6. Why so many layers?
Manage every layer by it-self
Optimize every layer by it-self
Scale every layer by it-self
Monitor every layer by it-self
Securize every layer by it-self
...
7. The Cloud
Add more resources when we need in seconds
Remove resources when we don't need them anymore
Reduce time to market
Turn a fixed cost into a variable costs
pay only for what you use
12. Security Groups
We will assign a different security-group for every group of VMs. In that
way we can apply our security policy in a simple and powerful way.
13. Security Map
Database layer (MySQL)
PORT 3306 <- from web layer
Cache layer (Memcached)
PORT 11211 <- from web layer
Web layer (Apache2)
PORT 80 <- from proxy layer
Proxy layer (Nginx)
PORT 80 <- from everywhere
15. We will use Salt-Cloud
It means that we also need to allow SSH connections from the "master"
Every "minion" has also another security-group "salt-minion" that allows
SSH connections from the "salt-master" instance
17. What about "salt-cloud"
Salt cloud is made to integrate Salt into cloud providers in a clean way
so that minions on public cloud systems can be quickly and easily
modeled and provisioned.
http://salt-cloud.readthedocs.org/en/latest/
18. salt-cloud for OpenStack
We need a Provider definition
enter‐openstack‐config:
minion:
master: 111.111.111.111
identity_url: https://api‐legacy.entercloudsuite.com:5000/v2.0/tokens
compute_name: nova
protocol: ipv4
compute_region: ItalyMilano1
user: name@user.tld
password: YourPassword
tenant: name@user.tld
provider: openstack
19. salt-cloud for OpenStack
We need VMs profiles
rdb:
provider: enter‐openstack‐config
size: e1standard.x4
image: GNU/Linux Ubuntu Server 12.04 LTS Precise Pangolin x64
ssh_username: ubuntu
ssh_key_file: /root/private‐key.pem
ssh_key_name: 'private‐key‐name'
ssh_interface: public_ips
security_groups: salt‐minion,mysql
networks:
‐ fixed:
‐ xxxxxxxx‐xxxx‐xxxx‐xxxx‐xxxxxxxxxxxx
web:
...
21. Enable Peer communication
allow Salt minions to pass commands to each other
peer:
.*:
‐ .*
We will use this features to share IP addresses
You can use "grains" or "mines" instead
25. Create a group of slaves
Can we paralelize all VM creation?
salt‐cloud ‐Pp PROFILE VM‐NAME VM‐NAME ...
"-P" option means "parallel"
salt‐cloud ‐Pp srdb
srdb.milan.enter.1.prod
srdb.milan.enter.2.prod
srdb.milan.enter.3.prod
27. Prepare all databases
Now we have a Master instance and 3 slaves
We have to prepare Read-Replicas
CHANGE MASTER TO
MASTER_HOST='xxx.xxx.xxx.xxx',
MASTER_USER='repl‐user',
MASTER_PASSWORD='repl‐pass',
MASTER_LOG_FILE='mysql‐bin‐xxxxx',
MASTER_LOG_POS=xxx
33. When we distribute the load
across a group of VMs all
information should be available
to the group otherwise we have
connectivity problems
Cache warm up, disconnected users, and more...
38. Database
The problem: no default multiple connections
MySQLi($host, $username, $password);
//PDO, ...
How to handle multiple connections? Write-Read and Read only?
Master/Slave Async Replication
42. Transaction Aware
By default MySQLND_MS is not transaction aware
trx_stickiness: master
BEGIN TRANSACTION
INSERT INTO ...
DELETE FROM
SELECT u1, u2, ... FROM ...
UPDATE FROM
COMMIT
47. NGINX as a proxy
upstream app {
server 192.168.0.10:80;
server 192.168.0.11:80;
server 192.168.0.12:80;
# web server list
}
server {
listen 80;
location / {
proxy_pass http://app;
}
}
48. NGINX proxy with Salt
upstream app {
{% for server,ip in salt['publish.publish']('web.*', 'network.interfaces').items() %}
server {{ ip.eth0.inet[0].address }}:80;
{% endfor %}
}
server {
listen 80;
location / {
proxy_pass http://app;
}
}