ICON Developer Portal

ICON Developer Portal

ICON Network is a decentralized smart contract protocol based on ‘loopchain’, a high-performance blockchain engine. The ICON Network aims to remove barriers among different blockchains and allow them to exchange values without intermediaries. By realizing this goal, ICON will realize the mass adoption of blockchain technology and Hyperconnect the World.

Get Started

Creating HA network Stage 1

This document is a more detailed guideline about how to create HA node on ICON.

Written based on reference

Environment

Ununtu 18.04 using AWS EC2

Create P-Rep Node EC2 Instances

P-Rep nodes communicate through port 7100 for gRPC (peer to peer communication between nodes) and port 9000 for JSON-RPC API Server. Under Group Security, create two custom rules for these ports and allow all IPv4 and IPv6 sources. Throw port 22 in order to work with server directly with SSH.

Corosync will be installed as heartbeat and for internal communication among cluster resources. Corosync uses UDP transport between ports 5404to 5406. Let's enabled these ports as well.

Install Corosync and Pacemaker

Install Corosync(messaging layer between client servers), and Pacemaker(cluster resource manager) to both servers.
Pacemaker includes Corosync as dependency for itself, so you only need to install it.

$ sudo apt-get -y update
$ sudo apt-get install pacemaker

You also need to install a management shell crm | pcs.(Either one will work)

$ sudo apt install crmsh
$ sudo apt install pcs

Verify you have everything installed.

$ pacemakerd --version
$ corosync -v
$ crm --version | $ pcs --version

Configure Corosync

Next, you need to create an auth key for the cluster, install haveged on either one of the servers, and generate a key.

# install package
$ sudo apt-get install haveged
# generate key
$ sudo corosync-keygen
Copy the same key to PRep-02,

$ sudo scp /etc/corosync/authkey [email protected]_ip:/tmp

then on PRep-02 window, move the file to the corosync folder

$ sudo mv /tmp/authkey /etc/corosync/

Next, define the corosync.conf file, to make configuration a bit more convenient.

Edit the file `/etc/corosync/corosync.conf` on both servers, the files are identical except the `bindnetaddr` parameter will be the working server's private IP.
$ sudo nano /etc/corosync/corosync.conf

Make sure the your corosync.conf has same format like below

totem {
  version: 2
  cluster_name: nodecluster
  transport: udpu
  interface {
    ringnumber: 0
    bindnetaddr: current_instance_private_ip
    broadcast: yes
    mcastport: 5405
  }
}
quorum {
  provider: corosync_votequorum
  two_node: 1
}
nodelist {
  node {
    ring0_addr: PRep-01_private_ip
    name: PRep-01
    nodeid: 1
  }
  node {
    ring0_addr: PRep-02_private_ip
    name: PRep-02
    nodeid: 2
  }
}
logging {
  to_logfile: yes
  logfile: /var/log/corosync/corosync.log
  to_syslog: yes
  timestamp: on
}
service {
  name: pacemaker
  ver: 1
}
then start corosync on both servers

$ sudo service corosync start

Verify that your nodes have joined as a cluster
$ sudo corosync-cmapctl | grep members

then start pacemaker

$ sudo service pacemaker start

Your nodes should be online. Since you're running a two node setup, both STONITH(a mode to remove faulty nodes) and quorum policy should be disabled.

$ crm configure property stonith-enabled=false
$ crm configure property no-quorum-policy=ignore
Verify the configuration,
$ crm configure show

Configure AWS CLI

AWS CLI will be used for the elastic IP reallocation, for this you need to install the CLI executables and configure a few settings first. You will need AWS Access Key ID and AWS Secret Access Key

  1. Login to your AWS Management Console. Click
  2. Click on your user name at the top right of the page.
  3. Click on the Security Credentials link form the drop-down menu.
  4. Find the Access Credentials section, and copy the latest Access Key ID.
  5. Click on the Show link in the same row, and copy the Secret Access Key.
$ sudo apt update
$ sudo apt install aws-cli
# change to root, this is necessary
$ sudo su -
$ aws configure

Next, you will need a resource agent to manage the elastic IP, you can use aws' eip resource agent awseip, which can be located in /usr/lib/ocf/resource.d/heartbeat/awseip
Also add, AWS_DEFAULT_REGION=<AWS_Default-Region> at the end of /etc/systemd/system/multi-user.target.wants/pacemaker.service

then you'll create a primitive resource for the agent to manage. A primitive resource is a singular resource that can be managed by the cluster. That is the resource can be started only once. An IP address for example can be primitive and this IP address should be running once and once only in the Cluster

$ sudo crm configure primitive elastic-ip ocf:heartbeat:awseip params elastic_ip="your_elastic_ip" awscli="$(which aws)" allocation_id="your_elastic_ip_allocation_id" op start  timeout="60s" interval="0s" on-fail="restart" op monitor timeout="60s" interval="10s" on-fail="restart" op stop timeout="60s" interval="0s" on-fail="block" meta migration-threshold="2" failure-timeout="60s" resource-stickiness="100"

your_elastic_ip is the elastic IP you allocated and associated to PRep-01 earlier, its allocation ID can be found under EC2 Dashboard -> Elastic IPs -> Allocation ID. Check the status again,

$ sudo crm status

The elastic-ip resource should be started on your first peer node. At this moment, you have an active node (PRep-01), a passive node (PRep-02) and an elastic IP pointing to the active node. Whenever your node becomdes inaccessible, the resource agent should automatically point the floating IP to the backup node.

Updated 7 months ago

Creating HA network Stage 1


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.