Eucalyptus Load Balancing Usage Examples
This section contains examples of common usage scenarios for Eucalyptus Load Balancing.
This is the multi-page printable view of this section. Click here to print.
Eucalyptus Load Balancing Usage Examples
- 1: Eucalyptus ELB Listener Configurations
- 2: Creating a Basic Elastic Load Balancing Configuration
- 3: Configuring the Health Check
- 4: Modifying an Elastic Load Balancing Configuration
- 5: Creating Elastic Load Balancing Sticky Sessions
- 6: Uploading SSL Certificates for Elastic Load Balancing
- 7: Adding SSL Support
- 8: Updating the SSL Negotiation Configuration
- 9: Adding and Editing Predefined Security Policies
- 10: Configuring Back-end Server Authentication
- 11: Enabling Cross-Zone Load Balancing
- 12: Accessing Load Balancer Logs
1 - Eucalyptus ELB Listener Configurations
This section provides a reference to various possible ways to configure your listener, depending on how secure you want your load balancer. Currently, Eucalyptus supports the following HTTP/HTTPS Load Balancer use cases:
- Basic HTTP load balancer
- Secure website or application using ELB to offload SSL decryption.
- Secure website or application using end-to-end encryption
2 - Creating a Basic Elastic Load Balancing Configuration
Elastic load balancing requires two basic elements to function properly: a load balancer and instances registered with that load balancer. The following examples show how to set up the basic elements of an elastic load balancer configuration.
Create a Load Balancer
The load balancer manages incoming traffic, and monitors the health of your instances. The load balancer ensures that traffic is only sent to healthy instances.To create a load balancer:
Enter the following command, specifying availability zones:
eulb-create-lb -z one -l "lb-port=80, protocol=HTTP, instance-port=80,
instance-protocol=HTTP" MyLoadBalancer
To verify the elastic load balancer has been created, enter the following command: eulb-describe-lbs MyLoadBalancer You should see output similar to the following:
LOAD_BALANCER MyLoadBalancer MyLoadBalancer-587773761872.lb.localhost 2013-01-01T01:23:45.678Z
Optionally, you can create listeners for the load balancer as follows:
eulb-create-lb-listeners --listener "lb-port=80, protocol=HTTP,
instance-port=80, instance-protocol=HTTP"
You’ve now created an elastic load balancer.
Register instances with the Load Balancer
The load balancer monitors the health of registered instances, and balances incoming traffic across the healthy instances.To register an instance with the load balancer: Enter the following command:
eulb-register-instances-with-lb --instances i-e0636aca,i-0c9c3967 MyLoadBalancer
Enter the following command to verify that the instances are registered with the load balancer: eulb-describe-instance-health MyLoadBalancer This command will return output similar to the following:
INSTANCE i-6FAD3F7B InService
INSTANCE i-70FE4541 InService
Once you’ve created the load balancer and registered your instances with it, the load balancer will automatically route traffic from its endpoint URL to healthy instances.
3 - Configuring the Health Check
To determine which instances are healthy, the load balancer periodically polls the registered instances. You can use the command as described in this topic.Perform the following step to configure how the instances should be polled, how long to wait for a response, and how many consecutive successes or failures are required to mark an instance as healthy or unhealthy.
Note
After you initially set up your load balancer, Eucalyptus automatically performs a health check to protect against potential side-effects caused by instances being terminated without being deregistered. This health check uses the instance port defined in the load balancer configurationeulb-configure-healthcheck --healthy-threshold 5 --unhealthy-threshold 5 --interval 30 --timeout 120 --target HTTP:80/ MyLoadBalancer
Use --healthy-threshold and --unhealthy-threshold to specify the number of consecutive health checks required to mark an instance as Healthy or Unhealthy respectively. Use --target to specify the connection target on your instances for these health checks. Use --interval and --timeout to specify the approximate frequency and maximum duration of these health checks.
4 - Modifying an Elastic Load Balancing Configuration
Elastic load balancing requires two basic elements to function properly: a load balancer and instances registered with that load balancer. The following examples show how to modify the basic elements of an elastic load balancer configuration.
