Skip to content

Commit

Permalink
Add two regions app lb example (#78)
Browse files Browse the repository at this point in the history 
Add two regions app lb example
  • Loading branch information
D Schwabe committed Sep 6, 2018
1 parent 302084c commit 1a9bca2
Show file tree
Hide file tree
Showing 8 changed files with 484 additions and 1 deletion.
29 changes: 29 additions & 0 deletions sources/AnyApp-stateless/index.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
<html>
<head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type"><title>Home</title>
<link href='https://fonts.googleapis.com/css?family=Poiret One' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
</head>
<body>

<div class=container>
<div class=page-header>
<div style="font-family: Poiret One; font-size: 1.5em; letter-spacing: 0.3em;">

<?php
echo "<br>";
echo "<h1> AnyApp (stateless)</h1>";
echo "<br>";
echo "Backend server: ";
echo "<br>";
echo gethostname() . " (" . $_SERVER["SERVER_ADDR"] . ")";
echo "<br>";
?>

</div>
</div>
</div>
</body>
</html>


4 changes: 3 additions & 1 deletion sources/AnyApp/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,9 @@
}
echo "<br>";
echo "<br>";
echo "Backend server ".$_SERVER["SERVER_ADDR"];
echo "Backend server: ";
echo "<br>";
echo gethostname() . " (" . $_SERVER["SERVER_ADDR"] . ")";
echo "<br>";

#$conn_string = "host=db0 port=5432 dbname=syseleven user=syseleven password=syseleven_pass";
Expand Down
52 changes: 52 additions & 0 deletions two-regions-app-lb/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# Two Regions application behind LoadBalancer

## Overview

Using this template you can launch a simple application setup split over two regions and behind a load-balancer. You only need to enter your ssh key in the parameter
section of the `masterstack.yaml` template.
The stack overview shows the FIP(s) as well as the security group assignment command example in the outputs section.

![network topology](img/tworegionsapplbhorizonstackoutput.png)

## Usage

### Initial launch

- Configure your ssh key in the parameter of the `masterstack.yaml` template.
- Create a stack with this template: `openstack stack create -t masterstack.yaml <new stackName>`
- Once the stack creation has finished and every resource was built the LB port requires a security group. The command how to assign the security group to the LB port is shown in the output section of the masterstack. It needs to be executed in region dbl, since the load-balancer runs there.

## Code organisation

The file masterstack.yaml references the resources in region.yaml and balancer.yaml via heat substacks.

## Parameters

**app_port**
Defines the app port used for instances.

**lb_port**
Defines the port used for the load-balancer.

**ssh_keys**
Defines the ssh keys to be used for instances.

**image**
Defines the image to be used for instances.

**public_network**
References the external network connected to the internet.

## Outputs

**assign_sec_group_cli**
Provides the command that can be used to assign the security group to the load-balancer port to make it available from the outside.

**region1**
Public IP to access backend in region1 (cbk)

**region2**
Public IP to access backend in region2 (dbl)

**balancer**
Public IP of the loadbalancer in region2 (dbl)
141 changes: 141 additions & 0 deletions two-regions-app-lb/balancer.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,141 @@
heat_template_version: 2016-04-08

description: loadbalancer using backends defined in other stacks

parameters:

app_port:
type: number
lb_port:
type: number
public_network:
type: string
description: Network used by the load balancer
default: ext-net
backend1:
type: string
description: FIP used from region 1 (cbk)
backend2:
type: string
description: FIP used from region 2 (dbl)

resources:

syseleven_net:
type: OS::Neutron::Net
properties:
name: syseleven-net

syseleven_subnet:
type: OS::Neutron::Subnet
depends_on: [ syseleven_net ]
properties:
name: syseleven_subnet
dns_nameservers:
- 8.8.8.8
- 4.4.4.4
network: { get_resource: syseleven_net }
ip_version: 4
cidr: 192.168.2.0/24
allocation_pools:
- {start: 192.168.2.10, end: 192.168.2.250}

syseleven_router:
type: OS::Neutron::Router
properties:
external_gateway_info: { "network": { get_param: public_network }}

router_subnet_connect:
type: OS::Neutron::RouterInterface
depends_on: [ syseleven_router, syseleven_subnet ]
properties:
router: { get_resource: syseleven_router }
subnet: { get_resource: syseleven_subnet }


sec_group:
type: OS::Neutron::SecurityGroup
properties:
rules:
- remote_ip_prefix: 0.0.0.0/0
protocol: tcp
port_range_min: { get_param: lb_port }
port_range_max: { get_param: lb_port }

monitor:
type: OS::Neutron::LBaaS::HealthMonitor
depends_on: [ pool ]
properties:
delay: 3
type: TCP
timeout: 2
max_retries: 3
pool: { get_resource: pool }

pool:
type: OS::Neutron::LBaaS::Pool
depends_on: [ listener ]
properties:
lb_algorithm: ROUND_ROBIN
protocol: TCP
listener: { get_resource: listener }

listener:
type: OS::Neutron::LBaaS::Listener
depends_on: [ loadbalancer ]
properties:
loadbalancer: { get_resource: loadbalancer }
protocol: TCP
protocol_port: { get_param: lb_port }

