Merge branch 'master' of github.com:mosuke5/terraform_for_alibabacloud_examples

Author: mosuke5

mongo_cluster_sample/README.md

@@ -1,11 +1,12 @@
-# マルチゾーンをわたるMongoDBクラスタを構築サンプル
+# MongoDB cluster example 
+This is the repository to build multi-az MongoDb cluster.
+
 ![mongo](/image/architecture_mongo_cluster.png)
 
-このサンプルを実行するためには、各ゾーンのサブネット (vswitch作成)CIDRの設定とmongoインスタンススペックの設定
-が必要です。そして、システムを管理するために、`mongoadmin`ユーザーが作成されます。`mongoadmin`ユーザーへログイン
-するためには、各プロビジョンスクリプト (`provision_mongo.sh`及び`provision_snat.sh`)に、`mongoadmin`ユーザーの
-公開鍵と秘密鍵を設定する必要があります。
+You need to configure subnet(vswitch) and CIDR, mongodb instance spec.
+Provisioning scripts(`provision_mongo.sh` and `provision_snat.sh`) will provision `mongoadmin` user. In order to manage MongoDB, you can login as `mongodadmin` user. So, you need to configure your publickey and privatekey to `terraform.tfvars`.
 
+Following is example of `terraform.tfvars`.
 ```
 secret_key = ""
 access_key = ""
@@ -19,4 +20,4 @@ natgw_cidr = "10.0.128.0/20"
 mongo_primary_cidr = "10.0.0.0/19"
 mongo_secondary0_cidr = "10.0.32.0/19"
 mongo_secondary1_cidr = "10.0.64.0/19"
-```
+```

wordpress_advanced_sample/README.md

@@ -1,85 +1,76 @@
-# Advanced WordPress構築サンプル
-## 概要
-実践的なWordPress環境のサンプル  
-![wordpress](/image/architecture_wordpress_advanced_sample.png)
+# Advanced WordPress Example
+This is the example of building high available wordpress with SLB and ECS, RDS and so on. Architecture overview is [here](https://docs.google.com/presentation/d/1pqtbiJRGc3uUm8ulhMBf4SWm2WPCCrhgUInjm9DMYdc/edit?ts=5b1df94f#slide=id.g3bf33c5b60_0_77).
 
-- SLBの構築
-  - リスナーの設定
-  - バックエンドサーバの設定
-- ECS(WordPress用)の構築
-- ECS(踏み台用)の構築
-  - NATサーバとしての設定
-  - VRouterのルーティングテーブルへの追加
-- RDSの構築
-- VPCの構築
+1. Create VPC
+1. Create Vswitch
+1. Create Security Group and set some rules
+1. Create two ECS instances for wordpress application in Vswitch
+1. Create one ECS instance for bastion server in Vswitch
+1. Create EIP and bind it to bastion ECS instance
+1. Create NAT Gateway and add it to route table of VRouter
+1. Create a RDS instance in Vswitch and create database, db user
+1. Set ECS private ip address to RDS white list 
+
+## How to use
+You can build wordpress by following process. But if you want to operate wordpress in production environment, you need to configure more.
 
-## 利用方法
-基本的に下記の方法で実行可能です。
 ```
-// 事前準備
-$ cd wordpress_advanced_sample // 実行したいサンプルへ移動
 $ cp terraform.tfvars.sample terraform.tfvars
 $ vim terraform.tfvars 
-  -> API KEYや公開鍵など必要情報更新
-
-// Dry-Run
-$ terraform plan -var-file="terraform.tfvars"
+  => Edit variables with your favorite editor.
 
-// クラウドへ反映
-$ terraform apply -var-file="terraform.tfvars"
-(略)
-Apply complete! Resources: x added, 0 changed, 0 destroyed.
+// Deploy to Alibaba Cloud
+$ terraform apply
+...
+Apply complete! Resources: 26 added, 0 changed, 0 destroyed.
 
-// 出力にRDSへの接続アドレスや踏み台のEIPのアドレスなどが表示されます
 Outputs:
-ecs_private_ip = 192.168.1.xx,192.168.1.xx
-fumidai_eip = xx.xx.xx.xx
-slb_ip = yy.yy.yy.yy
-rds_connection_string = xxxxxxxxx.rds.aliyuncs.com
 
-// 踏み台ECSへ接続
-$ ssh ecs-user@xx.xx.xx.xx
+bastion_eip = <bastion_ip>
+ecs_private_ip = <wordpress_private_ip_1>,<wordpress_private_ip_2>
+rds_connection_string = <rds_connection_address>
+slb_ip = <slb_ip>
+```
 
-// WordPress ECSへ接続
-$ ssh root@192.168.1.xx
+```
+// Connect to bastion ECS instance
+$ ssh ecs-user@<bastion_ip>
 