De-register instances from the Load Balancer
The load balancer monitors the health of registered instances, and balances incoming traffic across the healthy instances.To deregister an instance from the load balancer: Enter the following command:
eulb-deregister-instances-from-lb --instances INSTANCE1,INSTANCE2,... MyLoadBalancer
Enter the following command to verify that the instances are deregistered from the load balancer: eulb-describe-instance-health MyLoadBalancer This command will return output similar to the following:
INSTANCE i-6FAD3F7B InService
Delete Load Balancer Listeners
To delete a load balancer listener:
Enter the following command:
eulb-delete-lb-listeners --lb-ports PORT1,PORT2,... MyLoadBalancer
Delete Load Balancer
To delete a load balancer:
Enter the following command:
eulb-delete-lb MyLoadBalancer
You’ve now deleted the elastic load balancer.
5 - Creating Elastic Load Balancing Sticky Sessions
By default, a load balancer routes each request independently to the application instance with the smallest load. However, you can use the sticky session feature (also known as session affinity) which enables the load balancer to bind a user’s session to a specific application instance. This ensures that all requests coming from the user during the session will be sent to the same application instance.
Enable Duration-Based Session Stickiness
To enable duration-based sticky sessions for a load balancer:
Use the eulb-create-lb-cookie-stickiness-policy command to create a load-balancer-generated cookie stickiness policy with a cookie expiration period of 60 seconds. eulb-create-lb-cookie-stickiness-policy MyLoadBalancer --policy-name MyLoadBalancerPolicy --expiration-period 60 Use the eulb-set-lb-policies-of-listener command to enable session stickiness for a load balancer using the MyLoadBalancerPolicy. eulb-set-lb-policies-of-listener MyLoadBalancer --lb-port 80 --policy-names MyLoadBalancerPolicy You can use the eulb-describe-lb-policies command to list the policies created for the load balancer. eulb-describe-lb-policies MyLoadBalancer --show-long
Enable Application-Controlled Session Stickiness
To enable application-controlled session stickiness: Use the eulb-create-app-cookie-stickiness-policy command to create a load application-generated cookie stickiness policy: eulb-create-app-cookie-stickiness-policy my-load-balancer -p my-app-cookie-lb-policy -c my-cookie Use the eulb-set-lb-policies-of-listener command to enable session stickiness for a load balancer using the my-load-balancer policy. eulb-set-lb-policies-of-listener example-lb --lb-port 80 --policy-names my-app-cookie-lb-policy You can use the eulb-describe-lb-policies command to list the policies created for the load balancer. eulb-describe-lb-policies example-lb --show-long
6 - Uploading SSL Certificates for Elastic Load Balancing
You must install an X.509 certificate on your load balancer in order to use HTTPS or SSL termination. The X.509 certificate is issued by a central Certificate Authority (CA) and contains identifying information, including a digital signature. X.509 certificates have a validity period. Once an X.509 certificate expires, you must create and install a new certificate.
Upload a Certificate
Once you’ve created a certificate, you must upload it to your cloud using the command.
Note
You must create the certificate and get it signed by a certificate authority (CA) before you can upload the certificate using the AWS Identity and Access Management (IAM) service. For instructions, go to .Enter the euare-servercertupload command, specifying the name of your certificate, the contents of the PEM-encoded public- and private-keys:
euare-servercertupload -s cert-name --certificate-file ssl_server_cert.crt --private-key-file ssl_server_cert.pem
You’ve now created an elastic load balancer.
Verify Server Certificate
You can verify that an uploaded certificate is stored in IAM. Each certificate object has a unique Amazon Resource Name (ARN) and ID.To verify an uploaded certificate: Use the euare-servercertlistbypath command to verify the certificate is stored in IAM:
euare-servercertgetattributes -s elb-ssl-cert
The command will return the ARN, followed by the GUID. For example:
arn:aws:iam::495375389014:server-certificate/elb-ssl-cert
ASCWDKTJBXPSZTHWFERVP
7 - Adding SSL Support
This topic describes how to add SSL support to a new or existing load balancer.
Creating a new listener with SSL support
This task shows how to create a new listener with SSL support.
