Skip to content

An example Terraform plan with Ansible playbook for deploying a Wordpress site into a VPC topology across two availability zones in the IBM Cloud us-south region.

License

Notifications You must be signed in to change notification settings

jaywarfield/codepattern-multitier-vpc

Repository files navigation

Build Status

Automate deployment of a multitier web app in a virtual private cloud

In this code pattern we will demonstrate using IBM Cloud Schematics with Schematics Workspace (HashiCorp Terraform) and Schematics Action (Red Hat Ansible) to automate infrastucture deployment and configuration for a multitier architecture that leverages IBM Cloud Virtual Private Cloud for public cloud isolation and separates the web/application and data tiers by deploying VSIs into isolated subnets across different availability zones with network isolation defined using Security Groups and ACLs. This automated approach leverages Solution Tutorial - Use Virtual Servers to build highly available and scalable web app.

Infrastructure features used include:

  • VPC public cloud isolation.
  • Logical network isolation using Security Groups and ACLs.
  • Layers on isolated subnets across zones.
  • RFC1918 private bring-your-own-IP addresses.
  • Global DDOS and Global Load Balancing.
  • Bastion and VPN for secure connectivity between on-premise and VPC.
  • SysDig and LogDNA for infrastructure and application monitoring.

Application products used include:

  • LAMP stack with Linux, MySQL, and PHP.
  • Apache is used as the Web Server.
  • WordPress (popular web, blog and e-commerce platform) demonstrates horizontal scalability across zones.
  • MySQL (typical open source database) demonstrates multiple database servers and replication strategy across zones.

When you have completed this code pattern, you will understand:

  • How to provision and configure a working VPC environment.
  • How to create Terraform scripts and use Schematics Workspace to provision infrastructure.
  • How to create Ansible playbooks and use Schematics Action to configure infrastructure.

Infrastructure Architecture

infrastructure

Infrastructure Flow

  1. Users access website from Internet.
  2. The website invokes Global LB.
  3. Global LB invokes Public ALB.
  4. Public ALB balances load to frontend VSIs across zones.
  5. Subnets have egress-only access via Public Gateway to Internet.
  6. Frontend VSIs invoke backend VSIs.
  7. Enterprise users access the VSIs via Floating IP to Bastion Host.
  8. Enterprise users/apps can also access the VSIs via VPN connection.

Application Architecture

application

Application Flow

  1. Users access website from Internet.
  2. The website invokes Global LB.
  3. Global LB invokes Public ALB.
  4. Public ALB balances load to frontend VSIs across zones.
`
  1. Frontend VSIs have Apache and Wordpress configured to implement the website.
  2. Frontend VSIs use the source database in the backend VSI.
  3. (Future) Frontend VSIs use the replica database in the backend VSI when necessary.
  4. (Future) Source and replica Databases are configured for replication across zones.

Steps

  1. Clone repo.
  2. Configure credentials.
  3. Create Schematics Workspace.
  4. Create Schematics Action.
  5. Apply Schematics Workspace.
  6. Run Schematics Action.
  7. Validate Internet Service.

1. Clone repo

Clone the codepattern-multitier-vpc repo locally. In a terminal, run:

git clone https://github.com/IBM/codepattern-multitier-vpc

2. Configure credentials

  • Make sure that you have the required IAM permissions to create and work with VPC infrastructure and Schematics permissions to create the workspace and deploy resources.

  • Generate an SSH key. The SSH key is required to access the provisioned VPC virtual server instances via the bastion host. After you have created your SSH key, make sure to upload this SSH key to your account in the VPC region and resource group where you want to deploy this example.

3. Create Schematics Workspace

  • Go to Schematics in cloud portal
  • Select Workspaces
  • Select Create workspace
  • Enter a name
  • Select Location
  • Select Create 
  • Go to Settings
  • Enter the GitHub URL
  • Select a Terraform version (tested with terraform_v0.14)
  • Select Save template information
  • Go to Variables
  • Review the Defaults for each variable
  • Select Edit and uncheck "Use default" to customize values and select Save, in particular:
Name Type Default Override value Sensitive
ssh-public-key string your-key Yes
vpc-name string webappvpc your-webappvpc No
resource-group string webapprg your-webapprg No
domain string mydomain.com your-domain.com No
cis-instance-name string mydomain.com your-domain.com No

4. Create Schematics Action

  • Go to Schematics in cloud portal
  • Select Actions
  • Select Create action
  • Enter a name for your action
  • Select Create to create your action
  • Go to Settings page
  • Enter URL of the Github repository
  • Select Retrieve playbooks
  • Select playbooks/site.yaml
  • Select Advanced options
  • Select Define your variables
  • Select Add input value with the following:
Key Value Sensitive
dbpassword securepassw0rd Yes
logdna_key 143c30a06ac6dfae03b3a84259bf1b9e Yes
sysdig_key 55e7f496-af78-4e0d-89f7-fa040e259ebd Yes
app_name www.yourdomain.com No
source_db 172.21.1.4 No
replica_db 172.21.9.4 No
  • Select Save
  • Select Edit inventory
  • Enter Bastion host IP from Terraform output
  • Select Create Inventory
  • Enter a name for your inventory
  • Select Define manual with the following:
Inventory
[webapptier]
172.21.0.4
172.21.8.4
[dbtier0]
172.21.1.4
[dbtier1]
172.21.9.4
  • Select Create inventory
  • Enter private SSH key (ensure newline at end of key is included)
  • Check Use same key
  • Select Save

5. Apply Schematics Workspace

  • Go to Schematics in cloud portal
  • Select Workspaces
  • Select your workspace
  • Select Generate plan to review plan
  • Select View log to review the plan execution log
  • Select Apply plan to provision plan
  • Select View log to review the apply execution log
  • Optionally review /var/log/cloud-init-output.log on each server
  • Note the Outputs at the end of apply execution log:
Name Value
app_name www.your-domain.com
bastionserver1 bastionIP1 (public)
bastionserver2 bastionIP2 (public)
ssh-bastionserver1 ssh root@bastionIP1
ssh-bastionserver2 ssh root@bastionIP2
replica_db 172.21.9.4
ssh-replicadb ssh -o ProxyJump=root@bastionIP2 root@172.21.9.4
source_db 172.21.1.4
ssh-sourcedb ssh -o ProxyJump=root@bastionIP1 root@172.21.1.4
webappserver1 172.21.0.4
ssh-webappserver1 ssh -o ProxyJump=root@bastionIP1 root@172.21.0.4
webappserver2 172.21.8.4
ssh-webappserver2 ssh -o ProxyJump=root@bastionIP2 root@172.21.8.4

6. Run Schematics Action

  • Go to Schematics in cloud portal
  • Select Actions
  • Select your action
  • Select Run action
  • Select View log to review the run action log

7. Validate Internet Service

  • Go to Internet Services in cloud portal
  • Select the service name you specified in Terraform
  • Wait for status to change from Pending to Active
  • Note the NS records

License

This code pattern is licensed under the Apache License, Version 2. Separate third-party code objects invoked within this code pattern are licensed by their respective providers pursuant to their own separate licenses. Contributions are subject to the Developer Certificate of Origin, Version 1.1 and the Apache License, Version 2.

Apache License FAQ

About

An example Terraform plan with Ansible playbook for deploying a Wordpress site into a VPC topology across two availability zones in the IBM Cloud us-south region.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published