Skip to content

An example Terraform plan with Ansible playbook for deploying a Wordpress site into a VPC topology across two availability zones in the IBM Cloud us-south region.

Notifications You must be signed in to change notification settings

jonghall/ibmcloud-terraform-vpc

Repository files navigation

Deploying a n-Tier Web App in a Virtual Private Cloud using Terraform & Ansible

Purpose

The purpose of this project is to demonstrate, through the use of a reuseable asset, the concept of Infrastructure as code and how it can enable the ability to automate deployment facilitating a more consistent and faster development, testing, and deployment of workloads into a cloud, using the IBM Cloud VPC Infrastructure, HashiCorp's Terraform, and Red Hat's Ansible.

A n-tier architecture was chosen as a typical cloud workload for this example. A n-tier architecture separates the web / application and data tiers by placing them into separate sub-networks which are logically isolated using virtual network security constructs which can be defined and configured via an API. WordPress, a popular web, blog and e-commerce platform and MySQL, a typical open source database, installed on top of a LAMP stack were chosen as the core software stack because to their simplicity and broad acceptance. Nginx and Nginx Unit were chosen as the Web Server and Application Servers respectively.

The main objectives of this project is to educate enterprise DevOps users and system administrators on how to leverage both the features of IBM Cloud VPC Infrastructure as well as how to use the IBM Cloud Terraform Provider and Ansible to deploy and fully configure a working n-tier application.

This automated approach leveraged previous Solution Tutorials - Highly Available & Scalable Web App documentation.

High Level Architecture

  1. Infrastructure
  • Public Cloud isolation using a VPC
  • RFC1918 private bring-your-own-IP addresses
  • Application and data layers deployed on isolated subnets accross different availability zones
  • Network isolation defined logically using Security Groups and ACLs
  • Global DDOS and Global Load Balancing
  • VPN-as-a-Service to establish remote secure connectivity between on-pream and the VPC
  • SysDig & LogDNA for infrastructure and application monitoring
  1. Application
  • A horizontally scaleable web application deployed into a two different availability zones
  • Multiple database servers across two availability zones
  • A master/slave data replication strategy across availability zones

VPC Architecture

Below is the IBM Virtual Private Cloud (VPC) architecture of the solution showing public isolation for both Application (through a Load Balancer) and data.

Infrastructure Architecture

3tier Web App - Infrastructure

Application Architecture

3tuer Web App - Application

Not depicted in drawings

  • VPNaaS or any VPN Connections
  • Cloud Internet Services (GLB function or DNS)
  • Management Flows

Assumptions and Limitations

  • This documentation is meant to be used for illustrative and learning purposes primarily.
  • This document expects the reader to have a basic level of understanding of network infrastructure, Terraform, Ansible and application deployment on a Linux environment.
  • The solution will implement HTTP only for simplicity.
  • A MySQL database server was implemented on Infrastructure versus as-a-service to illustrate both the ability to define logical tiers between subnets as well as to show the ability to automate deployment and configuration tasks.
  • Ansible is used for all post configuration tasks.

VPC Functional Coverage

Function Demonstrated Notes
VPC
Terraform
Ansible
Resource Groups Assigned, but assumed to be created already.
Access Groups Inherited, but assumed to already be created
Subnets
Private (RFC1918) IP (BYOIP)
ACLs
Security Groups
Virtual Server Instance (VSI)
Cloud-init Package installation and configuration beyond base OS image.
Secondary Storage Not used in this scenario
Multiple Network Interfaces in VSI
Load Balancer as a Service Public Only
Floating IPv4 Not required for workload.
Public Gateway
VPNaaS
Cloud Internet Services (CIS) GLB configured for illustrative purposes with DDOS proxy
IBM Cloud Monitoring with Sysdig Public endpoint used
IBM Cloud Log Analysis with LogDNA Public endpoint Used

System Requirements

Operating system

Tier Operating system
Web Server & Application Ubuntu 16.04
Data Ubuntu 16.04

Hardware

Tier Type Profile
Web Server and Application VSI cc1-2x4
Data VSI bc1-4x16

Runtime Services

Service Name Demonstrated Notes
Cloud Internet Services (CIS) GLB GLB configured for illustrative purposes with DDOS proxy. Alternatively a CNAME could have been used to publish the application URL.
IBM Cloud Monitoring with Sysdig Public endpoint used
IBM Cloud Log Analysis with LogDNA Public endpoint Used
IBM Cloud Databases A VSI based instance of MySQL was chosen instead of a Database-as-a-Service capability to illustrate both the ability to create logial network constructs and security and the ability to use Terraform and Ansible to configure the environment.

Documented Steps

Prerequisites

The following software needs to be installed:

  1. Terraform 0.11 or greater
  2. IBM Cloud Terraform Provider version 0.17.1
  3. Ansible 2.8

The following must be configured prior to running Terraform / Ansible

  1. A Public SSH key as described in SSH Keys.
  2. A resource group exists and is referenced in configuration as described in Managing resource groups
  3. User permissions and the required access as described in Managing user permissions for VPC resources

Deploy VPC Infrastructure using Terraform & Ansible

  1. Deploy Infrastructure using Terraform
  2. Establish site-to-site VPN
  3. Configure Application Layer using Ansible

Additional Documentation Provided

Useful links for Terraform and Ansible

Terraform Documentation

The IBM Cloud Provider for Terraform Documentation

Ansible Documentation

Useful links for IBM Cloud VPC documentation.

Getting started with IBM Cloud Virtual Private Cloud

Assigning role-based access to VPC resources

IBM Cloud CLI for VPC Reference

VPC API

IBM Cloud Virtual Private Cloud API error messages

About

An example Terraform plan with Ansible playbook for deploying a Wordpress site into a VPC topology across two availability zones in the IBM Cloud us-south region.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published