-// WordPress ECSの設定
-$ wget https://raw.githubusercontent.com/mosuke5/terraform_for_alibabacloud_examples/master/wordpress_advanced_sample/provisioning_wordpress.sh
-$ sh provisioning_wordpress.sh
-/* このスクリプトで下記を行います
-  - ecs-userの作成(パスワードはデフォルトではTest1234)
-  - php, apacheのインストール
-  - wordpressの配置
-  - sshの設定(rootログイン禁止)
-*/
+// Then connect to wordpress ECS instance
+// You need to do this process two times, because you have two wordpress servers.
+$ ssh ecs-user@<wordpress_private_ip_1/2>
+  -> Default ecs-user password is "Test1234"
 
-// WordPressの設定
+// Configure wordpress
 $ cd /var/www/html/wordpress
 $ sudo cp wp-config-sample.php wp-config.php
 $ sudo vim wp-config.php
-/** WordPress のためのデータベース名 */
 define('DB_NAME', 'database_name_here');
-
-/** MySQL データベースのユーザー名 */
 define('DB_USER', 'username_here');
-
-/** MySQL データベースのパスワード */
 define('DB_PASSWORD', 'password_here');
-
-/** MySQL のホスト名 */
 define('DB_HOST', 'localhost');
+```
 
+After deploy and configuration to `wp-config.php`, let's access to your slb ip address.
+You will find wordpress installation screen.
 
-define('AUTH_KEY',         'put your unique phrase here');
-define('SECURE_AUTH_KEY',  'put your unique phrase here');
-define('LOGGED_IN_KEY',    'put your unique phrase here');
-define('NONCE_KEY',        'put your unique phrase here');
-define('AUTH_SALT',        'put your unique phrase here');
-define('SECURE_AUTH_SALT', 'put your unique phrase here');
-define('LOGGED_IN_SALT',   'put your unique phrase here');
-define('NONCE_SALT',       'put your unique phrase here');
-```
+`http://<your slb ip address>/wordpress`
+
+## Provisioning to ECS for wordpress
+Wordpress ECS will be provisioned to following settings by Ansible.
+
+- Install Apache
+- Install PHP
+- Deploy WordPress source code
+- Create `ecs-user`
+  - Add `ecs-user` to sudoers
+  - Add your public key to `/home/ecs-user/.ssh/authorized_keys`
+- Disable root account login
+
+## Provisioning to ECS for bastion
+Bastion ECS will be provisioned to following settings by Ansible.
 
-## 利用開始
-設定が完了したらブラウザから接続してみよう。  
-`http://<your slb address>/wordpress`
+- Create `ecs-user`
+  - Add `ecs-user` to sudoers
+  - Add your public key to `/home/ecs-user/.ssh/authorized_keys`
+- Disable password authentication and root account login

wordpress_advanced_sample/outputs.tf

@@ -2,7 +2,7 @@ output "slb_ip" {
     value = "${alicloud_slb.slb.address}"
 }
 
-output "fumidai_eip" {
+output "bastion_eip" {
     value = "${alicloud_eip.eip.ip_address}"
 }
 
@@ -11,5 +11,5 @@ output "ecs_private_ip" {
 }
 
 output "rds_connection_string" {
-    value = "${alicloud_db_instance.rds.connections.0.connection_string}"
+    value = "${alicloud_db_instance.db.connection_string}"
 }

wordpress_advanced_sample/playbook.yml

@@ -2,7 +2,7 @@
 - hosts: 127.0.0.1
   connection: local
   vars:
-    wordpress_url: "https://ja.wordpress.org/wordpress-4.8-ja.tar.gz"
+    wordpress_url: "https://wordpress.org/wordpress-4.9.6.tar.gz"
     user_name: "ecs-user"
   tasks:
   - name: be sure httpd is installed

wordpress_advanced_sample/playbook_fumidai.yml renamed to wordpress_advanced_sample/playbook_bastion.yml

@@ -2,7 +2,6 @@
 - hosts: 127.0.0.1
   connection: local
   vars:
-    wordpress_url: "https://ja.wordpress.org/wordpress-4.8-ja.tar.gz"
     user_name: "ecs-user"
   tasks:
   - name: create general user
@@ -35,9 +34,4 @@
       line='PasswordAuthentication no'
 
   - name: restart sshd
-    service: name=sshd state=restarted
-
-  - name: be sure iptables is installed
-    yum: name="{{ item }}" state=latest
-    with_items:
-    - iptables
+    service: name=sshd state=restarted

wordpress_advanced_sample/provisioning_wordpress.sh renamed to wordpress_advanced_sample/provisioning.sh

@@ -0,0 +1,5 @@
+yum install -y wget epel
+yum install -y ansible
+cd /root
+wget https://raw.githubusercontent.com/mosuke5/terraform_examples_for_alibabacloud/master/wordpress_advanced_sample/playbook_bastion.yml -O playbook.yml
+ansible-playbook playbook.yml