Note
In order to use HTTPS support, you’ll need to install an SSL server certificate on your load balancer. If you haven’t already done this, see .eulb-create-listener command to create a new listener. For example: eulb-create-lb-listeners MyLoadBalancer --listener "protocol=HTTPS,lb-port=443,instance-port=80,instance-protocol=HTTP, cert-id=arn:aws:iam::12345678901:my-server-certificate/testing/myNewCert" Use the eulb-describe-lbs command to see the details of your load balancer. For example: eulb-describe-lbs MyLoadBalancerUpdating a listener with a new SSL certificate
This task shows how to replace an SSL server certificate configured with listeners"
Note
In order to use HTTPS support, you’ll need to install an SSL server certificate on your load balancer. If you haven’t already done this, see .eulb-set-lb-listener-ssl-certcommand with the ARN of your new server certificate to replace the certificate configured with listeners For example: eulb-set-lb-listener-ssl-cert MyLoadBalancer --lb-port 443 --cert-id arn:aws:iam::12345678901:my-server-certificate/testing/myNewCert Use the eulb-describe-lbs command to see the details of your load balancer. For example: eulb-describe-lbs MyLoadBalancer8 - Updating the SSL Negotiation Configuration
Eucalyptus Elastic Load Balancing (ELB) uses SSL negotiation configurations to determine how SSL connections to your load balancer behave. This topic shows how to update an existing load balancer with an SSL negotiation configuration.
Get a list of predefined security policies using the eulb-describe-lb-policies command: eulb-describe-lb-policies This produces output similar to the following:
POLICY ELBSample-AppCookieStickinessPolicy AppCookieStickinessPolicyType
POLICY ELBSample-LBCookieStickinessPolicy LBCookieStickinessPolicyType
POLICY ELBSecurityPolicy-2014-10 SSLNegotiationPolicyType
POLICY ELBSecurityPolicy-2015-02 SSLNegotiationPolicyType
POLICY ELBSecurityPolicy-2011-08 SSLNegotiationPolicyType
POLICY ELBSecurityPolicy-2015-05 SSLNegotiationPolicyType
POLICY ELBSecurityPolicy-2014-01 SSLNegotiationPolicyType
Use the eulb-create-lb-policy command to update the SSL negotiation configuration to use one of the predefined security policies. For example: eulb-create-lb-policy --policy-name mypredefinedsslpolicy --policy-type SSLNegotiationPolicyType --attributes "Reference-Security-Policy=ELBSecurityPolicy-2011-08" myloadbalancer Use the eulb-describe-lbs command to verify the update. For example: eulb-describe-lbs myloadbalancer
9 - Adding and Editing Predefined Security Policies
This topic describes how to add and edit ELB security policies.Default ELB policies are stored as JSON files in the /etc/eucalyptus/cloud.d/elb-security-policy directory. You can add or edit policy files here, and the changes will take effect when the CLC is restarted.
Copy one of the ELB policy files to a new file and edit the file. You must change the PolicyName attribute to a new name, with the name ending in a date. For example: ELBSecurityPolicy-2015-09 The policy file with the most recent date appended to the name will be used as the default policy when users create HTTPS/SSL listeners. The following is an example of an ELB policy file. You can modify this file and save it with a new filename in the /etc/eucalyptus/cloud.d/elb-security-policy directory.
{
"PolicyAttributeDescriptions": [
{
"AttributeName": "Protocol-SSLv2",
"AttributeValue": "false"
},
{
"AttributeName": "Protocol-TLSv1",
"AttributeValue": "true"
},
{
"AttributeName": "Protocol-SSLv3",
"AttributeValue": "false"
},
{
"AttributeName": "Protocol-TLSv1.1",
"AttributeValue": "true"
},
{
"AttributeName": "Protocol-TLSv1.2",
"AttributeValue": "true"
},
{
"AttributeName": "Server-Defined-Cipher-Order",
"AttributeValue": "true"
},
{
"AttributeName": "ECDHE-ECDSA-AES128-GCM-SHA256",
"AttributeValue": "true"
},
{
"AttributeName": "ECDHE-RSA-AES128-GCM-SHA256",
"AttributeValue": "true"
},
{
"AttributeName": "ECDHE-ECDSA-AES128-SHA256",
"AttributeValue": "true"
},
{
"AttributeName": "ECDHE-RSA-AES128-SHA256",
