Alibaba Cloud Network Load Balancer (NLB) provides intelligent load balancing for DataWorks SSH nodes, preventing a single point of failure and simplifying task configuration. This topic describes how to deploy and use this solution in DataWorks to ensure that SSH tasks run stably.
Background
In DataWorks, an SSH data source is typically configured with the host address of a fixed ECS instance. If that host becomes unhealthy (for example, it crashes or runs out of resources), SSH nodes may fail to run. To address this, you can add multiple ECS instances to a server group of a Network Load Balancer (NLB) instance. NLB uses its internal algorithm to distribute task requests to available ECS instances and continuously checks their health. If an ECS instance fails, NLB automatically routes requests to other healthy instances. This prevents a single instance failure from interrupting tasks and ensures high availability.
As shown in the preceding figure:
-
Without load balancing: DataWorks SSH node tasks can run only on the connected ECS instance. If that instance is overloaded or fails, tasks are delayed or interrupted.
-
With load balancing: DataWorks SSH node tasks are automatically routed to an ECS instance in the server group based on the NLB policy. NLB also performs health checks on the server group. If it detects an unhealthy ECS instance, it automatically routes tasks to other healthy instances, ensuring continuity and high availability.
This solution prevents resource exhaustion and single points of failure, improving task execution efficiency and reliability.
Prerequisites
The RAM user that you want to use is added to your workspace.
If you want to use a RAM user to develop tasks, you must add the RAM user to your workspace as a member and assign the Develop or Workspace Administrator role to the RAM user. The Workspace Administrator role has more permissions than necessary. Exercise caution when you assign the Workspace Administrator role. For more information about how to add a member and assign roles to the member, see Add members to a workspace.
-
A serverless resource group is associated with your workspace. For more information, see the topics in the Use serverless resource groups directory.
Limitations
-
The code in an SSH node cannot exceed
128 KB. -
The DataWorks resource group, ECS instances, and NLB instance must be in the same VPC and region.
Prepare the environment
To enable load balancing and high availability for SSH nodes, create at least two ECS instances and add unique sample data to each for verification.
Create ECS instances
Follow these steps to create the required ECS instances.
-
Purchase ECS instances.
Go to the ECS instance buy page, select the Custom Launch tab, and configure the following parameters to create the ECS instances. For details on other parameters, see Create an instance on the Custom Launch tab.
Parameter
Description
Region
Select the region where your DataWorks workspace resides.
Network and zone
Select the same Virtual Private Cloud (VPC) and vSwitch used for the serverless resource group.
Security Group
Select the security group that is bound to the vSwitch of the serverless resource group.
Other parameters
Configure other parameters based on your business requirements.
-
Set the quantity.
On the right side of the ECS instance buy page, find the Quantity option and enter the number of ECS instances you need. This tutorial uses two instances.
-
Click Create Order to complete the creation and purchase of the ECS instances.
Prepare sample data
On the two ECS instances you created, write unique sample data to each so you can distinguish the results later.
-
Log on to the ECS instances.
-
Go to the ECS console, switch to the region where the ECS instances reside, and find the two instances you created.
-
In the Operation column for an instance, click Remote connection. In the Remote connection dialog box, select Sign in now.
-
On the Instance Login page, configure authentication information and complete the logon.
-
-
Create sample data.
-
On ECS Instance 1, run the following command:
echo "I am the first server" > /tmp/a.txt -
On ECS Instance 2, run the following command:
echo "I am the second server" > /tmp/a.txt
-
Configure the NLB instance
Follow these steps to create an NLB instance, configure a backend server group by adding two ECS instances, and set up a listener to enable load balancing.
Create an NLB instance
You can create an NLB instance by following these steps. For more information, see Prerequisites for creating an NLB instance and Create and manage an NLB instance.
-
Go to the NLB instance buy page.
Log on to the Network Load Balancer console. In the top navigation bar, select the region. On the Instances page, click Create NLB to go to the Cloud Service Buy Page.
