Fault-tolerant website with load balancing via Yandex Network Load Balancer using Terraform
To create a fault-tolerant site with load balancing via Yandex Network Load Balancer using Terraform:
- Get your cloud ready.
- Create your infrastructure.
- Upload the website files.
- Run a fault tolerance test.
If you no longer need the resources you created, delete them.
Get your cloud ready
Sign up in Yandex Cloud and create a billing account:
- Navigate to the management console and log in to Yandex Cloud or register a new account.
- On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the
ACTIVEorTRIAL_ACTIVEstatus. If you do not have a billing account, create one and link a cloud to it.
If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure to operate in.
Learn more about clouds and folders.
Required paid resources
The website support cost includes:
- Fee for disks and continuously running VMs (see Yandex Compute Cloud pricing).
- Fee for using dynamic or static public IP addresses (see Yandex Virtual Private Cloud pricing).
- Fee for a network load balancer and traffic balancing (see Network Load Balancer pricing).
Create an infrastructure
With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.
For more information about the provider resources, see the documentation on the Terraform website or mirror website.
To create an infrastructure using Terraform:
-
Install Terraform, get the authentication credentials, and specify the source for installing the Yandex Cloud provider (see Configure a provider, step 1).
-
Prepare your infrastructure description files:
Ready-made configurationManually-
Clone the repository with configuration files:
git clone https://github.com/yandex-cloud-examples/yc-nlb-fault-tolerant-site.git -
Navigate to the repository directory. It should now contain the
load-balancer.tffile with the new infrastructure configuration.
-
Create a folder.
-
In this folder, create the
load-balancer.tfconfiguration file:load-balancer.tf
terraform { required_providers { yandex = { source = "yandex-cloud/yandex" version = ">= 0.47.0" } } } provider "yandex" { zone = "ru-central1-a" } variable "folder_id" { description = "Yandex Cloud Folder ID where resources will be created" default = "<folder_ID>" } resource "yandex_iam_service_account" "ig-sa" { name = "ig-sa" } resource "yandex_resourcemanager_folder_iam_member" "editor" { folder_id = var.folder_id role = "editor" member = "serviceAccount:${yandex_iam_service_account.ig-sa.id}" } resource "yandex_compute_instance_group" "ig-1" { name = "nlb-vm-group" folder_id = var.folder_id service_account_id = "${yandex_iam_service_account.ig-sa.id}" instance_template { platform_id = "standard-v3" resources { core_fraction = 20 memory = 1 cores = 2 } boot_disk { mode = "READ_WRITE" initialize_params { image_id = "<image_ID>" type = "network-hdd" size = 3 } } network_interface { network_id = "${yandex_vpc_network.network-1.id}" subnet_ids = ["${yandex_vpc_subnet.subnet-1.id}","${yandex_vpc_subnet.subnet-2.id}" ] nat = true } metadata = { user-data = "#cloud-config\nusers:\n - name: <username>\n groups: sudo\n shell: /bin/bash\n sudo: 'ALL=(ALL) NOPASSWD:ALL'\n ssh_authorized_keys:\n - ${file("<path_to_public_SSH_key>")}" } } scale_policy { fixed_scale { size = 2 } } allocation_policy { zones = ["ru-central1-a", "ru-central1-b"] } deploy_policy { max_unavailable = 1 max_expansion = 0 } load_balancer { target_group_name = "nlb-tg" } } resource "yandex_lb_network_load_balancer" "foo" { name = "nlb-1" listener { name = "nlb-listener" port = 80 } attached_target_group { target_group_id = "${yandex_compute_instance_group.ig-1.load_balancer.0.target_group_id}" healthcheck { name = "health-check-1" unhealthy_threshold = 5 healthy_threshold = 5 http_options { port = 80 } } } } resource "yandex_vpc_network" "network-1" { name = "network1" } resource "yandex_vpc_subnet" "subnet-1" { name = "subnet1" zone = "ru-central1-a" network_id = "${yandex_vpc_network.network-1.id}" v4_cidr_blocks = ["192.168.1.0/24"] } resource "yandex_vpc_subnet" "subnet-2" { name = "subnet2" zone = "ru-central1-b" network_id = "${yandex_vpc_network.network-1.id}" v4_cidr_blocks = ["192.168.2.0/24"] }
For more information about the properties of Terraform resources, see the relevant Terraform guides:
-
-
Under
variable, specifyfolder_id, i.e., the ID of the folder the resources are created in. -
Under
metadata, specify the metadata for creating a VM and the contents of the SSH key. Use this format for the key:<any_name>:<SSH_key_contents>. Regardless of the username specified, the key is assigned to the user set in the LAMP (LEMP) image configuration. Such users vary depending on an image. For more information, see Keys processed in public images Yandex Cloud.You need to create an SSH key pair youself.
-
Under
boot_disk, specify the ID of a VM image with relevant components: -
Create the resources:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validateIf the configuration is correct, the following message is returned:
Success! The configuration is valid. -
Run the command:
terraform planThe terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply -
Confirm the changes: type
yesin the terminal and press Enter.
-
After creating the infrastructure, upload the website files.
Upload the website files
To test the web server, upload the website files to each VM. You can use the index.html file from this archive as an example.
For each VM in the created group, do the following:
-
Get the VM public IP address.
-
Connect to the VM via SSH.
-
Grant your user write permissions for the
/var/www/htmldirectory:sudo chown -R "$USER":www-data /var/www/html -
Upload the website files to the VM via SCP.
Linux/macOSWindowsUse the
scpcommand line utility:scp -r <path_to_directory_with_files> <VM_user_name>@<VM_IP_address>:/var/www/htmlUse WinSCP to copy the local file directory to
/var/www/htmlon the VM.
Once you upload all files, run a fault tolerance test.
Run a fault tolerance test
-
Get the public IP address of any VM from the group you created.
-
Connect to the VM via SSH.
-
Stop the web service to simulate a failure on the web server:
LAMPLEMPsudo service apache2 stopsudo service nginx stop -
Get the listener IP address.
-
Open the website in the browser using the listener address.
The connection should be successful, even though one of the web servers has failed.
-
When the check is complete, start the web service again:
LAMPLEMPsudo service apache2 startsudo service nginx start
How to delete the resources you created
To shut down the website and stop paying for the resources you created:
-
Open the
load-balancer.tfconfiguration file and delete your infrastructure description from it. -
Apply the changes:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validateIf the configuration is correct, the following message is returned:
Success! The configuration is valid. -
Run the command:
terraform planThe terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply -
Confirm the changes: type
yesin the terminal and press Enter.
-