"AttributeValue": "true"
},
{
"AttributeName": "ECDHE-ECDSA-AES128-SHA",
"AttributeValue": "true"
},
{
"AttributeName": "ECDHE-RSA-AES128-SHA",
"AttributeValue": "true"
},
{
"AttributeName": "DHE-RSA-AES128-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "ECDHE-ECDSA-AES256-GCM-SHA384",
"AttributeValue": "true"
},
{
"AttributeName": "ECDHE-RSA-AES256-GCM-SHA384",
"AttributeValue": "true"
},
{
"AttributeName": "ECDHE-ECDSA-AES256-SHA384",
"AttributeValue": "true"
},
{
"AttributeName": "ECDHE-RSA-AES256-SHA384",
"AttributeValue": "true"
},
{
"AttributeName": "ECDHE-RSA-AES256-SHA",
"AttributeValue": "true"
},
{
"AttributeName": "ECDHE-ECDSA-AES256-SHA",
"AttributeValue": "true"
},
{
"AttributeName": "AES128-GCM-SHA256",
"AttributeValue": "true"
},
{
"AttributeName": "AES128-SHA256",
"AttributeValue": "true"
},
{
"AttributeName": "AES128-SHA",
"AttributeValue": "true"
},
{
"AttributeName": "AES256-GCM-SHA384",
"AttributeValue": "true"
},
{
"AttributeName": "AES256-SHA256",
"AttributeValue": "true"
},
{
"AttributeName": "AES256-SHA",
"AttributeValue": "true"
},
{
"AttributeName": "DHE-DSS-AES128-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "CAMELLIA128-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "EDH-RSA-DES-CBC3-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "DES-CBC3-SHA",
"AttributeValue": "true"
},
{
"AttributeName": "ECDHE-RSA-RC4-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "RC4-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "ECDHE-ECDSA-RC4-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-DSS-AES256-GCM-SHA384",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-RSA-AES256-GCM-SHA384",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-RSA-AES256-SHA256",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-DSS-AES256-SHA256",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-RSA-AES256-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-DSS-AES256-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-RSA-CAMELLIA256-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-DSS-CAMELLIA256-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "CAMELLIA256-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "EDH-DSS-DES-CBC3-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-DSS-AES128-GCM-SHA256",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-RSA-AES128-GCM-SHA256",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-RSA-AES128-SHA256",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-DSS-AES128-SHA256",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-RSA-CAMELLIA128-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-DSS-CAMELLIA128-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "ADH-AES128-GCM-SHA256",
"AttributeValue": "false"
},
{
"AttributeName": "ADH-AES128-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "ADH-AES128-SHA256",
"AttributeValue": "false"
},
{
"AttributeName": "ADH-AES256-GCM-SHA384",
"AttributeValue": "false"
},
{
"AttributeName": "ADH-AES256-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "ADH-AES256-SHA256",
"AttributeValue": "false"
},
{
"AttributeName": "ADH-CAMELLIA128-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "ADH-CAMELLIA256-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "ADH-DES-CBC3-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "ADH-DES-CBC-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "ADH-RC4-MD5",
"AttributeValue": "false"
},
{
"AttributeName": "ADH-SEED-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "DES-CBC-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-DSS-SEED-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "DHE-RSA-SEED-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "EDH-DSS-DES-CBC-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "EDH-RSA-DES-CBC-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "IDEA-CBC-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "RC4-MD5",
"AttributeValue": "false"
},
{
"AttributeName": "SEED-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "DES-CBC3-MD5",
