AWS Region Problem with Pacemaker and Corosync

Question

I am currently trying to implement a HA failover on AWS with 3 EC2 instances. Let's say these 3 machines' names are HA1, HA2 and HA3. HA1 has the Elastic IP and the other two has standart public IPs to establish SSH connection. I already followed these three resources in the list below:

• https://medium.com/@2infiniti/creating-highly-available-nodes-on-icon-stage-1-active-passive-failover-with-pacemaker-and-a9d56b1484da
• https://medium.com/@gt.anand1994/ha-cluster-with-elasticip-using-corosync-and-pacemaker-a013d288ae8
• https://www.howtoforge.com/tutorial/how-to-set-up-nginx-high-availability-with-pacemaker-corosync-and-crmsh-on-ubuntu-1604/#step-configure-corosync

There is no problem at all until I do crm status because I can see the below output on the shell:

Current DC: PRep-01 (version 1.1.18-2b07d5c5a9) - partition with quorum
Last updated: Mon Dec 16 15:01:40 2019
Last change: Mon Dec 16 15:01:31 2019 by root via cibadmin on PRep-01

3 nodes configured
1 resource configured

Online: [ PRep-01 PRep-02 PRep-03 ]

Full list of resources:

 deneme123      (ocf::heartbeat:awseip):        Stopped

And as you can see, the main problem is the resource I've created with the below command won't start.

sudo crm configure primitive deneme123 ocf:heartbeat:awseip params elastic_ip="xx.xx.xx.xx" awscli="$(which aws)" allocation_id="eipalloc-xxxxxxxxxx" op start timeout="60s" interval="0s" on-fail="restart" op monitor timeout="60s" interval="10s" on-fail="restart" op stop timeout="60s" interval="0s" on-fail="block" meta migration-threshold="2" failure-timeout="60s" resource-stickiness="100"

Finally, when I check the status of pacemaker on all of the three instances, I get the following:

Dec 16 15:01:32 ip-172-31-47-76 crmd[30721]:   notice: Result of probe operation for deneme123 on PRep-02: 7 (not ru
Dec 16 15:01:32 ip-172-31-47-76 crmd[30721]:   notice: PRep-02-deneme123_monitor_0:5 [ You must specify a region. Yo
Dec 16 15:01:37 ip-172-31-47-76 lrmd[30714]:   notice: deneme123_start_0:30780:stderr [ You must specify a region. Y
Dec 16 15:01:37 ip-172-31-47-76 lrmd[30714]:   notice: deneme123_start_0:30780:stderr [ You must specify a region. Y
Dec 16 15:01:37 ip-172-31-47-76 lrmd[30714]:   notice: deneme123_start_0:30780:stderr [ You must specify a region. Y
Dec 16 15:01:37 ip-172-31-47-76 crmd[30721]:   notice: Result of start operation for deneme123 on PRep-02: 7 (not ru
Dec 16 15:01:37 ip-172-31-47-76 crmd[30721]:   notice: PRep-02-deneme123_start_0:6 [ You must specify a region. You 
Dec 16 15:01:38 ip-172-31-47-76 lrmd[30714]:   notice: deneme123_stop_0:30807:stderr [ You must specify a region. Yo
Dec 16 15:01:38 ip-172-31-47-76 lrmd[30714]:   notice: deneme123_stop_0:30807:stderr [ You must specify a region. Yo
Dec 16 15:01:38 ip-172-31-47-76 crmd[30721]:   notice: Result of stop operation for deneme123 on PRep-02: 0 (ok)

But I already did aws configure and entered the region and also can see the region on the ~/.aws/config. In the same time, I've also added AWS_DEFAULT_REGION=eu-xx-1 to /etc/systemd/system/multi-user.target.wants/pacemaker.service file.

Question is what is the problem here? I can't see what is wrong about the AWS region. What is causing it?

Answer 1

You must configure the Security Groups and ACL rules correctly.

Are there ping between instances?

Answer 2

Seems like the problem was related to IAM Role and it's policies. Once I create a role with the required policies, I was able to deploy my HA solution with EIP successfully.