mirror of
https://github.com/KevinMidboe/schleppe-pulumi.git
synced 2026-01-05 08:55:51 +00:00
3.8 KiB
3.8 KiB
schleppe High Availability project
Defines code which describes a HA & cached scalable way of serving web applications.
Architecture
+-----------------------------------------------------------+
| REGION: EU |
| |
| +-------------- Floating IP ---------+ |
| | | |
| +----+---------+ +----+---------+ |
| | HAProxy #1 | | HAProxy #2 | |
| +----+---------+ +----+---------+ |
| \__________ active / standby _______/ |
| | |
| v |
| +------+--------+ |
| | haproxy (a) | |
| +----+----+--+--+ |
| | | A |
| direct | | | via cache |
| | v | |
| | +-+--+---------+ |
| | | varnish (n) | |
| | +------+-------+ |
| | | HIT / MISS |
| | | |
| +---------+ |
| | |
| v |
| +---------+-------+ |
| | web server (n) | |
| +-----------------+ |
| |
+-----------------------------------------------------------+
Where varnish & web server is 2-n number of instances. Currently two regions, EU & US.
infrastructure
Configured cloud resources in hezner with Pulumi.
# first time, init pulumi stack (name optional)
pulumi stack init kevinmidboe/hetzner
# required configuration values
pulumi config set sshPublicKey "$(cat ~/.ssh/id_ed25519.pub)"
pulumi config set --secret hcloud:token $HETZNER_API_KEY
# up infrastructure
pulumi up
# (optional w/ adding private IP)
# private ips struggle, need to run again to assign correctly
pulumi up
provision
Ansible is used to provision software and environments for software needed and services.
get ansible configuration values from pulumi output:
# generate inventory (manualy update inventory file)
./scripts/generate-inventory.sh | pbcopy
# following updates config files in place
./scripts/update-config_certbot-domains.sh
./scripts/update-config_webserver-ips.sh
run playbooks:
# install, configure & start haproxy
ansible-playbook plays/haproxy.yml -i hetzner.ini -l haproxy
# install, configure & start varnish
ansible-playbook plays/varnish.yml -i hetzner.ini -l varnish
# install web resources & dependencies, pull & starts docker containers
ansible-playbook plays/docker.yml -i hetzner.ini -l web
ansible-playbook plays/web.yml -i hetzner.ini -l web
Manual steps
- floating ip DNS registration
- extract variables from pulumi stack outputs
- add all cloudflare api keys
mkdir /root/.ssh/certbot/cloudflare_k9e-no.ini
- generate certs for appropriate domains
certbot certonly --agree-tos --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/certbot/cloudflare_k9e-no.ini -d k9e.no
- combine generated certs into a cert for traefik
cat /etc/letsencrypt/live/k9e.no/fullchain.pem /etc/letsencrypt/live/k9e.no/privkey.pem > /etc/haproxy/certs/ssl-k9e.no.pem