"AttributeValue": "false"
},
{
"AttributeName": "DES-CBC-MD5",
"AttributeValue": "false"
},
{
"AttributeName": "RC2-CBC-MD5",
"AttributeValue": "false"
},
{
"AttributeName": "PSK-AES256-CBC-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "PSK-3DES-EDE-CBC-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "KRB5-DES-CBC3-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "KRB5-DES-CBC3-MD5",
"AttributeValue": "false"
},
{
"AttributeName": "PSK-AES128-CBC-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "PSK-RC4-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "KRB5-RC4-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "KRB5-RC4-MD5",
"AttributeValue": "false"
},
{
"AttributeName": "KRB5-DES-CBC-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "KRB5-DES-CBC-MD5",
"AttributeValue": "false"
},
{
"AttributeName": "EXP-EDH-RSA-DES-CBC-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "EXP-EDH-DSS-DES-CBC-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "EXP-ADH-DES-CBC-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "EXP-DES-CBC-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "EXP-RC2-CBC-MD5",
"AttributeValue": "false"
},
{
"AttributeName": "EXP-KRB5-RC2-CBC-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "EXP-KRB5-DES-CBC-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "EXP-KRB5-RC2-CBC-MD5",
"AttributeValue": "false"
},
{
"AttributeName": "EXP-KRB5-DES-CBC-MD5",
"AttributeValue": "false"
},
{
"AttributeName": "EXP-ADH-RC4-MD5",
"AttributeValue": "false"
},
{
"AttributeName": "EXP-RC4-MD5",
"AttributeValue": "false"
},
{
"AttributeName": "EXP-KRB5-RC4-SHA",
"AttributeValue": "false"
},
{
"AttributeName": "EXP-KRB5-RC4-MD5",
"AttributeValue": "false"
}
],
"PolicyName": "ELBSecurityPolicy-2015-05",
"PolicyTypeName": "SSLNegotiationPolicyType"
}
Using a text editor, change the PolicyName attribute. For example: "PolicyName": "ELBSecurityPolicy-2015-05" Once you’ve edited and saved the JSON file, restart the CLC. Once the CLC has restarted, use the eulb-describe-lb-policies command to verify that your new policy is listed. For example:
POLICY ELBSample-AppCookieStickinessPolicy AppCookieStickinessPolicyType
POLICY ELBSample-LBCookieStickinessPolicy LBCookieStickinessPolicyType
POLICY ELBSecurityPolicy-2014-10 SSLNegotiationPolicyType
POLICY ELBSecurityPolicy-2015-02 SSLNegotiationPolicyType
POLICY ELBSecurityPolicy-2011-08 SSLNegotiationPolicyType
POLICY ELBSecurityPolicy-2015-05 SSLNegotiationPolicyType
POLICY ELBSecurityPolicy-2014-01 SSLNegotiationPolicyType
POLICY MyNewELBSecurityPolicy-2015-09 SSLNegotiationPolicyType
You can now use your new security policy using the eulb-create-lb-policy command. For more information, see Updating the SSL Negotiation Configuration .
10 - Configuring Back-end Server Authentication
When running a web application with HTTPS or SSL as the backend server’s protocol, you might want to authenticate the back-end servers using the public key of the back-end server’s certificate. This authentication can be used to ensure that back-end servers accept only encrypted communication and to ensure that the back-end servers have the correct certificate.To configure back-end server authentication:
Create a new loadbalancer with HTTPS as backend instance’s protocol:
eulb-create-lb -l "protocol=HTTPS,lb-port=443,instance-protocol=HTTPS,instance-port=8443,cert-id=arn:aws:iam::000550595745:server-certificate/mycert01"\
-z one myloadbalancer
Create a new PublicKeyPolicyType policy for the load balancer. In the example below, ‘server.crt’ is the file containing the public key of the backend server’s certificate.
eulb-create-lb-policy -n webservercert -t PublicKeyPolicyType -a "name=PublicKey, value=$(<./server.crt)" myloadbalancer
Use the eulb-describe-lb-policies to ensure that the policy was created. For example:
eulb-describe-lb-policies -p webservercert myloadbalancer
Create a new BackendServerAuthenticationPolicyType policy that refers to the public key policy created above.
