Yes, I’m afraid it’s yet another HEAT LAMP stack. This stack however includes some of the enhancements that Fujitsu have developed for Neutron and Heat. It deploys an apache server and a mysql server in both availability zones. It also links both of these AZs together to facilitate the replication and synchronisation traffic between these servers by using a network connector. A load balancer is also deployed on each subnet and contains both of the apache servers in its pool.
Note: Unfortunately I have not had the time to configure and debug apache or mysql scripts, only the software is installed but there are many articles on these topics in the blogosphere – just Yahoo for some examples… lol! Also the load balancers should finally be ‘balanced’ themselves using an external HA DNS service to ensure no single point of failure.
The diagram below outlines the infrastructure that will be built using the stack discussed in this blog.
The following prerequisites are required for a successful deployment of this stack.
Virtual Routers: An internet connected virtual router should be created in each availability zone and the parameters associated with these routers added to the stack.
Get each router id, which needs to be amended in the example stack, and note the name of their external network that is used by each router –
External Networks: Using the external network names identified above in the gateway settings locate the network ids of these external, also referred to as public, networks and amend these values in the example stack –
SSH Keys: Create an ssh key pair in each availability zone and amend their names in the example stack –
Image: Select the image that you wish to use and amend this parameter in the example stack. Note: The ‘UserData’ deployment scripts within the stack have been tested on CentOS7.2. If you decide to deploy a different version OS it will be necessary to modify these scripts with the commands required by the chosen OS.
Once all of these parameters have been configured it’s time to launch your stack, but first let me very briefly discuss the main sections –
Here are all the input parameters that need to be modified to suit your environment –
Next we create the two private networks, one in each availability zone and connect them to their respective existing routers –
Now we define all the security groups and rules that we wish to use in the stack. Note : The security groups have been left “wide open” for easy of testing. Please ensure to lock these down in a production scenario to improve security –
Next we define our two load balancers and note the use of the ‘depends_on’ statement here to ensure that these are not built until after the two apache servers are built as their details are a prerequisite of the load balancer creation –
Now we define all of our servers which consists of a jump box that we’ll give a global (floating) ip address to, 2 servers with web software loaded and finally two servers with mysql loaded. Note that I’ve deliberately defined static ip addresses everywhere as this procedure was not published in many places online. This is over kill and you could just leverage DHCP if desired. Production environments tend to like consistency and repeat-ability for some strange reason 😉 Anyone ever heard of CI/CD flows.
Finally we have the network connector section. This forms the layer 3 link between the two subnets in the different availability zones. This is the link that will carry all the replication and synchronization traffic between the servers. Logically it would probably have been better to move this to the networking section of this post but I dare not change it now for fear of introducing a typo and I’ve no time to retest – what’s currently on github works 🙂
If you haven’t already gone straight to github then here’s what you’ll want to download and play with in one easy gist –
Save the above file to you local disk and once you’ve amended the parameters outlined earlier then launch the stack from the K5 gui selecting the file option. After several minutes you should end up with something like this –
Now all you need to do is login and configure your software – as mentioned earlier yes you can automate ALL of the above but my focus here is to demonstrate the K5 infrastructure components.