Mike-ntrt Infra repository
packer/app.json
& packer/db.json
- templates for creation base images for DB and App VM
terraform/modules/
contains 2 modules: DB and App, which used by Stage and Prod TF main files
terraform/stage/
& terraform/prod/
- an example of the infrastructure code reusability
it contains the same main.tf
files and may be modified by vars
terraform/stage/backend.tf
& terraform/prod/backend.tf
describes YC s3-like bucket
for saving terraform state file
the bucket was created manualy in YC web cli
terraform/modules/app/main.tf
contains provisioners for the app
create 2 app instances with provisioning by "file" and "remote-exec":
terraform/main.tf
describes instances with multiple resources by count
create a Load Balancer:
terraform/lb.tf
- describes a Target group and a YC LB resources with a dynamic "target" block uses for_each
loop to inerate over instances
create(bake) an OS image with app using template:
packer/immutable.json
- template with builder and provisioning blocks
packer/variables.json.examples
- vars for template
packer/files/puma.service
- systemd simple unit(type - service) to start app after after boot OS
packer/scripts/deploy.sh
copy unit file into /etc/systemd/system/
, enable and start service
how to start the build:
cd ./packer
packer validate -var-file=./variables.json ./immutable.json
packer build -var-file=./variables.json ./immutable.json
testapp_IP = 178.154.231.190
testapp_port = 9292
copy scripts to YC VM
scp ./deploy.sh yc-user@84.201.135.197:/home/yc-user
scp ./install_ruby.sh yc-user@84.201.135.197:/home/yc-user
scp ./install_mongodb.sh yc-user@84.201.135.197:/home/yc-user
connect to YC VM via ssh and start scripts one-by-one
use yc compute instance create
command with metadata in YML file:
yc compute instance create \
--name reddit-app \
--hostname reddit-app \
--memory=2 \
--create-boot-disk image-folder-id=standard-images,image-family=ubuntu-1604-lts,size=10GB \
--network-interface subnet-name=default-ru-central1-a,nat-ip-version=ipv4 \
--metadata serial-port-enable=1 \
--preemptible \
--core-fraction=5 \
--metadata-from-file user-data=./metadata.yml
metadata.yml contais Cloud Init modeles user and runcmd
bastion_IP = 84.201.175.59
someinternalhost_IP = 10.130.0.15
ssh connect oneline through Jumphost(option -J
):
ssh -i .ssh/appuser -A -J appuser@84.201.175.59 appuser@10.130.0.15
ssh connect via alias: add ssh config file (~/.ssh/config):
Host bastion
Hostname 84.201.175.59
User appuser
IdentityFile ~/.ssh/appuser
Host someinternalhost
Hostname 10.130.0.15
User appuser
IdentityFile ~/.ssh/appuser
ProxyJump bastion
ProxyJump is a short alias for ProxyCommand in the new versions of OpenSSH
connection string:
ssh someinternalhost
we need to install iptables into ubuntu 16.04 for pritunl
'sudo apt install iptables'
sslip.io resolve <ip>.sslip.io
into ip address
install Lets Encrypt tls certificate:
https://84.201.175.59 -> settings -> Lets Encrypt Domain -> 84.201.175.59.sslip.io
we use Tunnelblick to connect to pritunel server
connection to the Internalhost string:
ssh -i ~/.ssh/appuser appuser@10.130.0.15