When WSO2 products are deployed in a clustered mode on Amazon EC2 instances, it is recommended to use the AWS clustering mode. As a best practice, it is recommended to add all nodes in a single cluster to the same AWS security group.
...
- Enable clustering for this server.
<clustering class="org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent" enable="true"> - Set the membership scheme to
awsto enable the AWS registration method.<parameter name="membershipScheme">aws</parameter> - Specify the port used to communicate cluster messages. This must be any port number between 5701 and 5800.
<parameter name="localMemberPort">5701</parameter> Specify the IP of the instance in the
<localMemberHost>element. Here's an example:<parameter name="localMemberHost">127.0.0.1</parameter>Define the following AWS specific configurations. These are the AWS access key, secret key, security group, region (with or without the zone), tag key, and tag value. The AWS credentials and security group depend on your configurations in the Amazon EC2 instance. The
tagKeyandtagValueare optional and the rest of the following parameters are mandatory. Theregiondefaults tous-east-1.Code Block language xml <parameter name="accessKey">xxxxxxxxxx</parameter> <parameter name="secretKey">yyyyyyyyyy</parameter> <parameter name="securityGroup">a_group_name</parameter> <parameter name="region">us-east-1</parameter> // IfMake sure you do arenot addingadd aany zone values (say zonee.g., a), itto canthe be added as us-east-1-a. region parameter. <parameter name="tagKey">a_tag_key</parameter> <parameter name="tagValue">a_tag_value</parameter> // If you are adding tags, they should be attached to the AWS instances.
Tip Tip: In order to provide specific permissions to create an access key and secret key for only this AWS clustering attempt, use the following custom policy block. Attach this to the user account that will operate AWS clustering in WSO2 products. The access key and secret key can only be used to list EC2 instance details in the AWS account.
Code Block { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeAvailabilityZones", "ec2:DescribeInstances" ], "Resource": [ "*" ] } ] }You can use the following link as a reference on how to add the custom IAM policy: http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_managed-policies.html
For AWS clustering to work properly, you must set a specific tag key with a tag value for all EC2 instances that belong in the same cluster.
Start the server as per the instructions in the Setting up a Cluster topic. If the cluster is set up successfully, you should not see any errors when the server starts up, and also see the following log message.
Code Block [2015-06-23 09:26:41,674] INFO - HazelcastClusteringAgent Using aws based membership management scheme
When new members join the cluster, you should see messages similar to the following.
Code Block [2015-06-23 09:27:08,044] INFO - AWSBasedMembershipScheme Member joined [5327e2f9-8260-4612-9083-5e5c5d8ad567]: /10.0.0.172:5701
When members leave the cluster, you should see messages similar to the following.
Code Block [2015-06-23 09:28:34,364] INFO - AWSBasedMembershipScheme Member left [b2a30083-1cf1-46e1-87d3-19c472bb2007]: /10.0.0.245:5701
...
| Note |
|---|
Note: The WSO2 server needs to access the AWS endpoint ec2.<region>-<zone>.amazonaws.com. For example, ec2.us-east-1-a.amazonaws.com. Therefore, if you need a proxy to connect to the Internet, set the proxy values in Be sure to use https.proxyHost instead of http.proxyHost. When you set the proxy parameters in wso2server.sh, each and every http/s call goes through the proxy. To avoid this, set the -Dhttp.nonProxyHosts as follows:-Dhttp.nonProxyHosts="localhost|127.0.0.1|.*.local |
| Note |
|---|
Note: You might have to import the Amazon endpoint certificates to the client truststore of the WSO2 servers. |