CodeDeployでBlockTrafficとAllowTrafficに5分以上かかる時

CodeDeployでBlockTrafficとAllowTrafficに5分以上かかる時

ALBのHealth checkが原因とのこと
defaultでTimeout 5 seconds, Interval 30 secondsとなっているので、ELB Targets Groupsから、Health Checkの設定をそれぞれ、2秒、5秒に変更する

AWSのフォーラムでも回答されています。
Developer Forum

Yes CodeDeploy depends on the ELB Health Check settings that you have configured your ELB with. After an instance is bound to the ELB, CodeDeploy wait for the status if the instance to be healthy ("inService") behind the load balancer. This health check is done by ELB and depends on the health check configuration you have set.

ELBで異なるsubnetのEC2に冗長化する書き方

ELBで負荷分散して冗長化する

### public subnetを二つ用意
– availability zoneが異なるpublic subnetの中に、それぞれEC2を配置する
現状

dev-vpc(192.168.0.0/16)
dev-subnet-public1(192.168.1.0/28) ap-northeast-1a ・・・web-prd-01 
dev-subnet-private1(192.168.2.0/28) ap-northeast-1a ・・・RDS MultiAZ
dev-subnet-private2(192.168.3.0/28) ap-northeast-1c・・・RDS MultiAZ 

上記を踏まえ、以下のsubnetを作成する
1.dev-subnet-public2(192.168.4.0/28) ap-northeast-1c ・・・web-prd-02
2.作成済みのpublic route tableを関連付ける(internet gatewayは紐付け済)

### AMIからインスタンス作成
– web-prd-01のAMIからインスタンスを複製する
– VPCにdev-vpc、subnetにdev-subnet-public2を割り当てる
– Auto-assign Public IP Enable, IAM role s3readonly

-インスタンスを起動し、動作確認
-SSHログインしてファイルも確認する

### ロードバランサの構築
– EC2左メニューLOAD BALANCINGのTarget Groupsの作成
– target group name: ${app name}-target-group
– target type: instance
– Protocol: HTTP
– Port: 80
– VPC:dev-vpc
– Health check settings: http, /

作成したtarget-groupにAction-> Register and deregister instance/ip targets からweb-prd-01, web-prd-02を紐付ける

### ALBの作成
Name: ${appName}-prd-alb
Scheme: internet-facing
IP address type: ipv4
Lisnter: http:80
Availability Zones:
VPC: dev-vpc
Subnet: dev-subnet-public1, dev-subnet-public2

Configure Security Groups
-> ALBのSecurity Groupを作成する
-> alb-${appName}-security-group
-> Custom TCP

Configure Routing
– Target group: Existing target group
– Name: ${appName}-target-group
– Protocol Port: HTTP 80

### security groupを新規に作成
インバウンドルールに、ALBのみから受け付けるように設定する
– SSH:0.0.0.0/0
– HTTP: ${albのsecuritygroup ID}
インスタンス(web-prd-01, web-prd-02)のセキュリティグループを新規に作成したセキュリティグループに変更

->ALBのDNS nameを叩いて動作確認
->instanceのpublic ipを叩いてもresponseが返ってこない事を確認

UnHealthyHostCount, Latency

UnHealthyHostCount
Number of healthy EC2 instances registered with the load balancer in the specified Availability Zone. Hosts that do not fail the health check beyond the unhealthy threshold are considered healthy. When evaluating this metric, the dimensions should be defined by LoadBalancerName and AvailabilityZone.
This metric represents the number of healthy instances in the specified Availability Zone. Instances may become unhealthy due to connection problems such as non-200 responses (for HTTP and HTTPS health checks) and timeouts when doing health checks. In order to get the total number of all healthy hosts, this metric needs to get each registered AvailabilityZone and add all metrics together.

Latency
The elapsed time from request leaving the load balancer to receiving the corresponding response.

