/info/alibaba/journal

Alibaba Cloud in 7 Days

Day #6 - ESS - SLB - SSL

May 14, 2018

We now have a website hosted on Alibaba Cloud. We are using Domains, DNS, ECS, OSS, CDN, and SSL to create a website. We have even offloaded some of the website resources to OSS and CDN.

When designing enterprise class systems, you design them to support failure of any component. In our work with Alibaba Cloud the resource under our control is the ECS instance. If this fails, then our website will be down.

Alibaba Cloud publishes an SLA (Service Level Agreement) for each service. This generally means that we can trust Alibaba to provide reliable services. In return we pay for them. The ECS instance contains software outside of Alibaba's control, so we are responsible for ECS.

When designing for the cloud, it is best to have more than one system running. This provides for high availability, fault tolerance and load balancing. If a system goes down, we just launch another one to take its place.

This means that we need to design the software and files stored on the ECS instance to be static. This way when an ECS instances crashes, hangs, etc. we just terminate it and launch a new one. All configurable and changeable data should be stored elsewhere such as on OSS, RDS, etc.

A key technique is to build a master instance with the software configured and patched exactly as we need it. Then we take an image of this system. This is called Creating a Custom Image. We will use this image each time we launch a new ECS instance. This image also serves as a point-in-time backup of our webserver. Note: do not confuse custom images with snapshots. Snapshots are not used for launching ECS instances with Auto Scaling.

Websites need to be available 24x7. If something goes wrong, we want to be able to rapidly detect this and resolve the problem. The best way to do this is to use robots. Alibaba Cloud provides just such a robot with its Auto Scaling and CloudMonitor services. CloudMonitor will monitor metrics on our ECS instance and trigger events to Auto Scaling. We can create rules such as if the CPU usage goes above 75% for 5 minutes, launch another ECS instance. If the CPU usage drops below 40% terminate an ECS instance. With Auto Scaling we can set the minimum number of instances to be 2 and a maximum of 4 instances for cost control or any other numbers we desire.

Alibaba Cloud offers Server Load Balancer (SLB) to distribute traffic from customers to each of our ECS instances. SLB can issue health checks and if an ECS instance is not responding, the SLB can direct traffic to the other instances. The SLB can be integrated with Auto Scaling so that new instances can be added to the SLB instance pool as available resources or removed when Auto Scaling is terminating an instance.

By combining SLB, Auto Scaling, CloudMonitor with ECS, we can come very close to very high availability. With proper DevOps we can even update the websites with zero downtime.

Now that we have the general idea of our objectives, let's put this into practice.

Create a Custom Image

  • Go to the Alibaba ECS Console.
  • Locate your instance. On the right hand side of the console find the link More.
  • Click on the More link and a drop down menu appears. Click on Stop. We need to stop the ECS instance to create a stable custom image.
  • Wait for the instance to stop.
  • Click on the More link and a drop down menu appears. Click on Create Custom Image.
    • A dialog appears. Complete the form with values similar the following:
      • Image Name: NeoPrime-Master-Image-2018-05-13
      • Image Description: This is a master custom image for auto scaling for the neoprime.xyz website.
    • Click the Create button.
    • Go to Images in the left panel located under Snapshots & Images.
    • Wait for the custom image to complete.

