Purpose: Automate a High Availability Web Application environment within the AWS infrastructure.
- VPC
- Internet Gateway
- Route tables (public and private)
- Private subnets
- Public subnets
- NAT server on public subnet - gateway for systems on private network http, https (inbound/outbound)
- OpenVPN server on public subnet(s)
- AutoScale Group (desired 2, min 2, max 6) internal / public
- ElasticCache (memcache)
- Elastic File System
- Elastic Load Balancer (public and internal)
- RDS Multi AZ (mariadb)
- S3
- security group for public servers
- security group for internal network
- security group for NAT
- security group for RDS
The following tools are being used to provision our AWS Architecture.
- Terraform - used to create AWS environment
- Ansible - used to provision systems on startup using ansible-pull
ssh to one of the public openvpn servers.
ssh hostname -i keypair.pem -l openvpnas
type: yes
accept default value for everything else.
add your licence key.
Change the password for the openvpn user
sudo passwd openvpn (openvpn/openvpn)
open openvpn client install https://public-ipaddress connect to download client if you don't already have it installed.
- connect to public ipaddress
- click yes for both dialogs
Navigate to https://public-ipaddress/admin
- click advance
- click proceed to..
- username: openvpn
- password: openvpn
- click Agree
- Click "Server Network Settings" and scroll down and deselect "Admin Web Server" and "Client Web Server" then click "Save Settings"
- Click "Update Running Server"
- This should break things for a moment.
- Navigigate to https://your-privateip::943/admin and click "Advanced" and Proceed to ...
- username: openvpn
- password: openvpn
Now lets test network.
##Elk stack
By default, the stack exposes the following ports:
- 5000: Logstash TCP input. - Connect to one of the XXX-elkXX-private-servers and add some test data.
ssh XXX-elkXX-private-servers.ipaddress -i ssh/aws-terraform -l ec2user
nc localhost 5000 < /var/log/messages
nc localhost 5000 < /var/log/maillog
nc localhost 5000 < /var/log/secure
nc localhost 5000 < /var/log/spooler
nc localhost 5000 < /var/log/yum.log
nc localhost 5000 < /var/log/lastlog
nc localhost 5000 < /var/log/cloud-init-output.log
nc localhost 5000 < /var/log/cloud-init.log
- 5601: Kibana - connect to one of the XXX-elkXX-private-servers i.e. http://server.ip.address:5601/
##Utility Server Connect to Jenkins instance
- http://server.ip.address:8080/ (follow instruction to complete install)
Connect to the Selenium Hub Console