ImportantSelect the same region as your DataWorks workspace. An incorrect region selection will require you to create a new instance.
-
Configure and purchase the NLB instance.
On the Cloud Service Buy Page, configure the following parameters to create an NLB instance:
Parameter
Description
Network
Network type
Select internal-facing.
VPC
Select the VPC used by your serverless resource group.
Zone
Select the zone where the vSwitch of the serverless resource group resides.
IP version
Select IPv4.
Management settings
Instance name
Enter a custom instance name.
Resource group
Select the default resource group.
-
Confirm the purchase.
After configuring all parameters, click Create. On the Confirm Order page, click Activate.
Create a backend server group
After the NLB instance enters the Active state, follow these steps to create and bind a backend server group to the NLB instance. For more information, see NLB server groups.
-
Go to the instance details page.
-
Log on to the Network Load Balancer console. In the top navigation bar, select the region. In the instance list, find the instance you created.
-
Click the instance name to go to the instance details page.
-
-
Create a backend server group.
-
At the top of the instance details page, click Create Server Group to go to the Create Server Group page.
-
Set Server Group Name to
ECS_NLB, and then click Create.
-
-
Add backend servers.
-
In the Server group created successfully dialog box, click Add Backend Server.
-
On the Backend Servers tab, click Add Backend Server to go to the Add Backend Server page.
-
Select the two ECS instances you created.
-
Click Next step to go to the Ports/Weights step.
-
-
Configure ports and weights.
-
Set the Port to
22. -
Click OK to complete the configuration.
-
Wait until the backend servers are added successfully.
Configure a listener
After you add the ECS instances to the backend server group, configure a listener for the NLB instance as follows. For more information, see Add a TCP listener.
-
Go to the instance details page.
-
Log on to the Network Load Balancer console. In the top navigation bar, select the region. In the instance list, find the instance you created.
-
Click the instance name to go to the instance details page.
-
-
Configure a listener.
-
At the top of the instance details page, click Create Listener to open the Configure Server Load Balancer wizard.
-
Set the listener protocol to TCP and set the listener port to
22. -
Click Next step.
-
-
Select a server group.
-
In the Select Server Group step, for Server Type, select the server group
ECS_NLBthat you created in Create a backend server group. -
Click Next step.
-
-
Submit for review.
In the Configuration Review step, confirm the ECS instances and listener port, and then click Submit.
Configure an SSH data source
After completing the preceding configurations, add the NLB instance as an SSH data source. For more information, see SSH data sources.
Log on to the DataWorks console. In the target region, click in the left-side navigation pane. Select a workspace from the drop-down list and click Go to Management Center.
-
In the left-side navigation pane, click to go to the Data Sources page.
-
On the Data Sources page, click Add Connection to go to the Add Connection page.
-
On the Add Connection page, select SSH as the data source type to go to the Add SSH Data Source page. You can configure the parameters on this page as follows.
Parameter
Description
Data source name
Enter a custom name for the data source, for example,
SSH_DB.Configuration mode
Use the default User-created Data Store with Public IP Addresses.
Authentication method
We recommend DataWorks SSH Public Key Authentication.
Host address
Log on to the Network Load Balancer console. In the top navigation bar, select the region. Find the instance and click its name to open the instance details page. Copy the Domain Name to use as the Host Address.
Host port
The host port for the server is
22.Username
The username for the server is
root.Public key
Click Generate Key Pair. The platform generates a public key based on the username you configured.
ImportantBefore you test the connection, add the public key to the
.ssh/authorized_keysfile on thetwoECS hosts. Otherwise, the test will fail. -
Test resource group connectivity.
In the Connection Configuration section, find the serverless resource group bound to your workspace, and click Test Connectivity in the Connected state column.
Run the SSH task
You can follow these steps to create and develop an SSH node, and then verify its functionality by checking the task results.
Create an SSH node
You can create an SSH node by following these steps. For more information, see Create an SSH node.
Go to the Workspaces page in the DataWorks console. In the top navigation bar, select a desired region. Find the desired workspace and choose in the Actions column.
