Capture Proxy Data Replication - opensearch-project/opensearch-migrations GitHub Wiki
The Migration Assistant includes an Application Load Balancer (ALB) for routing traffic to the capture proxy and/or target. Upstream client traffic must be routed through the capture proxy in order to replay the requests later.
Assumptions
- The upstream layer from the ALB is compatible with the certificate on the ALB listener (whether itβs clients or a Network Load Balancer, NLB).
- The
albAcmCertArn
in thecdk.context.json
may need to be provided to ensure that clients trust the ALB certificate.
- The
- If an NLB is used directly upstream of the ALB, it must use a TLS listener.
- Upstream resources and security groups must allow network access to the Migration Assistant ALB.
Steps
- In the AWS Console, navigate to EC2 > Load Balancers > Migration Assistant ALB.
- Note down the ALB URL.
- If you are using NLB β ALB β Cluster:
- Ensure ingress is provided directly to the ALB for the capture proxy.
- Create a target group for the Migration Assistant ALB on port 9200, and set the health check to HTTPS.
- Associate this target group with your existing NLB on a new listener (for testing).
- Verify the health check is successful, and perform smoke testing with some clients through the new listener port.
- Once ready to migrate all clients, detach the Migration Assistant ALB target group from the testing NLB listener and modify the existing NLB listener to direct traffic to this target group.
- Now, client requests will be routed through the proxy (once they establish a new connection). Verify application metrics.
- If you are using NLB β Cluster:
- If you do not wish to modify application logic, add an ALB in front of your cluster and follow the NLB β ALB β Cluster steps. Otherwise:
- Create a target group for the ALB on port 9200 and set the health check to HTTPS.
- Associate this target group with your existing NLB on a new listener.
- Verify the health check is successful, and perform smoke testing with some clients through the new listener port.
- Once ready to migrate all clients, deploy a change so that clients hit the new listener.
- If you are not using an NLB:
- Make a client/DNS change to route clients to the Migration Assistant ALB on port 9200.
- In the Migration Console, execute the following command:
Note the records in the logging topic.console kafka describe-topic-records
- After a short period, execute the same command again and compare the increase in records against the expected HTTP requests.
Troubleshooting
- Investigate the ALB listener security policy, security groups, ALB certificates, and the proxy's connection to Kafka.