All Products
Search

This Product

    ApsaraDB RDS:Prepare to create a DR instance

    Document Center

    ApsaraDB RDS:Prepare to create a DR instance

    Last Updated:Oct 28, 2024

    Before you create a disaster recovery (DR) instance for a source instance, make sure that the source instance can communicate with the destination instance. The destination instance is an ApsaraDB RDS for PostgreSQL instance that is referred to as the DR instance. In addition, you must create a synchronization account on the source instance to implement DR and configure related files. This topic describes the preparations for creating a DR instance for a self-managed PostgreSQL instance that is deployed on an Elastic Compute Service (ECS) instance.

    Prerequisites

    • An RDS instance that meets the required requirements is created. For more information, see Create an ApsaraDB RDS for PostgreSQL instance.

      • The major engine version of the RDS instance is the same as that of the source instance.

      • The RDS instance is a primary instance. You cannot use read-only RDS instances as DR instances.

      • The billing method of the RDS instance is pay-as-you-go or subscription. You cannot use serverless instances as DR instances.

      • The RDS instance is empty. The available storage of the RDS instance is larger than or equal to the size of the data on the self-managed PostgreSQL instance.

    Enable network communication

    Overview of network communication solutions

    Source instance

    Network communication method

    Self-managed instance in a data center

    You can use an Express Connect circuit, a VPN gateway, a Smart Access Gateway (SAG) instance, or a Cloud Enterprise Network (CEN) instance. For more information, see What is Express Connect?, What is VPN Gateway?, What is SAG?, and What is CEN?

    Self-managed instance in a third-party cloud

    You can use SAG, CEN, or an Internet NAT gateway. For more information, see What is SAG?, What is CEN?, and What is Internet NAT gateway?

    Self-managed instance on an Alibaba Cloud ECS instance

    You can use CEN or an Internet NAT gateway. For more information, see What is CEN? and What is Internet NAT gateway?

    Note

    If the ECS instance on which the source instance is deployed resides in the same virtual private cloud (VPC) as the destination RDS instance, you do not need to enable network communication.

    Instance managed on a third-party cloud

    You can use a SAG instance, a CEN instance, or an Internet NAT gateway. For more information, see What is SAG?, What is CEN?, and What is Internet NAT gateway?

    RDS instance

    You can use a CEN instance or an Internet NAT gateway. For more information, see What is CEN? and What is Internet NAT gateway?

    Note

    If the source and destination instances reside in the same VPC, you do not need to enable network communication.

    If the source instance can be accessed over the Internet, you can use an Internet NAT gateway to connect the source instance to the VPC in which the destination instance resides. The following section describes how to configure the destination instance and use an Internet NAT gateway to enable network communication.

    If the source instance cannot be accessed over the Internet, you can use a CEN instance to enable network communication. For more information, see Procedure

    Configure an Internet NAT gateway for the destination instance

    1. Log on to the ApsaraDB RDS console and go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the instance ID.

    2. In the left-side navigation pane, click Database Connection. In the Database Connection section, view the VPC and vSwitch ID of the destination instance.

      You can move the pointer over the VPC ID to view the vSwitch ID.

      image

    3. Click the VPC ID to go to the VPC console.

    4. Click the Resource Management tab. In the Access to Internet section, click Create Now under Internet NAT Gateway.

      image

    5. On the Internet NAT Gateway page, configure the following parameters and click Buy Now.

      Parameter

      Description

      Billing Method

      By default, Pay-as-you-go is selected. You can pay for resources after you use them. For more information, see Billing of Internet NAT gateways.

      Resource Group

      Select the resource group to which the VPC belongs. For more information, see Resource group overview.

      Tags

      • Tag Key: Select or enter a tag key.

        You can specify up to 20 tag keys. A tag key can be up to 128 characters in length and cannot contain http:// or https://. The tag key cannot start with aliyun or acs:.

      • Tag Value: Select or enter a tag value.

        You can specify up to 20 tag values. A tag value can be up to 128 characters in length and cannot contain http:// or https://. The tag value cannot start with aliyun or acs:.

      Region

      Select the region in which the destination instance resides.

      VPC

      Select the VPC in which the destination instance resides.

      Associate vSwitch

      Select the vSwitch of the destination instance.

      Metering Method

      By default, Pay-By-CU is selected. You are charged for the resources that you use. For more information, see Billing of Internet NAT gateways.

      Billing Cycle

      By default, By Hour is selected. The billing cycle is 1 hour. If you use an Internet NAT gateway for less than 1 hour, the usage duration is rounded up to 1 hour.

      Instance Name

      Enter a name for the Internet NAT gateway.

      The name must be 2 to 128 characters in length and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.