ELB access log

ELBでアクセスログが取得できる。

2014-03-07T07:25:38.285777Z elber 130.0.237.XX:37522 172.31.4.218:80 0.000066 0.00105 0.000037 404 404 0 570 "GET http://54.249.27.XX:80/actus4/ HTTP/1.1"
2014-03-07T07:26:43.731149Z elber 77.50.22.XXX:53477 172.31.4.218:80 0.000053 0.000866 0.000053 200 200 0 10 "GET http://54.249.27.XX:80/ HTTP/1.0"
2014-03-07T07:26:44.410747Z elber 77.50.22.XXX:53656 172.31.4.218:80 0.000052 0.000853 0.000039 404 404 0 168 "GET http://54.249.27.XX:80/foltia/ HTTP/1.0"
2014-03-07T07:26:45.084730Z elber 77.50.22.XXX:53839 172.31.4.218:80 0.000061 0.000874 0.000035 404 404 0 168 "GET http://54.249.27.XX:80/epgrec/do-record.sh HTTP/1.0"
2014-03-07T07:28:12.386207Z elber 189.206.75.XX:64289 172.31.4.218:80 0.000062 0.000924 0.000035 404 404 0 168 "GET http://54.249.27.XX:80/manager/html HTTP/1.1"

問題は、項目。

timestamp
The time accessed by the Client. UTC time, recorded in ISO 8601 format.
2014-02-15T23: 39: 43. 945958 Z

Name of ELB
ELB Name: test-loadbalancer

Client
Port Client IP address and port number
192.168.131.39.2817

Backend
port IP address and port number of the instance to which communication was distributed by ELB. This will tell you which server it was assigned to 10.0.0.0:80

request_processing_time
The time between the ELB receiving a request from the client and sending the request to the instance
0.000073

backend_processing_time
The time it takes for the ELB to send a request to an instance and the instance returns a response.
0.001048

response_processing_time
The time from when the ELB receives a response from an instance to when it returns a response to the client.
0.000057

elb_status_code
response status code.
200

backend_status_code
Response status code of the instance to which the ELB sent the request.
200

received_bytes
Size of received request (bytes)
0

sent_bytes
Size of sent request (bytes)
29

request
request from a client
“GET http://www.example.com:80/HTTP/1.1”

ELB http 460

What is HTTP 460 on ELB
The load balancer received a request from a client, but the client closed the connection with the load balancer before the idle timeout expired.

Check if the client timeout period is longer than the load balancer idle timeout period. Before the client timeout period expires, make sure that target returns a response to the client, or if the client supports it, increase the client timeout period to match the load balancer idle timeout.

AWS health check

Health check function checks whether the load balancer and the target server are connected. It check every certain time whether we can see the website via load balancer.

For AWS, it is judged whether it can access the health check URL set on the console screen. It is OK if the HTTP status 200 is returned from the URL. If inadvertent 404 comes back, even if you access the URL set by the load balancer, the the site will not displayed.

It seems that it becomes OutOfService somewhat when restarting the EC2 instance in the state attached to the ELB. Also, as it is said that 200 should be returned by health check, if you do not do BASIC certification naturally, it will be OutOfService. 401 error comes back. If you are using ELB and need to make Basic authentication, only URLs for health checks must be in a state where authentication is ineffective.

AWS ec2で複数ドメインを管理する

まずお名前.comでサブドメインを取得します。
valueにはインスタンスのipアドレスを入力する。

今回は、ここに置くとする
/var/www/dev/html/

NameVirtualHost *:80


ServerName hoge # 今まで使っていたドメイン
DocumentRoot “/var/www/html”


ServerName hogehoge # 新しいドメイン
DocumentRoot “/var/www/dev/html”

$ sudo service httpd restart
Starting httpd: AH00548: NameVirtualHost has no effect and will be removed in the next release

なんじゃこりゃー どないなってんねん。
do not stop, keep going

curl http://www.yahoo.co.jp
これは動いている。
/etc/resolv.conf ではなさそう。

Elastic Load Balancer

https通信でも使っていますが、ELB
概念図

Amazon Elastic Load Balancer
An Amazon Elastic Load Balancer (Amazon ELB) is a service that automatically distributes incoming application traffic across multiple Amazon EC2 instances. It enables you to achieve even greater fault tolerance in your applications, seamlessly providing the amount of load balancing capacity needed in response to incoming application traffic. Elastic Load Balancing detects unhealthy instances within a pool and automatically reroutes traffic to healthy instances until the unhealthy instances have been restored.

select instance

load balancer 負荷分散

なるほど~