putting it into production. Snow Software can provide customers with staging or lab licenses upon request. Contact your Customer Advocate for more information about these limited, supplementary licenses.
Create an HA User
You must create a specific account to handle the high available configuration monitoring activity. As a best practice, name this account so that it's easily recognizable. Doing so facilitates tracking actions undertaken by this solution by parsing Commander events for the account.
- Using a local Commander account with the User role will be sufficient. However, you can use a directory services (AD/LDAP) if required.
- Provide a name that will be recognizable in the events and logs as the HA configuration user.
AWS — Prepare the Node Quarantine script
For AWS, the Node Quarantine script is designed to shut down a Commander node running on AWS. You should have already downloaded and extracted the Node Quarantine script to your Commander nodes as detailed in the Required Components section.
It's recommended that you store all scripts called by Commander in a specific location, using sub-folders to identify the functions of scripts.
To prepare the script:
- Download the AWS CLI for Windows and install it on both nodes to run the quarantine script.
- Configure the AWS CLI that was installed on both nodes.
Because you're using an IAM policy, access keys aren’t required, however you must configure the default region. Perform the following steps for both nodes.
- Log in to the node as the Commander service account, open the command prompt, and run
aws configure
.It’s important to log in as the Commander service account because
aws configure
stores the defaults for the logged in user. - Press Enter to bypass providing an Access Key and Secret Access key.
- Provide the region name that both nodes are running in.
- Press Enter to bypass the default output format.
Create the IAM permissions
For the AWS quarantine script to function, you must need to grant Node 1 the ability to shutdown and monitor Node 2 and grant Node 2 the ability to shutdown and monitor node 1. This will be achieved using an AWS IAM role applied to each instance.
Create a new IAM policy called "MonitorHA1" using the JSON below. Replace i-commandernode1
with the instance ID of Node 1.
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "ec2:StartInstances", "ec2:StopInstances" ], "Resource": "arn:aws:ec2:*:*:instance/i-commandernode1" }, { "Effect": "Allow", "Action": "ec2:DescribeInstances", "Resource": "*" } ] }
Next, you must create an IAM Role for the EC2 instance by attaching the policy created to monitor node 1. Remember this policy is to monitor and shutdown Node 1 so the role needs to be applied to Node 2.
Finally, assign the MonitorHA1 IAM
role to Node 2.
Repeat this process to create a new IAM policy and role for Node 1 to monitor Node 2.
vCenter — Prepare the Node Quarantine Script
For vCenter, the script is designed to shut down a Commander node running on vCenter using PowerCLI, and must be edited with your environment’s details.
You should have already downloaded and extracted the script to your Commander nodes as detailed in the Required Components section.
It's recommended that you store all scripts called by Commander in a specific location, using sub-folders to identify the functions of scripts.
It's important that the Node Quarantine script used for high availability isn't replicated. Each node will have its own copy of the script, and each script must be edited to identify the vCenter on which the Commander nodes are running, the location of your encrypted credentials file, and the name of the VM running Commander on the other node.
# Edit these lines to specify the vSphere host, the location of the credential file, # and the name of the vm that should be quarantined $VIServer = "VCenter.domain.com" $CredFile = "C:\scripts\cred.XML" $VMName = "OtherHAhostname" #VMname as it appears in vCenter
Setting | Description |
---|---|
$VIServer | The hostname or IP address of the vCenter server on which the other node’s Commander application server is running. |
$CredFile | The credentials file which handles access to your Commander. For more details, refer to the Snow Globe article Encrypting Credentials for PowerShell Scripting. |
$VMName | The name of the VM on which the other node’s Commander application server is running. |