      Access Mode

      SNAT for All VPC Resources: If you select this option, the Internet NAT gateway is created in unified access mode. After the Internet NAT gateway is created, all resources in the VPC can access the Internet by using the NAT gateway.

      EIP

      Select an elastic IP address (EIP) for the Internet NAT gateway. If you have not purchased an EIP, purchase an EIP. For more information, see Purchase a service bundle that consists of an SNAT-enabled Internet NAT gateway and an EIP for a VPC.

    6. On the Confirm page, confirm the information about the Internet NAT gateway, read Terms of Service, and then click Activate Now.

      When the Purchased message appears, the Internet NAT gateway is created.

    Configure the source instance

    Step 1: Create a synchronization account for DR

    When you create a DR relationship, you must create a synchronization account for DR on the source instance.

    1. Connect to the source instance, create a synchronization account, and configure the required permissions. In this example, a synchronization account named replicatoraccount is created. 

      CREATE ROLE replicatoraccount CREATEROLE REPLICATION LOGIN PASSWORD 'your_password';

    2. Grant the replicatoraccount account the pg_monitor permission. 

      GRANT pg_monitor TO replicatoraccount;

    3. Use the replicatoraccount account to connect to the source instance and execute the required SQL statement to check whether the account has the required permissions.

      1. Execute the following SQL statement to create an account named testreplicator and grant the testreplicator account the REPLICATION permission. If the testreplicator account can be successfully created, the replicatoraccount account has the required permissions for synchronization. 

        CREATE USER testreplicator WITH REPLICATION;

        If the must be superuser to create replication users error message appears, use an account that has the SUPERUSER permission to connect to the source instance and grant the SUPERUSER permission to the replicatoraccount account. For example, you can execute the ALTER USER replicatoraccount WITH SUPERUSER; statement to grant the replicatoraccount account the permission.

      2. Delete the testreplicator account. 

        DROP USER IF EXISTS testreplicator;

    Step 2: Configure an ECS security group

    1. Log on to the ECS console.

    2. In the left-side navigation pane, choose Instances & Images > Instances.

    3. In the top navigation bar, select the region in which your source instance resides.

    4. Find the required ECS instance and click the instance ID.

    5. On the Security Groups tab of the page that appears, click the name of the security group.

    6. In the Access Rule section of the Security Group Details tab, click Add Rule on the Inbound tab to add the security group rules described in the following table.

      Protocol Type

      Port Range

      Authorization Object

      All ICMP (IPv4)

      Source: -1/-1

      Destination: -1/-1

      Set the parameter to the EIP that is associated with the Internet NAT gateway for the destination RDS instance. The Internet NAT gateway is created to enable network communication. For more information, see Enable network communication.

      Note

      You can view the EIP that is associated with the Internet NAT gateway on the Associated EIP tab of the required Internet NAT gateway.

      TCP

      The port that is used to connect to the self-managed PostgreSQL instance on the ECS instance. You can run the netstat -a | grep PGSQL command to query the port.

    Step 3: Modify the pg_hba.conf file

    Note

    In this topic, the source instance runs PostgreSQL 13 and is deployed on an ECS instance that runs CentOS 7.

    1. Log on to the ECS instance on which the self-managed PostgreSQL instance is deployed. For more information, see Connection method overview.

    2. Query the location of the pg_hba.conf file.

      Note

      You must use the root user to run the command. 

      find / -name pg_hba.conf

      Command output:

      /var/lib/pgsql/13/data/pg_hba.conf

    3. Go to the directory in which the pg_hba.conf file is stored. 

      cd /var/lib/pgsql/13/data/

    4. Add the following content to the end of the pg_hba.conf file: 

      host  all    replicatoraccount  121.XX.XX.XX/32  md5
host  replication  replicatoraccount  121.XX.XX.XX/32  md5

      Parameter description:

      • replicatoraccount: the synchronization account that is created to implement DR. For more information, see Step 1: Create a synchronization account for DR.

      • 121.XX.XX.XX: the EIP that is associated with the Internet NAT gateway for the destination RDS instance. The Internet NAT gateway is created to enable network communication. For more information, see Enable network communication section in this topic.

        Note

        You can view the EIP that is associated with the Internet NAT gateway on the Associated EIP tab of the required Internet NAT gateway.

    5. Connect to the source instance and reload the configurations for the configurations to take effect. 

      SELECT pg_reload_conf();

      Sample output:

       pg_reload_conf
----------------
 t
(1 row)

    Step 4: Configure the postgresql.conf file

    For more information, see Configure the postgresql.conf file of a self-managed PostgreSQL instance.

    Step 5: Configure the firewall of the source instance

    For more information, see Configure the firewall of a server.