Create Server Load Balancer

  • Go to the Alibaba Server Load Balancer Console.
  • In the title bar select your region. Mine is US West 1 (Silicon Valley).
  • Click the blue Create Server Load Balancert button.
  • A new browser tab opens for configuring the Server Load Balancer.
  • Complete the form with values similar the following:
    • Region: Mine is US West 1 (Silicon Valley).
    • Zone type: Multi-zone
    • Primary zone: Select US West 1 Zone A
    • Backup zone: Select US West 1 Zone B
    • Instance type: Internet
    • Istnacve Spec: Small (slb.s1.small)
    • Bandwidth: By traffic
    • Quantity: 1
    • Make note of the price. My screen shows $.005 per hour plus $0.078 per GB traffic
    • Click the Create button.
    • Click the Activate button.
    • Click the Console button.
  • Go to the Alibaba Server Load Balancer Console.
  • Wait for the Server Load Balancer creating to complete.
  • Click the pencil icon next to the Server Load Balancer ID/Name
  • Enter a name for the SLB. I used NeoPrime-SLB
  • Next to No Listener click Configure.
  • We need to create an HTTP Listener. Click the blue Add Listener button.
  • A dialog appears. Complete the form with values similar the following:
    • Front-end Protocol [Port]: Select HTTP. Enter 80 for the port.
    • Back-end Protocol [Port]: Enter 80 for the port.
    • Peak Bandwidth: 5 Mpbs.
    • Scheduling Algorithm: Weighted Round Robin.
    • Click the Next button.
    • Health Check: Enable.
    • Domain Name: neoprime.xyz
    • Health Check Port: 80
    • Health Check Path: . I have a custom file /test/healthcheck.php
    • Click the Confirm button.
    • Wait for the listener creation to complete.
    • Click the Confirm button.
  • We need to create an HTTPS Listener. Click the blue Add Listener button.
  • A dialog appears. Complete the form with values similar the following:
    • Front-end Protocol [Port]: Select HTTPS. Enter 443 for the port.
    • Back-end Protocol [Port]: Enter 80 for the port.
    • Peak Bandwidth: 5 Mpbs.
    • Scheduling Algorithm: Weighted Round Robin.
    • Server Certificate: Click Import Certificate.
      • Certificate Name: neoprime.xyz
      • Certificate Region: US West 1 (Silicon Valley).
      • We will now be using two of the files that we save from Let's Encrypt.
      • Using notepad, open fullchain.pem.
      • Select all text (CTRL-A) and then paste into Public Key (CTRL-V) in the panel.
      • Using notepad, open privkey.pem.
      • Select all text (CTRL-A) and then paste into Private Key (CTRL-V) in the panel.
      • Click the Confirm button.
    • Click the Next button.
    • Health Check: Enable.
    • Domain Name: neoprime.xyz
    • Health Check Port: 443
    • Health Check Path: . I have a custom file /test/healthcheck.php
    • Click the Confirm button.
    • Wait for the listener creation to complet.
    • Click the Confirm button.
    • Wait for the listener creation to complete.
    • Click the Confirm button.

Create Scaling Group

  • Go to the Alibaba Auto Scaling Console.
  • Select your region. Mine is US West 1 (Silicon Valley).
  • Click the blue Create Scaling Group button.
  • A dialog appears. Complete the form with values similar the following:
    • Scaling Group Name: NeoPrime-Scaling-Group-2018-05-13
    • Maximum Number of Instances: 2
    • Minimum Number of Instances: 2
    • Default Cool-down Time (Sec): 300
    • Removal Policy: The instance with the oldest scaling configuration.
    • Then filter: Oldest instance.
    • Network Type: VPC.
    • Select VPC: Default.
    • Select VSwitch: Select a minimum of two different zones.
    • Server Load Balancer: Select the Server Load Balancer created above.
    • Click the Submit button.
    • Click the Create Scaling Configuration button.
    • A new window appears to setup the Auto Scaling Configuration.
    • Scaling Group Name: NeoPrime-Scaling-Group-2018-0513.
    • Scaling Configuration: NeoPrime-Scaling-Configuration-2018-0513.
    • Instance Type:
      • Architecture: x86-Architecture.
      • Category: Entry-Level Shared.
      • Compact Type xn4 (ecs.xn4.small)
    • Image:
      • Custom Image: NeoPrime-Master-Image-2018-05-13
    • Network Billing Method:
      • Select Assign public IP
      • Assign 5 to Mpbs
      • Custom Image: NeoPrime-Master-Image-2018-05-13
    • Security Group:
      • Select the Linux Security Group created earlier
    • Storage:
      • Ultra Cloud Disk, 40 GB
    • Click Next: System Configurations button.
    • Tag: Click Add Tag
    • Tag name: Type
    • Tag value: ASG
    • Click the checkbox
    • Log on Credentials: Select Key Pair
    • Select your Key Pair
    • Instance Name: ASG-2018-0513
    • Click the ECS Service Terms checkbox to accept
    • Click Next: Preview button.
    • Review everything. Make note of the price.
    • Click the Create button.




15220 Main Street, Bellevue, WA 98007
T: 425-528-8500 - F: 425-528-8550 - E: neoprime@neoprime.io

Copyright 2018 NeoPrime LLC