terraform

We will use Terraform to create our resources.

1. SSL certificates

We are first going to create all AWS SSLs certificates in each AWS region.

[bastion] (ansible_virtualenv) ~/
$ cd ~/ansible_playbooks/echo/terraform/demo/echo/ssl
$ terraform init
$ terraform apply -var-file '../../vars_network.tf' -var-file '../../vars_network_echo.tf'
$ cd .. 

Sometimes the creation of the SSL certificates seems to never end: be patient, AWS could sometimes be very slow (10 minutes).
But if it still hangs and if it reached a Terraform’s timeout:

  • connect to AWS and go to the Certifcate Manager panel in the region where it hangs
  • delete the pending certificate validation
  • restart Terraform

2. Network

We are then going to create the network.

You will need to replace the following Terraform command-line parameters:

  • infrastructure_lb_monitor_path: this is a path that will be used by the AWS ELB and Cloudflare’s monitors to check the service is running
  • my_echo_socat_version: it’s the version number of our socat service, it’s the same used during the creation of the AMI

[bastion] (ansible_virtualenv) ~/ansible_playbooks/echo/terraform/demo/echo
$ cd network
$ terraform init
$ terraform apply -var-file '../../vars_network.tf' -var-file '../../vars_network_echo.tf' -var 'infrastructure_lb_monitor_path=/XXXX'
$ cd ..

3. HAProxy hosts

Then we are deploying the “HAProxy” hosts:

[bastion] (ansible_virtualenv) ~/ansible_playbooks/echo/terraform/demo/echo
$ cd system_haproxy
$ terraform init
$ terraform apply -var-file '../../vars_network.tf' -var-file '../../vars_network_echo.tf'
$ cd ..

4. socat hosts

And finally we are deploying the “socat” hosts (blue first):

[bastion] (ansible_virtualenv) ~/ansible_playbooks/echo/terraform/demo/echo
$ cd system_socat_blue
$ terraform init
$ terraform apply -var-file '../../vars_network.tf' -var-file '../../vars_network_echo.tf' -var 'my_echo_socat_version=1.0.0'
$ cd ..

5. Results

  1. You can see the results in the AWS Console:

    The SSL cert (one per region): AWS Echo SSL

    The instances: AWS Echo instances in Region1

    AWS Echo instances in Region2

    The Network Load-Balancers: AWS Echo LB in Region1

    AWS Echo LB in Region2

    The network: AWS Echo network in Region1

    AWS Echo network in Region2

  2. And also in the Cloudflare Console:

    The DNS entries Cloudflare DNS

    The DNS Load-Balancer: Cloudflare DNS LB

6. Next page!

And we are done, let’s provision the hosts with Ansible.