-
In the left-side navigation pane, click the
icon. Click the
icon next to Project Directory, and choose to open the New Node dialog box. -
In the New Node dialog box, enter a custom Name for the SSH node.
-
Click Confirm to go to the node editor.
Develop the SSH node
On the node editor page, add the following sample code and configure the execution environment.
-
Write the SSH node code.
In the code editor, enter the following sample command:
cat /tmp/a.txt -
Configure the execution environment.
-
Data Source: From the Select a data source drop-down list at the top of the editor, select the
SSH_DBdata source. -
Resource group configuration: In the right-side pane, click Run Configuration, and set Resource Group to your serverless resource group.
-
-
Click the Save button in the toolbar to save the SSH node.
View task results
Run the SSH node multiple times and compare the output to verify that the load balancing is effective.
-
Run the SSH node task.
Click the Run button in the toolbar. After the first run completes, run the task again.
-
View the task results.
NoteThe output may differ between runs because the task is routed to a different ECS instance each time.
Execution result 1.
2025-04-11 16:53:05 INFO ============================================= 2025-04-11 16:53:06,657 INFO [SshWrapperMain.java:151] - Get PrivateKey Content OK 2025-04-11 16:53:06,667 INFO [SshExecutorUtil.java:33] - User: xxx 2025-04-11 16:53:06,668 INFO [SshExecutorUtil.java:34] - Host: xxx 2025-04-11 16:53:06,668 INFO [SshExecutorUtil.java:35] - Port: 22 2025-04-11 16:53:07,876 INFO [SshExecutorUtil.java:55] - session connect success 2025-04-11 16:53:07,877 INFO [SshExecutorUtil.java:56] - code: cat /tmp/a.txt 2025-04-11 16:53:07,894 INFO [SshExecutorUtil.java:66] - channel connect success I am the first server 2025-04-11 16:53:09 INFO ============================================= 2025-04-11 16:53:09 INFO Exit code of the Shell command 0 2025-04-11 16:53:09 INFO --- Invocation of Shell command completed --- 2025-04-11 16:53:09 INFO Shell run successfully! 2025-04-11 16:53:09 INFO Current task status: FINISH 2025-04-11 16:53:09 INFO Cost time is: 3.238sExecution result 2:
This output shows "I am the second server", which indicates that the request was routed to the second ECS instance. The run log is as follows:
2025-04-11 16:53:56 INFO ============================================================ 2025-04-11 16:53:57,632 INFO [SshWrapperMain.java:151] - Get PrivateKey Content OK 2025-04-11 16:53:57,645 INFO [SshExecutorUtil.java:33] - User: 2025-04-11 16:53:57,645 INFO [SshExecutorUtil.java:34] - Host: 2025-04-11 16:53:57,645 INFO [SshExecutorUtil.java:35] - Port: 22 2025-04-11 16:53:58,746 INFO [SshExecutorUtil.java:55] - session connect success 2025-04-11 16:53:58,746 INFO [SshExecutorUtil.java:56] - code: cat /tmp/a.txt 2025-04-11 16:53:58,764 INFO [SshExecutorUtil.java:66] - channel connect success I am the second server 2025-04-11 16:53:59 INFO ============================================================ 2025-04-11 16:53:59 INFO Exit code of the Shell command 0 2025-04-11 16:53:59 INFO --- Invocation of Shell command completed --- 2025-04-11 16:53:59 INFO Shell run successfully! 2025-04-11 16:53:59 INFO Current task status: FINISH 2025-04-11 16:53:59 INFO Cost time is: 3.011s
How it works
The following explains how DataWorks uses NLB to ensure stable execution of high-concurrency SSH tasks:
This solution works by adding multiple ECS instances to an NLB server group and using the NLB instance's DNS name as the SSH data source in DataWorks. Task requests from the SSH node are then intercepted by the NLB listener, which distributes them to healthy ECS instances based on its load balancing policy. Execution results are returned through NLB and displayed in the SSH node's log.