loadbalancer:
depends_on: [ router_subnet_connect ]
type: OS::Neutron::LBaaS::LoadBalancer
properties:
vip_subnet: { get_resource: syseleven_subnet }

floating_ip:
type: OS::Neutron::FloatingIP
depends_on: [ loadbalancer ]
properties:
floating_network: { get_param: public_network }
port_id: { get_attr: [ loadbalancer, vip_port_id ] }

pool_member1:
type: OS::Neutron::LBaaS::PoolMember
depends_on: [ pool, syseleven_subnet ]
properties:
pool: { get_resource: pool }
address: { get_param: backend1 }
protocol_port: { get_param: app_port }
subnet: { get_resource: syseleven_subnet }

pool_member2:
type: OS::Neutron::LBaaS::PoolMember
depends_on: [ pool, syseleven_subnet ]
properties:
pool: { get_resource: pool }
address: { get_param: backend2 }
protocol_port: { get_param: app_port }
subnet: { get_resource: syseleven_subnet }

outputs:

lb_fip:
value: { get_attr: [ floating_ip, floating_ip_address ] }
lb_network_port:
value: { get_attr: [ loadbalancer, vip_port_id ] }
lb_secgroup:
value: { get_resource: sec_group }
assign_sec_group:
value:
str_replace:
template: openstack port set --security-group SECGROUP LBPORT
params:
SECGROUP: { get_resource: sec_group }
LBPORT: { get_attr: [ loadbalancer, vip_port_id ] }
description: >
This command can be used to connect security groups to the
load balancer port. The LB is accessible from the outside once
the security group is assigned.
Binary file added two-regions-app-lb/img/tworegionsapplbhorizonstackoutput.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
103 changes: 103 additions & 0 deletions two-regions-app-lb/masterstack.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
heat_template_version: 2016-04-08

description: This template launches application instances in two regions behind a LoadBalancer.

parameters:

app_port:
type: number
default: 80
description: Port used by the servers
lb_port:
type: number
default: 80
description: Port used by the load balancer
image:
type: string
description: Image used by instances
default: "Ubuntu 18.04 LTS sys11 optimized - 2018-08-13"
ssh_keys:
type: comma_delimited_list
description: SSH-Key injected into instances
default:
- 'ssh-rsa REPLACE_THIS_WITH_YOUR_OWN_SSH_PUBLIC_KEY email_or_comment_are_optional'
- 'ssh-rsa YOU_CAN_SPECIFY_MULTIPLE_SSH_PUBLIC_KEYS_LIKE_THIS it_is_still_optional'

resources:

region1:
type: OS::Heat::Stack
properties:
context:
region_name: cbk
template: { get_file: region.yaml }
parameters:
backend_name:
list_join: [ '-', [ { get_param: "OS::stack_name" }, 'region1']]
app_port: { get_param: app_port }
image: { get_param: image }
ssh_keys: { get_param: ssh_keys }

region2:
type: OS::Heat::Stack
properties:
context:
region_name: dbl
template: { get_file: region.yaml }
parameters:
backend_name:
list_join: [ '-', [ { get_param: "OS::stack_name" }, 'region2']]
app_port: { get_param: app_port }
image: { get_param: image }
ssh_keys: { get_param: ssh_keys }

balancer:
type: OS::Heat::Stack
depends_on: [ region1, region2 ]
properties:
context:
region_name: dbl
template: { get_file: balancer.yaml }
parameters:
backend1: { get_attr: [ region1, outputs, fip1 ] }
backend2: { get_attr: [ region2, outputs, fip1 ] }
app_port: { get_param: app_port }
lb_port: { get_param: lb_port }

# PLACEHOLDER ################
# Currently it is not possible to get sec group association working with HEAT
# sec_group_association:
# type: OS::Heat::Stack
# depends_on: [ balancer ]
# properties:
# context:
# region_name: dbl
# template: { get_file: sec_group_attach.yaml }
# parameters:
# lb_network_port: { get_attr: [ balancer, outputs, lb_network_port ] }
# lb_secgroup: { get_attr: [ balancer, outputs, lb_secgroup ] }
# PLACEHOLDER ################

outputs:

region1:
value: { get_attr: [ region1, outputs, fip1 ] }
description: Public IP to access backend in region1 (cbk)
region2:
value: { get_attr: [ region2, outputs, fip1 ] }
description: Public IP to access backend in region2 (dbl)
balancer:
value: { get_attr: [ balancer, outputs, lb_fip ] }
description: Public IP of the loadbalancer in region2 (dbl)
assign_sec_group:
value:
str_replace:
template: openstack port set --security-group SECGROUP LBPORT
params:
SECGROUP: { get_attr: [ balancer, outputs, lb_secgroup ] }
LBPORT: { get_attr: [ balancer, outputs, lb_network_port ] }
description: >
This command can be used to connect security groups to the
load balancer port. The LB is accessible from the outside once
the security group is assigned.
Loading

0 comments on commit 1a9bca2

Please sign in to comment.