You're a developer and you want to ship your awesome application. It's easy and you have so much choice whether it's through Netlify, Vercel, AWS Amplify or the 1000 other PaaS. In most cases you sign up to a PaaS and do the following:
- Point to your repository
- ???
- Profit
Just to be clear, this is a great thing and it allows developers to focus on bringing value to their application.
I've often been curious about what goes on behind the hood though, especially when it comes to production environments. I hear of load balancing, nginx, caching, SSL termination, MTLS, configuring databases in Linux, security and all these other scary things when it comes to infrastructure. Also how do you configure the infrastructure to serve an application in production?
The point of this project is to help provide an understanding of infrastructure and to know a bit about what's being abstracted away by a PaaS.
One way of approaching this is to identify the individual components needed, like an nginx load balancer, sign up to a cloud provider like AWS, spin up an EC2 instance, ssh into it, install all of the necessary dependencies for nginx, install nginx and configuring nginx and using systemctl to restart the nginx service. This is a rather long winded, highly manual and it'll cost money.
So instead of EC2 instances, what if we could use vagrant machines on your local machine instead and assign an ip address to each vagrant machine? And instead of manually SSH'ing into your vagrant machine and configuring it each time, what if you could automate this process in an idempotent way? In fact, what if you could spin up a vagrant machine, install dependencies for nginx, install nginx, configure nginx, restart nginx and confirm it's all working in an automated and idempotent way?
My friends, this is what this project is all about. This project is an attempt for me to educate myself on what is generally required, from an infrastructure perspective and configuration perspective, to deploy a website that has a client, server and database. We'll be spinning up Vagrant machines and setting them all up to get an idea of what it takes to deploy an application and what a PaaS might be abstracting away from us.
The automation is achieved with Ansible, an automation tool by RedHat. Though we could use bash scripts to write our automation, coding for idempotency is notoriously difficult. Ansible is an industry standard tool for automation that handles idempotency so it only makes sense to use the right tool for the right job. Although I am aware of Chef and dabbled a bit in it, my preference is Ansible so that's what's being used here.
- Ansible
- Vagrant
- Next.js
- Docker
- nginx
- Django
- Postgres
Ensure you have Ansible and Vagrant installed. If you do not have these installed, the start up script will prompt you with how to install these.
Below is an example of how you can instruct your audience on installing and setting up your app. This template doesn't rely on any external dependencies or services.
To start the project
./infra/deploy-infra.sh
The above shell script will run an Ansible playbook to start the entire project.
To destroy the project
./infra/destroy-infra.sh
The above shell script will run an Ansible playbook to destroy the entire project.
Though you don't need to, if you wish to amend any variables related to this project, they can be amended in the infra/vars/main.yml
file.
When the ansible playbook has finished, go to your favourite web browser and enter the IP address of the frontendLoadBalancer found in ./infra/Vagrantfile
. Example:
frontendLoadBalancer.vm.network "private_network", ip: "10.2.2.201"
You should see a next.js we application that can successfully communicate with the backend.
- Add diagram of project
- Install and fix Nginx SSL in backend. When frontend making request, it has to be on https
- Django admin accessible through through ip address of frontend/admin
- Write up about nginx servers for frontend
- Write up about SSL termination
- For CORS we want to avoid '*'. Find a way to enable multiple Access-Control-Allow-Origin headers.
Nima Soufiani - Linkedin
Project Link: https://github.com/Nimzyow/ansible-infra-project
A few notes on ssh'ing or scp'ing into vagrant machine
If you ssh into the vagrant machine by using vagrant ssh
and run:
cat ~/.ssh/authroized_keys
you'll see a list of public authorized public keys
One is meant to have the private key in hand to be able to ssh or scp or do any shell related activity from one machine to the vagrant machine
So in the case of your local macbook ssh'ing into a locally spun up vagrant machine you could scp something over via:
scp -i /Users/yournameprobably/.vagrant.d/insecure_private_keys/vagrant.key.rsa -P 2222 ./some_file.txt vagrant@127.0.0.1:/home/vagrant
To ssh:
ssh -i /Users/yournameprobably/.vagrant.d/insecure_private_keys/vagrant.key.rsa -p 2222 vagrant@127.0.0.1