eulb-create-lb-policy -n webserverauthentication -t BackendServerAuthenticationPolicyType -a "name=PublicKeyPolicyName, value=webservercert" myloadbalancer
Make sure the policy is created. For example:
eulb-describe-lb-policies -p webserverauthentication myloadbalancer
Set the created policy to the listener by specifying the instance’s port number. For example:
eulb-set-lb-policies-for-backend-server -i 443 -p webserverauthentication myloadbalancer
Make sure the policy is attached to the intended listener. For example:
eulb-describe-lbs --show-long myloadbalancer
LOAD_BALANCER myloadbalancer
myloadbalancer-000550595745.lb.c-04.autoqa.qa1.eucalyptus-systems.com
{interval=30,target=TCP:8443,timeout=5,healthy-threshold=3,unhealthy-threshold=3} one \
{protocol=HTTPS,lb-port=443,instance-protocol=HTTPS,instance-port=8443,cert-id=arn:aws:iam::000550595745:server-certificate/mycert01,\
{ELBSecurityPolicy-2015-05}}
{instance-port=8443,policies={webserverauthentication}}
{ELBSecurityPolicy-2015-05,webservercert,webserverauthentication}
{owner-alias=000936883517,group-name=euca-internal-000550595745-myloadbalancer}
2015-10-12T20:55:52.08Z
internet-facing
11 - Enabling Cross-Zone Load Balancing
When an ELB has instances in multiple available zones, enabling cross-zone load balancing will distribute traffics to instances across availability zones. If disabled, the load balancer in a zone will distribute traffics to instances within the zone. For example, if a Zone A has 10 instances, and a Zone B has 1 instance, and the client happens to use the load balancer of Zone B (via round-robin DNS), cross-zone load balancing will ensure that the clients will use all 11 instances, not just the one instance in Zone B.To enable cross-zone load balancing:
By default, cross-zone load balancing is not enabled for a new load balancer. To enable, modify the load balancer attribute using the eulb-modify-lb-attributes command. For example: eulb-modify-lb-attributes myloadbalancer CrossZoneLoadBalancing.Enabled=true Make sure the attribute is enabled. For example:
eulb-describe-lb-attributes myloadbalancer
AccessLog.Enabled false
ConnectionDraining.Enabled false
ConnectionSettings.IdleTimeout 60
CrossZoneLoadBalancing.Enabled true
12 - Accessing Load Balancer Logs
To help analyze an application’s performances or troubleshoot problems, you can capture detailed information for all requests coming through your load balancers. When enabled, such access logs will be captured and stored in the S3 bucket.To access ELB logs:
Before enabling the access logs, update the access control of your S3 (Eucalyptus object-storage-gateway) bucket so that Eucalyptus’ load balancer has write permissions. The access control list requires the canonical ID of the grantee. To obtain the canonical ID of the load balancing service:
Note
If your cloud is using VPCMIDO networking mode, use the command in the next step.eulb-describe-lbs --show-long --region devops-admin@region-1
LOAD_BALANCER myloadbalancer
myloadbalancer-000476918024.lb.a-18.autoqa.qa1.eucalyptus-systems.com
{interval=30,target=TCP:80,timeout=5,healthy-threshold=3,unhealthy-threshold=3
cash,money i-6f2a1874,i-be660343
{protocol=HTTP,lb-port=80,instance-protocol=HTTP,instance-port=80}
{owner-alias=000865102303,group-name=euca-internal-000476918024-myloadbalancer}
2015-09-29T18:11:33.761Z
internet-facing
Note
Save the number at the end of the output to update the bucket’s ACL in .To obtain the canonical ID of the load balancing service in VPCMIDO networking mode:
Note
If your cloud is not using VPCMIDO networking mode, use the command in the previous step.euserv-describe-services --filter service-type=loadbalancing --expert
SERVICE arn:euca:bootstrap:API_10.111.1.19:loadbalancing:API_10.111.1.19.loadbalancing/ enabled 25
http://10.111.1.19:8773/services/LoadBalancing
(eucalyptus)loadbalancing=000036660381:28323c32338354b20255a633830524c1224434cb1a5254c1d614614841586042
Note
Save the number at the end of the output to update the bucket’s ACL in .Use any S3 client tools to update the bucket’s ACL. For example:
# aws --endpoint-url http://objectstorage.a-18.autoqa.qa1.eucalyptus-systems.com:8773/ s3 s3://webserverlog
# aws --endpoint-url http://objectstorage.a-18.autoqa.qa1.eucalyptus-systems.com:8773/ s3api put-bucket-acl --grant-write "id=000865102303" --bucket s3://webserverlog
Modify your load balancer’s attributes to enable the access logs. For example:
eulb-modify-lb-attributes myloadbalancer AccessLog.Enabled=true AccessLog.S3BucketName=webserverlog AccessLog.EmitInterval=5 AccessLog.S3BucketPrefix=myprefix
Check that the attribute has been updated correctly by using the eulb-describe-lb-attributes command:
eulb-describe-lb-attributes myloadbalancer
AccessLog.EmitInterval 5
AccessLog.Enabled true
AccessLog.S3BucketName webserverlog
AccessLog.S3BucketPrefix myprefix
ConnectionDraining.Enabled false
ConnectionSettings.IdleTimeout 60
CrossZoneLoadBalancing.Enabled true