Nginx deployed through Terraform and Ansible

nginx deployed through terraform and ansible

Purpose

This Terraform deployment will set up a floating IP, 2 nodes with Nginx configures as load balancers, and 2 web nodes. Provisioning will be handled by Terraform and configuration will be done with Ansible. The repo used can be located here.

Prerequisites

  • You’ll need to install Terraform which will be used to handle Droplet provisioning.
  • In order to apply configuration changes to the newly provisioned Droplets, Ansible needs to be installed.
  • Ansible’s inventory will be handled by Terraform, so you’ll need terraform-inventory.
  • We’re going to need a DigitalOcean API key. The steps to generate a DigitalOcean API key can be found here.
  • Use the included gen_auth_key script to generate an auth key for your load balancing cluster.

Configuring

Let’s get Terraform ready to deploy. We’re going to be using terraform.tfvars to store values required such as API key, project name, SSH data, the number of backend nodes you want, etc. The sample file terraform.tfvars.sample has been supplied, just remember to remove the appended .sample. Once you have your all of the variables set, Terraform should be able to authenticate and deploy your Droplets.

Next we need to get Ansible set up by heading over to group_vars/all. You can start by renaming group_vars/all/load_balancer.sample as group_vars/all/load_balancer and uncomment do_token and lb_auth_token inside the file.

We’re going to be using ansible-vault to securely store your API key. At this point you should already be in group_vars/all, so you can now execute the following command, or something similar, in your terminal.

$ ansible-vault create keys

You will now be able to edit the file and set the values. The file should look something like this:

--- 
vault_do_token: umvkl89wsxwuuz4a1nyzap5rsyk4un9fza5qokd7nzrn42owfclv8gdqk3k5gzqlz
vault_lb_auth_key: 0dgivsxomvb80sx3uvd6u42j3920pbvveik007ec8

If needed, you can always go back in and edit the file by simply executing $ ansible-vault create keys. To prevent having to enter in --ask-vault-pass every time you execute your playbook, we’ll set up your password file and store that outside of the repo. You can do so by running the following command.

$ echo 'password' > ~/.vaultpass.txt

One last file to set up and we’ll be ready to go. You can rename vars.sample to just vars and open it for editing. This is where you’ll configure your upstream name, the document root, and server name that nginx will respond to. You can add multiple entries if you’d like as well. The file should look something like this.

sites:
  myapp1:
    doc_root: /var/www/html
    server_name: example.com www.example.com
  myapp2:
    doc_root: /var/www/html2
    server_name: sample.com www.sample.com

Okay, now everything should be set up and you’re ready to start provisioning and configuring your Droplets.

Deploying

We’ll start by using Terraform. Make sure you head back to the repository home. You can run a quick check and create an execution plan by running terraform plan.

Once you’re ready, use terraform apply to build the Droplets and floating IP. This should take about a minute or two depending on how many nodes you’re spinning up. Once it finishes up, wait about 30 seconds for the cloud-config commands that were passed in to complete.

We’re ready to begin configuring the Droplets. Execute the Ansible playbook to configure your Droplets by running the following

ansible-playbook -i /usr/local/bin/terraform-inventory site.yml

This playbook will install and configure heartbeat, your floating IP re-assignment script, install and configure ngingx load balancers, and your backend nodes. You should see a steady output which will state the role and step at which Ansible is currently running. If there are any errors, you can easily trace it back to the correct role and section of the task.

Follow-up steps

At this point, you will have two droplets with Nginx configured as load balancers, a floating IP to be re-assigned between the two at any time, and two web nodes which can be used to set up your application code base. Keep in mind that the app nodes configuration is very basic, but the template files and tasks can easily be altered to suit your needs. If you already have Droplets provisioned, you can import them into Terraform, as well as create an image from it and use the image ID to spin up additional nodes. Any additional configuration can simple by done by creating a simple Ansible role, or modifying the existing one.

Popular posts from this blog

Install gdu

Quick install script for go DiskUsage() If you want to quickly run through your file system usage and determine what’s eating up your storage space you can simply use gdu . This will install the gdu binary on your linux system. LATEST_VERSION=$(curl -LISs https://github.com/dundee/gdu/releases/latest | grep location | cut -d" " -f2) LATEST_VERSION=$(echo "${LATEST_VERSION##*/}" | tr -d '\r') PKG_NAME="gdu_linux_amd64.tgz" curl -LSs https://github.com/dundee/gdu/releases/download/${LATEST_VERSION}/${PKG_NAME} | sudo tar -xzf - -C /usr/local/bin/ sudo mv /usr/local/bin/{"${PKG_NAME%.*}",gdu} For more information on the features and how to use it, check out the gdu github .
Read more

Configure Postfix through cloud-init

Configure Postfix through cloud-init I recently decided to set up Nagios for monitoring a small cluster of nodes I’m running, and set up alerts to be sent out through email; however, I didn’t want those emails being sent directly from the VPS itself. What I did was set up this cloud-config script to be executed in order to spin up the VPS with postfix configured to connect to a Google email account in order to send out notification emails. This should help with minimizing the possibility that the email will be seen as spam and I won’t have to add additional IP addresses to my SPF record. Here’s the script for you to try out if you’re interested in getting this set up: #cloud-config packages: - postfix - mailutils - libsasl2-2 - ca-certificates - libsasl2-modules write_files: - path: /etc/postfix/sasl_passwd content: | [smtp.gmail.com]:587 [email protected]:PASSWORD owner: root:root permissions: 0400 runcmd: - sed -i 's/r...
Read more

resize your LVM partition

resize your LVM partition resizing your LVM partition So this process takes a little manual work but is pretty straight forward. We’re going to be using a DigitalOcean Droplet that was created using a custom image created from FreePBX distro 7. The issue was that the SSD was provisioned with 25G of storage, but the OS was only seeing 10G. Start off by extending the /dev/vda2 partition parted /dev/vda This will enter parted’s interactive mode. you’ll want to enter in the command resizepart , then enter the number of the partition you want to modify. In this case partition 2 . For the partition ‘end’ prompt you can enter in 100% or -1s . This next step is a little odd but you can enter an estimate for the total size that should be allocated for /dev/vda2. pvresize --setphysicalvolumesize 24.6G /dev/vda2 You’ll be see a prompt that actually states the real size. So you can just select no for the prompt to carry out the change and adjust the size on the command...
Read more