Highly-Available WordPress Setup inside AWS VPC using Terraform & Ansible

In this post,we’ll create the Infrastructure for Highly-Available WordPress website over AWS using Terraform and then install the WordPress using Ansible. If you don’t know about the Terraform, please check this link.

We’ll use the Terraform to create the fully operational AWS VPC infrastructure(subnets,routeing tables,igw etc), it will also create everything that need to be for creating EC2 and RDS instances (security key, security group, subnet group). It will also create the Elastic Load Balancer and add the EC2 instance(s) automatically to it as well as creating the Route53 entry for this wordpress site and add the ELB alias to it.

Ansible will be used to deploy the wordpress on the EC2 instances that have been created via Terraform, that will be fault tolerant and highly available.

Requirements:

  • Terraform
  • Ansible
  • AWS admin access

Tools Used:

#ansible --version
ansible 2.0.0.2
 config file = /etc/ansible/ansible.cfg
 configured module search path = Default w/o overrides
#terraform version
Terraform v0.6.11

Before using the terraform, we need to export AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as environment variables:

export AWS_ACCESS_KEY_ID="xxxxxxxxxxxxxxxx"
export AWS_SECRET_ACCESS_KEY="yyyyyyyyyyyyyyyyyyyy"

After doing/verifying all the above things, download this Repository from the GitHub:

git clone https://github.com/arbabnazar/terraform-ansible-aws-vpc-ha-wordpress.git
cd terraform-aws

Terraform AWS Modules:

The purpose of Terraform AWS Modules are to create a fully operational AWS VPC infrastructure(subnets,routeing tables,igw etc), it will also create everything that need to be for creating EC2 and RDS instances (security key, security group, subnet group).

It will also create the Elastic Load Balancer and add the EC2 instance(s) automatically that were created using this playbook as well as creating the Route53 entry for this site and add the ELB alias to it.

Terraform AWS Modules Tasks:

  • Create  VPC with 4 x VPC subnets(2 x public, 2 x private) in different AZ zones inside the AWS region
  • Create the AWS key pair with the provided public key
  • Create 1 x security group for each(SSH,Webservers,RDS and ELB)
  • Provision 2 x EC2 instances(Ubuntu 14.04 LTS) in 2 different public AZ
  • Provision 1 x RDS instance in private subnets
  • Launch and configure public facing VPC ELB (cross_az_load_balancing) and attach VPC subnets
  • Register EC2 instances on ELB
  • Take the ELB dnsname and register/create dns entry in Route53

All informations about VPC, Webserver, RDS, ELB, Route53 are defined in their respective modules.

Variables for your Infrastructure:

Rename the file called terraform.tfvars-sample into the terraform.tfvars and change the values as per your requirement:

mv terraform.tfvars-sample terraform.tfvars

To Generate and show an execution plan (dry run):

terraform plan

To Builds or makes actual changes in infrastructure:

terraform apply

To inspect Terraform state or plan:

terraform show

To destroy Terraform-managed infrastructure:

terraform destroy

Note: Terraform stores the state of the managed infrastructure from the last time Terraform was run. Terraform uses the state to create plans and make changes to the infrastructure.

After successful completion of terraform plan, login to the AWS Web Console and verify the resources:

VPC:

vpc-1

vpc-2

vpc-3

vpc-4

EC2:

ec2-1

ec2-2

ec2-3

ec2-4

RDS:

rds-1

rds-2

Route53:

route53

Ansible Role after Terraform Provisioning:

Once the Terraform will create all the resources over AWS, you can use the Ansible to install the wordpress over the EC2 instance(s). To use the provided role, move into the ansible directory:

cd ansible

Provided role will install the wordpress on all the servers that have been created via the terraform. To use the provided role, run the following command:

ansible-playbook site.yml -e@../secret/secure.yml -e@../terraform-aws/tendo-dev.yml

and use this command if you are using encrypted file:

ansible-playbook site.yml -e@../secret/secure.yml -e@../terraform-aws/tendo-dev.yml --ask-vault-pass
  • where secure.yml file will be used to overwrite the variables inside the role. This file must keep secure using ansible vault but I have left it encrypted so that you can take an idea that what it’s contain while tendo-dev.yml contain the dnsname of the RDS and this file will create during the terraform execution and it’s name based on the values of these variables:
    • name
    • environment

Note: terraform.py is dynamic inventory created by CiscoCloud

After successful completion of these tasks, it will show you the summary, something like this:

ansible-finish

Navigate to the site in web browser using the fqdn(in my case, it is http://www.rbgeek.com), and verify that the wordpress is installed successfully:

wordpress

Enjoy :-)

Hope this will help you!

Please Remember me in your prayers!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: