This section provides the steps to create a VPC and the required resources for the scenario described in Basic 3-Tier Web App (with LB).
For this section, the IBM Virtual Private Cloud API will be used.
-
Any prerequisites mentioned in the Basic 3-Tier Web App (with LB) main page like providing required user access.
-
Access to the Secure Shell (SSH) Command. (SSH (Secure Shell)).
-
Basic understanding of cURL command line tool to execute IBM VPC API calls.
-
Generate an IBM Cloud API Key.
Once generated, create an environment variable labeled
APIKEY. Example:APIKEY=<value of your API Key> -
The IBM Cloud VPC APIs noted in this document were executed using version
2019-01-01. For more information please refer to VPC API Versioning -
Generate an IAM authorization token.
IBM VPC APIs use an authorization token which can be generated by using the account's API key. Please refer to Getting an IBM Cloud IAM token by using an API key.
An authorization token can be obtained by either using an IBM IAM API call or using the IBM IAM CLI.
Note: Authorization tokens expire every hour, you will need to repeat this activity once expired.
Use IBM Cloud IAM API call.
Generate an authorization token using $APIKEY
curl -k -X POST \
--header "Content-Type: application/x-www-form-urlencoded" \
--header "Accept: application/json" \
--data-urlencode "grant_type=urn:ibm:params:oauth:grant-type:apikey" \
--data-urlencode "apikey=$APIKEY" \
"https://iam.cloud.ibm.com/identity/token"
Response:
{
"access_token": "eyJhbGciOiJIUz......sgrKIi8hdFs",
"refresh_token": "SPrXw5tBE3......KBQ+luWQVY=",
"token_type": "Bearer",
"expires_in": 3600,
"expiration": 1473188353
}
Store the value for access_token in an environment variable called iam_token:
iam_token="eyJhbGciOiJIUz......sgrKIi8hdFs"
IBM Cloud Command Line Option.
When using cURL, a simpler alternative to the above API call is to use the IBM Cloud Command Line (CLI). Below are the steps to do this.
- Login to IBM Cloud:
For a federated account use single sign on:
ibmcloud login -sso
Otherwise use the default login:
ibmcloud login
If you have an API Key, use --apikey:
ibmcloud login --apikey [your API Key] - Generate an IAM authorization token and assign it to environment variable
iam_token:
iam_token=$(ibmcloud iam oauth-tokens | awk '/IAM/{ print $4; }')
- You can validate the variable has the correct value by using the command echo $iam_token
- Repeat the above command after token expiration.
For an overview of IBM Virtual Private Cloud (VPC), please refer to About VPC.
- Create an SSH key to be used when a virtual instance (VSI) resource is created.
- Create a VPC.
- Create Address Prefixes (CIDR) for the VPC.
- Create Subnets.
- Choose a profile and an image to create a Virtual Server Instance (VSI)
- Create Security Groups
- Create VPC VSIs.
- Create and configure a Load Balancer.
- Create Floating IPs and assign them to the VSIs.
- Create a Public Gateway.
- Add rules to Security Groups.
Once the above steps are completed, the VPC infrastructure will be ready for the next activities.
Resources in IBM Cloud are assigned to a Resource Group. In our case, we want to use resource group VPC1 that was created previously. In addition, we will allocate the resources in the us-south region.
For more information on Regions and Zones please refer to Creating a VPC in a different region.
The VPC API endpoint is based on the region of the service and follows the convention https://<region>.iaas.cloud.ibm.com. We will be using the us-south region. Use the following cURL command to get the list of regions and their API endpoint:
curl -X GET "https://us-south.iaas.cloud.ibm.com/v1/regions?version=2019-01-01" \
-H "Authorization: Bearer $iam_token"
Result
{
"regions": [
{
"name": "jp-tok",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/jp-tok",
"endpoint": "https://jp-tok.iaas.cloud.ibm.com",
"status": "available"
},
{
"name": "eu-de",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/eu-de",
"endpoint": "https://eu-de.iaas.cloud.ibm.com",
"status": "available"
},
{
"name": "us-south",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south",
"endpoint": "https://us-south.iaas.cloud.ibm.com",
"status": "available"
}
]
}
We will use environment variables throughout this use case to reference values and facilitate copy/paste activities.
Since we do not need to keep these permanently, we will store them in file .vpc_ids and execute source .vpc_ids as new entries are added to the file. This will allow you to restore these if you close your session and/or wish to continue at a later time. Only those IDs needed for this use case will be saved and highlighted in the documentation as follows:
- Environment variable:
VPC_API_ENDPOINT=https://us-south.iaas.cloud.ibm.com - Environment variable:
API_VERSION=2019-01-01
To verify that this variable was saved, execute echo $VPC_API_ENDPOINT and make sure the response is not empty.
After setting the VPC_API_ENDPOINT environment variable, get the list of available zones in a region using the following command.
curl -X GET "$VPC_API_ENDPOINT/v1/regions/us-south/zones?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token"
Result
{
"zones": [
{
"name": "us-south-3",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-3",
"region": {
"name": "us-south",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south"
},
"status": "available"
},
{
"name": "us-south-1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1",
"region": {
"name": "us-south",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south"
},
"status": "available"
},
{
"name": "us-south-2",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-2",
"region": {
"name": "us-south",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south"
},
"status": "available"
}
]
}
- Environment variable:
ZONE=us-south-1
A Resource Group ID is required by most API calls. The Resource Group, previously created, to be used here is VPC1. Issue the following cURL command to get the list of Resource Groups and identify the ID for VPC1:
curl -X GET https://resource-manager.bluemix.net/v1/resource_groups \
-H "Authorization: Bearer $iam_token"
Response:
{
"resources": [
{
"id": "00d24065a2ec44efb9de172e6d19b919",
"crn": "crn:v1:bluemix:public:resource-controller::a/843f59bad5553123f46652e9c43f9e89::resource-group:00d24065a2ec44efb9de172e6d19b919",
"account_id": "843f59bad5553123f46652e9c43f9e89",
"name": "default",
"state": "ACTIVE",
"default": true,
"quota_id": "7ce89f4a-4381-4600-b814-3cd9a4f4bdf4",
"quota_url": "/v1/quota_definitions/7ce89f4a-4381-4600-b814-3cd9a4f4bdf4",
"payment_methods_url": "/v1/resource_groups/00d24065a2ec44efb9de172e6d19b919/payment_methods",
"resource_linkages": [],
"teams_url": "/v1/resource_groups/00d24065a2ec44efb9de172e6d19b919/teams",
"created_at": "2017-09-17T07:28:54.627Z",
"updated_at": "2017-09-17T07:28:54.627Z"
},
{
"id": "594a009f2d4b4128ad1f25b55c991de0",
"crn": "crn:v1:bluemix:public:resource-controller::a/843f59bad5553123f46652e9c43f9e89::resource-group:594a009f2d4b4128ad1f25b55c991de0",
"account_id": "843f59bad5553123f46652e9c43f9e89",
"name": "VPC1",
"state": "ACTIVE",
"default": false,
"quota_id": "a3d7b8d01e261c24677937c29ab33f3c",
"quota_url": "/v1/quota_definitions/a3d7b8d01e261c24677937c29ab33f3c",
"payment_methods_url": "/v1/resource_groups/594a009f2d4b4128ad1f25b55c991de0/payment_methods",
"resource_linkages": [],
"teams_url": "/v1/resource_groups/594a009f2d4b4128ad1f25b55c991de0/teams",
"created_at": "2019-01-14T16:49:45.350Z",
"updated_at": "2019-01-14T16:49:45.350Z"
},
]
}
- Environment variable:
RESOURCE_GROUP=594a009f2d4b4128ad1f25b55c991de0
Objects in IBM Cloud are assigned a unique object ID. This is important because several API commands require an object ID representing a resource.
In the above resource groups, VPC1 has been assigned ID 594a009f2d4b4128ad1f25b55c991de0.
After creating each resource, we will keep the ID using environment variables for later use. For example, you will need a Subnet ID to create a resource on that subnet, an SSH Key ID to create a Virtual Server Instance (VSI), and so on.
Note: If at any point you encounter an error calling an API, first verify the environment variable is correct for the resource you are attempting to update. If an ID is misplaced or was saved with an incorrect value, You can always use a VPC API command to list the details of a resource. For example,
curl -X GET "$VPC_API_ENDPOINT/v1/instances?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token"
will give the list of all the VSIs and their IDs. Then you can use <object_id>
curl -X GET "$VPC_API_ENDPOINT/v1/instances/<object_id>?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token"
to get the details of the specific VSI.
An SSH key is required when creating a VPC instance. We will use a public key previously created (see prerequisites section above).
Copy the SSH public key you wish to use into environment variable SSH_KEY. An example using a Linux command: SSH_KEY=$(cat ~/.ssh/id_rsa.pub)
Syntax: Creates a key
Create an SSH key named vpc-key
curl -X POST "$VPC_API_ENDPOINT/v1/keys?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"vpc-key\", \
\"public_key\" : \"$SSH_KEY\", \
\"type\" : \"rsa\" \
}"
Result
{
"created_at": "2019-04-16T05:05:45.000Z",
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::key:636f6d70-0000-0001-0000-000000154ef1",
"fingerprint": "SHA256:ZAmojbQXSEbPnqkUY2Hp4r8d/vwlrEWsJXtB5sKBYs0",
"href": "https://us-south.iaas.cloud.ibm.com/v1/keys/636f6d70-0000-0001-0000-000000154ef1",
"id": "636f6d70-0000-0001-0000-000000154ef1",
"length": 2048,
"name": "vpc-key",
"public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwawN5NFHzyEHxS2NOOYUR2YkiKGpL6+axsQm2sTjlhyqE1NF2k+NsY2QgeMb1YbNqwrclLYy6yitDWqVebJCPKHntpm/J85S4Oup8C3kz+elu3dpdJM8RR2VSoA6qUkFfS9bmL3cucPtbOHYHcMhC7m7lVmwOFQ4pTOcfX85yS7l6B9m9sawJBKomLwJpRJsRVOgYh0C3jWApDt21SVGRK5HUBOob3xtcBfPCDvb4I0IfzbsgidUKHy4iRax88oWnmwJm5G9MNpgU4u10ly2a/vUfxzGQhHmDn5O7cPg2sLhIVrEXr1uAYQG3N/Es0GKF4AvEEw4sQpNlVp2ZLmkl [email protected]",
"type": "rsa"
}
- Environment variable:
SSH_KEY=636f6d70-0000-0001-0000-000000154ef1
Syntax: Creates a VPC
Create a VPC named vpc1.
curl -X POST "$VPC_API_ENDPOINT/v1/vpcs?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\": \"vpc1\", \
\"resource_group\": {
\"id\": \"$RESOURCE_GROUP\"
}
}"
Result
{
"id": "71b4f281-df4d-453b-9ca9-15dddc671697",
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::vpc:71b4f281-df4d-453b-9ca9-15dddc671697",
"name": "vpc1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/71b4f281-df4d-453b-9ca9-15dddc671697",
"status": "available",
"classic_access": false,
"created_at": "2019-03-01T23:09:13Z",
"default_network_acl": {
"id": "f65ff3e8-2935-48c9-ae7d-3fd2a2b67a88",
"href": "https://us-south.iaas.cloud.ibm.com/v1/network_acls/f65ff3e8-2935-48c9-ae7d-3fd2a2b67a88",
"name": "allow-all-network-acl-71b4f281-df4d-453b-9ca9-15dddc671697"
},
"default_security_group": {
"id": "2d364f0a-a870-42c3-a554-000001323173",
"href": "https://us-south.iaas.cloud.ibm.com/v1/security_groups/2d364f0a-a870-42c3-a554-000001323173",
"name": "handclasp-preflight-gnat-staff-aggregate-blatantly"
},
"resource_group": {
"id": "594a009f2d4b4128ad1f25b55c991de0",
"href": "https://resource-manager.bluemix.net/v1/resource_groups/594a009f2d4b4128ad1f25b55c991de0"
}
}
- Environment variable:
VPC=71b4f281-df4d-453b-9ca9-15dddc671697
For more information on address prefixes, please refer to Understanding IP address ranges, address prefixes, regions, and subnets.
Create address prefixes for 10.10.11.0/24 and 10.10.12.0/24.
Syntax: Creates an address pool prefix
Prefix = cidr1 = 10.10.11.0/24
curl -X POST "$VPC_API_ENDPOINT/v1/vpcs/$VPC/address_prefixes?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"cidr\" : \"10.10.11.0/24\", \
\"name\" : \"cidr1\", \
\"zone\" : { \
\"name\" : \"$ZONE\" \
} \
}"
Result
{
"id": "5bed1970-92ce-4afd-88a1-4febb6e1017b",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/71b4f281-df4d-453b-9ca9-15dddc671697/address_prefixes/5bed1970-92ce-4afd-88a1-4febb6e1017b",
"name": "cidr1",
"cidr": "10.10.11.0/24",
"zone": {
"name": "us-south-1"
},
"created_at": "2019-04-16T04:06:26Z",
"has_subnets": false,
"is_default": false
}
Prefix = cidr2 = 10.10.12.0/24
curl -X POST "$VPC_API_ENDPOINT/v1/vpcs/$VPC/address_prefixes?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"cidr\" : \"10.10.12.0/24\", \
\"name\" : \"cidr2\", \
\"zone\" : { \
\"name\" : \"$ZONE\" \
} \
}"
Result
{
"id": "fcb341f4-4381-48d8-b0ed-8257697cf683",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/71b4f281-df4d-453b-9ca9-15dddc671697/address_prefixes/fcb341f4-4381-48d8-b0ed-8257697cf683",
"name": "cidr2",
"cidr": "10.10.12.0/24",
"zone": {
"name": "us-south-1"
},
"created_at": "2019-04-16T04:10:50Z",
"has_subnets": false,
"is_default": false
}
Create two VPC Subnets for ipv4-cidr-blocks 10.10.11.0/24 and 10.10.12.0/24.
The application tier will be subnet1 and the data tier will be subnet2.
Syntax: Create a subnet
Subnet1
curl -X POST "$VPC_API_ENDPOINT/v1/subnets?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"subnet1\", \
\"ipv4_cidr_block\" : \"10.10.11.0/24\", \
\"zone\" : { \"name\" : \"$ZONE\" }, \
\"vpc\" : { \"id\": \"$VPC\" } \
}"
Result
{
"id": "90a3b25a-6e42-4718-bf95-8eaf67083108",
"name": "subnet1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/90a3b25a-6e42-4718-bf95-8eaf67083108",
"ipv4_cidr_block": "10.10.11.0/24",
"available_ipv4_address_count": 251,
"total_ipv4_address_count": 256,
"ip_version": "ipv4",
"zone": {
"name": "us-south-1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1"
},
"vpc": {
"id": "71b4f281-df4d-453b-9ca9-15dddc671697",
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::vpc:71b4f281-df4d-453b-9ca9-15dddc671697",
"name": "vpc1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/71b4f281-df4d-453b-9ca9-15dddc671697"
},
"status": "pending",
"created_at": "2019-04-16T04:37:54Z",
"network_acl": {
"id": "f65ff3e8-2935-48c9-ae7d-3fd2a2b67a88",
"href": "https://us-south.iaas.cloud.ibm.com/v1/network_acls/f65ff3e8-2935-48c9-ae7d-3fd2a2b67a88",
"name": "allow-all-network-acl-71b4f281-df4d-453b-9ca9-15dddc671697"
}
}
- Environment variable:
SUBNET1=90a3b25a-6e42-4718-bf95-8eaf67083108
Subnet2
curl -X POST "$VPC_API_ENDPOINT/v1/subnets?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"subnet2\", \
\"ipv4_cidr_block\" : \"10.10.12.0/24\", \
\"zone\" : { \"name\" : \"$ZONE\" }, \
\"vpc\" : { \"id\": \"$VPC\" } \
}"
Result
{
"id": "ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"name": "subnet2",
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"ipv4_cidr_block": "10.10.12.0/24",
"available_ipv4_address_count": 251,
"total_ipv4_address_count": 256,
"ip_version": "ipv4",
"zone": {
"name": "us-south-1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1"
},
"vpc": {
"id": "71b4f281-df4d-453b-9ca9-15dddc671697",
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::vpc:71b4f281-df4d-453b-9ca9-15dddc671697",
"name": "vpc1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/71b4f281-df4d-453b-9ca9-15dddc671697"
},
"status": "pending",
"created_at": "2019-04-16T04:42:19Z",
"network_acl": {
"id": "f65ff3e8-2935-48c9-ae7d-3fd2a2b67a88",
"href": "https://us-south.iaas.cloud.ibm.com/v1/network_acls/f65ff3e8-2935-48c9-ae7d-3fd2a2b67a88",
"name": "allow-all-network-acl-71b4f281-df4d-453b-9ca9-15dddc671697"
}
}
- Environment variable:
SUBNET2=ec46126e-973d-46d7-bb2b-ea0e21dd0b89
The initial status of a newly created subnet is set to pending. You must wait until the subnet status is available before assigning any resources to it.
To check the subnet status, display the subnet details. Keep checking until the status is set to available. The following command can be used:
curl -X GET "$VPC_API_ENDPOINT/v1/subnets/$SUBNET2?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token"
Result
{
"id": "ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"name": "subnet2",
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"ipv4_cidr_block": "10.10.12.0/24",
"available_ipv4_address_count": 251,
"total_ipv4_address_count": 256,
"ip_version": "ipv4",
"zone": {
"name": "us-south-1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1"
},
"vpc": {
"id": "71b4f281-df4d-453b-9ca9-15dddc671697",
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::vpc:71b4f281-df4d-453b-9ca9-15dddc671697",
"name": "vpc1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/71b4f281-df4d-453b-9ca9-15dddc671697"
},
"status": "available",
"created_at": "2019-04-16T04:42:19Z",
"network_acl": {
"id": "f65ff3e8-2935-48c9-ae7d-3fd2a2b67a88",
"href": "https://us-south.iaas.cloud.ibm.com/v1/network_acls/f65ff3e8-2935-48c9-ae7d-3fd2a2b67a88",
"name": "allow-all-network-acl-71b4f281-df4d-453b-9ca9-15dddc671697"
}
}
Before continuing we must select an instance profile and image for our VPC instances.
- The profile describes the instance size in terms of CPUs and memory. To see a list of supported profiles use the
instance-profilescommand. - The image is the operating system that will be loaded into the instance. To see a list of available images use the
imagescommand.
We will use the bx2-4x16 balanced profile for all our instances, which is 4 CPUs and 16G of memory. For OS image, the ubuntu-18.04-amd64 which is Ubuntu Linux (18.04 LTS Bionic Beaver Minimal Install).
List instance profiles
Syntax: Get all instance profiles
Limit the query to 2 entries for illustration purposes (remove limit to see all).
curl -X GET "$VPC_API_ENDPOINT/v1/instance/profiles?version=$API_VERSION&generation=2&limit=2" \
-H "Authorization: Bearer $iam_token"
Result
{
"first": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/instance/profiles?limit=2"
},
"limit": 2,
"next": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/instance/profiles?start=2\u0026limit=2"
},
"total_count": 17,
"profiles": [
{
"family": "balanced",
"generation": "gc",
"href": "https://us-south.iaas.cloud.ibm.com/v1/instance/profiles/b-62x248",
"name": "b-62x248"
},
{
"family": "cpu",
"generation": "gc",
"href": "https://us-south.iaas.cloud.ibm.com/v1/instance/profiles/c-2x4",
"name": "c-2x4"
}
]
}
List Images
Syntax: Get all images
Limit the query to 2 entries & start with the third image for illustration purposes (remove limit/start to see all).
curl -X GET "$VPC_API_ENDPOINT/v1/images?version=$API_VERSION&generation=2&limit=2&start=3" \
-H "Authorization: Bearer $iam_token"
Result
{
"first": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/images?limit=2\u0026version=2019-01-01"
},
"limit": 2,
"next": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/images?start=5\u0026limit=2\u0026version=2019-01-01"
},
"total_count": 8,
"images": [
{
"architecture": "amd64",
"created_at": "2018-10-30T06:12:06.537Z",
"crn": "crn:v1:bluemix:public:is:us-south:::image:7eb4e35b-4257-56f8-d7da-326d85452591",
"file": {
"checksum": "7eb4e35b425756f8d7da326d85452591",
"href": "ims://images/OS_UBUNTU_16_04_LTS_XENIAL_XERUS_MINIMAL_64_BIT_FOR_VSI"
},
"href": "https://us-south.iaas.cloud.ibm.com/v1/images/7eb4e35b-4257-56f8-d7da-326d85452591",
"id": "7eb4e35b-4257-56f8-d7da-326d85452591",
"name": "ubuntu-16.04-amd64",
"operating_system": {
"name": "Ubuntu Linux",
"vendor": "Canonical",
"version": "16.04 LTS Xenial Xerus Minimal Install"
},
"status": "READY",
"visibility": "public"
},
{
"architecture": "amd64",
"created_at": "2018-10-30T06:12:06.510Z",
"crn": "crn:v1:bluemix:public:is:us-south:::image:cfdaf1a0-5350-4350-fcbc-97173b510843",
"file": {
"checksum": "cfdaf1a053504350fcbc97173b510843",
"href": "ims://images/OS_UBUNTU_18_04_LTS_BIONIC_BEAVER_MINIMAL_64_BIT"
},
"href": "https://us-south.iaas.cloud.ibm.com/v1/images/cfdaf1a0-5350-4350-fcbc-97173b510843",
"id": "cfdaf1a0-5350-4350-fcbc-97173b510843",
"name": "ubuntu-18.04-amd64",
"operating_system": {
"name": "Ubuntu Linux",
"vendor": "Canonical",
"version": "18.04 LTS Bionic Beaver Minimal Install"
},
"status": "READY",
"visibility": "public"
}
]
}
- Environment variable:
UBUNTU=cfdaf1a0-5350-4350-fcbc-97173b510843
For purposes of this use case, we will create two security groups for application and data servers. For more information on security groups, please refer to Security in your IBM Cloud VPC.
Syntax: Create a security group
Application Security Group - app_sg
curl -X POST "$VPC_API_ENDPOINT/v1/security_groups?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"app_sg\", \
\"vpc\" : { \"id\": \"$VPC\" } \
}"
Result
{
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::security-group:2d364f0a-a870-42c3-a554-000001522703",
"id": "2d364f0a-a870-42c3-a554-000001522703",
"name": "app_sg",
"href": "https://us-south.iaas.cloud.ibm.com/v1/security_groups/2d364f0a-a870-42c3-a554-000001522703",
"vpc": {
"id": "71b4f281-df4d-453b-9ca9-15dddc671697",
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::vpc:71b4f281-df4d-453b-9ca9-15dddc671697",
"name": "vpc1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/71b4f281-df4d-453b-9ca9-15dddc671697"
},
"created_at": "2019-04-16T16:51:33Z"
}
- Environment variable:
APP_SG=2d364f0a-a870-42c3-a554-000001522703
Data Security Group - data_sg
curl -X POST "$VPC_API_ENDPOINT/v1/security_groups?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"data_sg\", \
\"vpc\" : { \"id\": \"$VPC\" } \
}"
Result
{
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::security-group:2d364f0a-a870-42c3-a554-000001522583",
"id": "2d364f0a-a870-42c3-a554-000001522583",
"name": "data_sg",
"href": "https://us-south.iaas.cloud.ibm.com/v1/security_groups/2d364f0a-a870-42c3-a554-000001522583",
"vpc": {
"id": "71b4f281-df4d-453b-9ca9-15dddc671697",
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::vpc:71b4f281-df4d-453b-9ca9-15dddc671697",
"name": "vpc1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/71b4f281-df4d-453b-9ca9-15dddc671697"
},
"created_at": "2019-04-16T16:55:23Z"
}
- Environment variable:
DATA_SG=2d364f0a-a870-42c3-a554-000001522583
Now we have all the required information, let's create two Ubuntu 18.04 VSIs in subnet2 for the MySQL backend.
Syntax: Creates an instance
Instance = MySQL1
curl -X POST "$VPC_API_ENDPOINT/v1/instances?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"MySQL1\", \
\"vpc\" : { \"id\" : \"$VPC\" }, \
\"zone\" : { \"name\" : \"$ZONE\" }, \
\"image\": { \"id\" : \"$UBUNTU\" }, \
\"profile\" : { \"name\" : \"b-4x16\" },
\"keys\" : [ { \"id\" : \"$SSH_KEY\" } ], \
\"primary_network_interface\" : { \
\"port_speed\" : 1000, \
\"name\" : \"eth0\", \
\"subnet\" : { \"id\" : \"$SUBNET2\"}, \
\"security_groups\" : [ { \"id\" : \"$DATA_SG\" } ] \
} \
}"
Result
{
"cpu": {
"architecture": "amd64",
"cores": 4,
"frequency": 2000
},
"created_at": "2019-04-16T17:18:37.953Z",
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::instance:94365d72-90bb-48c6-a4b7-00e88f49fee0",
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/94365d72-90bb-48c6-a4b7-00e88f49fee0",
"id": "94365d72-90bb-48c6-a4b7-00e88f49fee0",
"image": {
"crn": "crn:v1:bluemix:public:is:us-south:::image:cfdaf1a0-5350-4350-fcbc-97173b510843",
"href": "https://us-south.iaas.cloud.ibm.com/v1/images/cfdaf1a0-5350-4350-fcbc-97173b510843",
"id": "cfdaf1a0-5350-4350-fcbc-97173b510843",
"name": "ubuntu-18.04-amd64"
},
"memory": 16,
"name": "MySQL1",
"network_interfaces": [
{
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/94365d72-90bb-48c6-a4b7-00e88f49fee0/network_interfaces/46bc7db5-4c8d-4d7e-9274-81416fa99423",
"id": "46bc7db5-4c8d-4d7e-9274-81416fa99423",
"name": "eth0",
"primary_ipv4_address": "10.10.12.7",
"resource_type": "network-interface",
"subnet": {
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::subnet:ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"id": "ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"name": "subnet2"
}
}
],
"primary_network_interface": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/94365d72-90bb-48c6-a4b7-00e88f49fee0/network_interfaces/46bc7db5-4c8d-4d7e-9274-81416fa99423",
"id": "46bc7db5-4c8d-4d7e-9274-81416fa99423",
"name": "eth0",
"primary_ipv4_address": "10.10.12.7",
"resource_type": "network-interface",
"subnet": {
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::subnet:ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"id": "ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"name": "subnet2"
}
},
"profile": {
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::instance-profile:b-4x16",
"href": "https://us-south.iaas.cloud.ibm.com/v1/instance/profiles/b-4x16",
"name": "b-4x16"
},
"resource_group": {
"href": "https://resource-manager.bluemix.net/v1/resource_groups/594a009f2d4b4128ad1f25b55c991de0",
"id": "594a009f2d4b4128ad1f25b55c991de0"
},
"status": "pending",
"vpc": {
"crn": "crn:v1:bluemix:public:is::a/843f59bad5553123f46652e9c43f9e89::vpc:71b4f281-df4d-453b-9ca9-15dddc671697",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/71b4f281-df4d-453b-9ca9-15dddc671697",
"id": "71b4f281-df4d-453b-9ca9-15dddc671697",
"name": "vpc1"
},
"zone": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1",
"name": "us-south-1"
}
}
- Environment variable:
MYSQL1=94365d72-90bb-48c6-a4b7-00e88f49fee0 - Environment variable:
MYSQL1_NIC=46bc7db5-4c8d-4d7e-9274-81416fa99423
Instance = MySQL2
curl -X POST "$VPC_API_ENDPOINT/v1/instances?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"MySQL2\", \
\"vpc\" : { \"id\" : \"$VPC\" }, \
\"zone\" : { \"name\" : \"$ZONE\" }, \
\"image\": { \"id\" : \"$UBUNTU\" }, \
\"profile\" : { \"name\" : \"b-4x16\" },
\"keys\" : [ { \"id\" : \"$SSH_KEY\" } ], \
\"primary_network_interface\" : { \
\"port_speed\" : 1000, \
\"name\" : \"eth0\", \
\"subnet\" : { \"id\" : \"$SUBNET2\"}, \
\"security_groups\" : [ { \"id\" : \"$DATA_SG\" } ] \
} \
}"
Result
{
"cpu": {
"architecture": "amd64",
"cores": 4,
"frequency": 2000
},
"created_at": "2019-04-16T17:26:03.051Z",
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::instance:a910fc1d-5675-4bcc-a0d7-c2728ba7d902",
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/a910fc1d-5675-4bcc-a0d7-c2728ba7d902",
"id": "a910fc1d-5675-4bcc-a0d7-c2728ba7d902",
"image": {
"crn": "crn:v1:bluemix:public:is:us-south:::image:cfdaf1a0-5350-4350-fcbc-97173b510843",
"href": "https://us-south.iaas.cloud.ibm.com/v1/images/cfdaf1a0-5350-4350-fcbc-97173b510843",
"id": "cfdaf1a0-5350-4350-fcbc-97173b510843",
"name": "ubuntu-18.04-amd64"
},
"memory": 16,
"name": "MySQL2",
"network_interfaces": [
{
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/a910fc1d-5675-4bcc-a0d7-c2728ba7d902/network_interfaces/d374f88e-1172-432b-aa7e-60600e4a32e8",
"id": "d374f88e-1172-432b-aa7e-60600e4a32e8",
"name": "eth0",
"primary_ipv4_address": "10.10.12.12",
"resource_type": "network-interface",
"subnet": {
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::subnet:ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"id": "ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"name": "subnet2"
}
}
],
"primary_network_interface": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/a910fc1d-5675-4bcc-a0d7-c2728ba7d902/network_interfaces/d374f88e-1172-432b-aa7e-60600e4a32e8",
"id": "d374f88e-1172-432b-aa7e-60600e4a32e8",
"name": "eth0",
"primary_ipv4_address": "10.10.12.12",
"resource_type": "network-interface",
"subnet": {
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::subnet:ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"id": "ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"name": "subnet2"
}
},
"profile": {
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::instance-profile:b-4x16",
"href": "https://us-south.iaas.cloud.ibm.com/v1/instance/profiles/b-4x16",
"name": "b-4x16"
},
"resource_group": {
"href": "https://resource-manager.bluemix.net/v1/resource_groups/594a009f2d4b4128ad1f25b55c991de0",
"id": "594a009f2d4b4128ad1f25b55c991de0"
},
"status": "pending",
"vpc": {
"crn": "crn:v1:bluemix:public:is::a/843f59bad5553123f46652e9c43f9e89::vpc:71b4f281-df4d-453b-9ca9-15dddc671697",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/71b4f281-df4d-453b-9ca9-15dddc671697",
"id": "71b4f281-df4d-453b-9ca9-15dddc671697",
"name": "vpc1"
},
"zone": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1",
"name": "us-south-1"
}
}
- Environment variable:
MYSQL2=a910fc1d-5675-4bcc-a0d7-c2728ba7d902 - Environment variable:
MYSQL2_NIC=d374f88e-1172-432b-aa7e-60600e4a32e8
Next, create two Ubuntu VSIs in subnet1 for the application tier.
In this case we will create a second ethernet interface to connect to resources in subnet2 where MySQL servers will be located. Here we will use the following values:
[
{
"port_speed": 1000,
"name": "eth1",
"subnet": {
"id": "$SUBNET2"
},
"security_groups": [
{
"id": "$DATA_SG"
}
]
}
]
Instance = AppServ1
curl -X POST "$VPC_API_ENDPOINT/v1/instances?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"AppServ1\", \
\"vpc\" : { \"id\" : \"$VPC\" }, \
\"zone\" : { \"name\" : \"$ZONE\" }, \
\"image\": { \"id\" : \"$UBUNTU\" }, \
\"profile\" : { \"name\" : \"b-4x16\" },
\"keys\" : [ { \"id\" : \"$SSH_KEY\" } ], \
\"primary_network_interface\" : { \
\"port_speed\" : 1000, \
\"name\" : \"eth0\", \
\"subnet\" : { \"id\" : \"$SUBNET1\"}, \
\"security_groups\" : [ { \"id\" : \"$APP_SG\" } ] \
}, \
\"network_interfaces\": [ { \
\"port_speed\" : 1000, \
\"name\" : \"eth1\", \
\"subnet\" : { \"id\" : \"$SUBNET2\" }, \
\"security_groups\" : [ { \"id\" : \"$DATA_SG\" } ] \
} ] \
}"
Result
{
"cpu": {
"architecture": "amd64",
"cores": 4,
"frequency": 2000
},
"created_at": "2019-04-16T17:44:52.832Z",
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::instance:9bde7b22-4450-4888-96d1-eae4f3b656dc",
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/9bde7b22-4450-4888-96d1-eae4f3b656dc",
"id": "9bde7b22-4450-4888-96d1-eae4f3b656dc",
"image": {
"crn": "crn:v1:bluemix:public:is:us-south:::image:cfdaf1a0-5350-4350-fcbc-97173b510843",
"href": "https://us-south.iaas.cloud.ibm.com/v1/images/cfdaf1a0-5350-4350-fcbc-97173b510843",
"id": "cfdaf1a0-5350-4350-fcbc-97173b510843",
"name": "ubuntu-18.04-amd64"
},
"memory": 16,
"name": "AppServ1",
"network_interfaces": [
{
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/9bde7b22-4450-4888-96d1-eae4f3b656dc/network_interfaces/90b66a8d-7770-423e-b301-1ee6a71e9a3b",
"id": "90b66a8d-7770-423e-b301-1ee6a71e9a3b",
"name": "eth1",
"primary_ipv4_address": "10.10.12.15",
"resource_type": "network-interface",
"subnet": {
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::subnet:ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"id": "ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"name": "subnet2"
}
},
{
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/9bde7b22-4450-4888-96d1-eae4f3b656dc/network_interfaces/9d76a0dd-2fc2-47ef-ac42-c57da3eff344",
"id": "9d76a0dd-2fc2-47ef-ac42-c57da3eff344",
"name": "eth0",
"primary_ipv4_address": "10.10.11.6",
"resource_type": "network-interface",
"subnet": {
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::subnet:90a3b25a-6e42-4718-bf95-8eaf67083108",
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/90a3b25a-6e42-4718-bf95-8eaf67083108",
"id": "90a3b25a-6e42-4718-bf95-8eaf67083108",
"name": "subnet1"
}
}
],
"primary_network_interface": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/9bde7b22-4450-4888-96d1-eae4f3b656dc/network_interfaces/9d76a0dd-2fc2-47ef-ac42-c57da3eff344",
"id": "9d76a0dd-2fc2-47ef-ac42-c57da3eff344",
"name": "eth0",
"primary_ipv4_address": "10.10.11.6",
"resource_type": "network-interface",
"subnet": {
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::subnet:90a3b25a-6e42-4718-bf95-8eaf67083108",
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/90a3b25a-6e42-4718-bf95-8eaf67083108",
"id": "90a3b25a-6e42-4718-bf95-8eaf67083108",
"name": "subnet1"
}
},
"profile": {
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::instance-profile:b-4x16",
"href": "https://us-south.iaas.cloud.ibm.com/v1/instance/profiles/b-4x16",
"name": "b-4x16"
},
"resource_group": {
"href": "https://resource-manager.bluemix.net/v1/resource_groups/594a009f2d4b4128ad1f25b55c991de0",
"id": "594a009f2d4b4128ad1f25b55c991de0"
},
"status": "pending",
"vpc": {
"crn": "crn:v1:bluemix:public:is::a/843f59bad5553123f46652e9c43f9e89::vpc:71b4f281-df4d-453b-9ca9-15dddc671697",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/71b4f281-df4d-453b-9ca9-15dddc671697",
"id": "71b4f281-df4d-453b-9ca9-15dddc671697",
"name": "vpc1"
},
"zone": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1",
"name": "us-south-1"
}
}
- Environment variable:
APPSERV1=9bde7b22-4450-4888-96d1-eae4f3b656dc - Environment variable:
APPSERV1_NIC0=9d76a0dd-2fc2-47ef-ac42-c57da3eff344 - Environment variable:
APPSERV1_NIC1=90b66a8d-7770-423e-b301-1ee6a71e9a3b - Environment variable:
APPSERV1_IP=10.10.11.6
Instance = AppServ2
curl -X POST "$VPC_API_ENDPOINT/v1/instances?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"AppServ2\", \
\"vpc\" : { \"id\" : \"$VPC\" }, \
\"zone\" : { \"name\" : \"$ZONE\" }, \
\"image\": { \"id\" : \"$UBUNTU\" }, \
\"profile\" : { \"name\" : \"b-4x16\" },
\"keys\" : [ { \"id\" : \"$SSH_KEY\" } ], \
\"primary_network_interface\" : { \
\"port_speed\" : 1000, \
\"name\" : \"eth0\", \
\"subnet\" : { \"id\" : \"$SUBNET1\"}, \
\"security_groups\" : [ { \"id\" : \"$APP_SG\" } ] \
}, \
\"network_interfaces\": [ { \
\"port_speed\" : 1000, \
\"name\" : \"eth1\", \
\"subnet\" : { \"id\" : \"$SUBNET2\" }, \
\"security_groups\" : [ { \"id\" : \"$DATA_SG\" } ] \
} ] \
}"
Result
{
"cpu": {
"architecture": "amd64",
"cores": 4,
"frequency": 2000
},
"created_at": "2019-04-16T17:52:09.707Z",
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::instance:dd502f01-c19d-40d3-b08a-fbaefdcbce87",
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/dd502f01-c19d-40d3-b08a-fbaefdcbce87",
"id": "dd502f01-c19d-40d3-b08a-fbaefdcbce87",
"image": {
"crn": "crn:v1:bluemix:public:is:us-south:::image:cfdaf1a0-5350-4350-fcbc-97173b510843",
"href": "https://us-south.iaas.cloud.ibm.com/v1/images/cfdaf1a0-5350-4350-fcbc-97173b510843",
"id": "cfdaf1a0-5350-4350-fcbc-97173b510843",
"name": "ubuntu-18.04-amd64"
},
"memory": 16,
"name": "AppServ2",
"network_interfaces": [
{
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/dd502f01-c19d-40d3-b08a-fbaefdcbce87/network_interfaces/4894653d-6535-4253-9d28-351402db0961",
"id": "4894653d-6535-4253-9d28-351402db0961",
"name": "eth0",
"primary_ipv4_address": "10.10.11.11",
"resource_type": "network-interface",
"subnet": {
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::subnet:90a3b25a-6e42-4718-bf95-8eaf67083108",
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/90a3b25a-6e42-4718-bf95-8eaf67083108",
"id": "90a3b25a-6e42-4718-bf95-8eaf67083108",
"name": "subnet1"
}
},
{
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/dd502f01-c19d-40d3-b08a-fbaefdcbce87/network_interfaces/54e64747-7a64-406d-994c-6394a4a6a1ee",
"id": "54e64747-7a64-406d-994c-6394a4a6a1ee",
"name": "eth1",
"primary_ipv4_address": "10.10.12.8",
"resource_type": "network-interface",
"subnet": {
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::subnet:ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"id": "ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"name": "subnet2"
}
}
],
"primary_network_interface": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/dd502f01-c19d-40d3-b08a-fbaefdcbce87/network_interfaces/4894653d-6535-4253-9d28-351402db0961",
"id": "4894653d-6535-4253-9d28-351402db0961",
"name": "eth0",
"primary_ipv4_address": "10.10.11.11",
"resource_type": "network-interface",
"subnet": {
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::subnet:90a3b25a-6e42-4718-bf95-8eaf67083108",
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/90a3b25a-6e42-4718-bf95-8eaf67083108",
"id": "90a3b25a-6e42-4718-bf95-8eaf67083108",
"name": "subnet1"
}
},
"profile": {
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::instance-profile:b-4x16",
"href": "https://us-south.iaas.cloud.ibm.com/v1/instance/profiles/b-4x16",
"name": "b-4x16"
},
"resource_group": {
"href": "https://resource-manager.bluemix.net/v1/resource_groups/594a009f2d4b4128ad1f25b55c991de0",
"id": "594a009f2d4b4128ad1f25b55c991de0"
},
"status": "pending",
"vpc": {
"crn": "crn:v1:bluemix:public:is::a/843f59bad5553123f46652e9c43f9e89::vpc:71b4f281-df4d-453b-9ca9-15dddc671697",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/71b4f281-df4d-453b-9ca9-15dddc671697",
"id": "71b4f281-df4d-453b-9ca9-15dddc671697",
"name": "vpc1"
},
"zone": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1",
"name": "us-south-1"
}
}
- Environment variable:
APPSERV2=dd502f01-c19d-40d3-b08a-fbaefdcbce87 - Environment variable:
APPSERV2_NIC0=4894653d-6535-4253-9d28-351402db0961 - Environment variable:
APPSERV2_NIC1=54e64747-7a64-406d-994c-6394a4a6a1ee - Environment variable:
APPSERV2_IP=10.10.11.11
In this section we will create and configure a VPC load balancer for the web application tier. For more information on configuration of load Balancers (listeners, back-end pools, etc.) see Using Load Balancers for VPC
Create a public load balancer LB1 on subnet1.
Syntax: Creates and provisions a load balancer
Load Balancer = LB1
curl -X POST "$VPC_API_ENDPOINT/v1/load_balancers?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"LB1\", \
\"is_public\" : true, \
\"subnets\" : [ { \"id\" : \"$SUBNET1\" } ], \
\"resource_group\" : { \"id\" : \"$RESOURCE_GROUP\" } \
}"
Result
{
"id": "ba346f3c-6f09-4dd9-9318-1586f8cf8231",
"name": "LB1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/load_balancers/ba346f3c-6f09-4dd9-9318-1586f8cf8231",
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::load-balancer:ba346f3c-6f09-4dd9-9318-1586f8cf8231",
"is_public": true,
"created_at": "2019-04-16T18:17:06.148371817Z",
"hostname": "ba346f3c-us-south.lb.appdomain.cloud",
"listeners": [],
"operating_status": "offline",
"pools": [],
"provisioning_status": "create_pending",
"subnets": [
{
"id": "90a3b25a-6e42-4718-bf95-8eaf67083108",
"name": "subnet1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/90a3b25a-6e42-4718-bf95-8eaf67083108"
}
],
"resource_group": {
"id": "594a009f2d4b4128ad1f25b55c991de0",
"href": "https://resource-manager.bluemix.net/v1/resource_groups/594a009f2d4b4128ad1f25b55c991de0",
"name": "vpc1"
}
}
- Environment variable:
LB1=ba346f3c-6f09-4dd9-9318-1586f8cf8231
NOTE: Before proceeding with the configuration step, wait until the operating status of the load balancer is set to online. This may take a couple of minutes
You can verify the load balancer is online with the following command:
curl -X GET "$VPC_API_ENDPOINT/v1/load_balancers/$LB1?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token"
Result
{
"id": "ba346f3c-6f09-4dd9-9318-1586f8cf8231",
"name": "LB1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/load_balancers/ba346f3c-6f09-4dd9-9318-1586f8cf8231",
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::load-balancer:ba346f3c-6f09-4dd9-9318-1586f8cf8231",
"is_public": true,
"created_at": "2019-04-16T18:17:06.148371Z",
"hostname": "ba346f3c-us-south.lb.appdomain.cloud",
"listeners": [],
"operating_status": "online",
"pools": [],
"private_ips": [
{
"address": "10.10.11.7"
},
{
"address": "10.10.11.16"
}
],
"provisioning_status": "active",
"public_ips": [
{
"address": "169.61.244.208"
},
{
"address": "169.61.244.247"
}
],
"subnets": [
{
"id": "90a3b25a-6e42-4718-bf95-8eaf67083108",
"name": "subnet1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/90a3b25a-6e42-4718-bf95-8eaf67083108"
}
],
"resource_group": {
"id": "594a009f2d4b4128ad1f25b55c991de0",
"href": "https://resource-manager.bluemix.net/v1/resource_groups/594a009f2d4b4128ad1f25b55c991de0",
"name": "vpc1"
}
}
Configuring the load balancer involves creating a pool, pool members and a listener that points to our application servers.
Note: You may need to wait for each activity to complete (status change from update pending to active) before continuing to the next activity.
Create Pool
Create load balancer pool1 for http protocol using a round-robin method and health checks every 20 seconds.
Syntax: Creates a pool
curl -X POST "$VPC_API_ENDPOINT/v1/load_balancers/$LB1/pools?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"pool1\", \
\"protocol\" : \"http\", \
\"algorithm\" : \"round_robin\", \
\"health_monitor\" : { \
\"type\" : \"http\", \
\"delay\" : 20, \
\"max_retries\" : 5, \
\"timeout\" : 2, \
\"url_path\" : \"/\" \
}
}"
Result
{
"id": "33000f8f-1058-4bdf-842f-e50d03b0776e",
"name": "pool1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/load_balancers/ba346f3c-6f09-4dd9-9318-1586f8cf8231/pools/33000f8f-1058-4bdf-842f-e50d03b0776e",
"algorithm": "round_robin",
"health_monitor": {
"delay": 20,
"max_retries": 5,
"timeout": 2,
"type": "http",
"url_path": "/"
},
"protocol": "http",
"created_at": "2019-04-16T19:37:05.280656313Z",
"provisioning_status": "active"
}
- Environment variable:
POOL1=33000f8f-1058-4bdf-842f-e50d03b0776e
Add Pool Members
Add a pool member for each application server. In our case we will have two pool members: AppServ1 and AppServ2. Port 80 will be used to communicate with he servers.
Syntax: Creates a member
Pool member = 10.10.11.6 (AppServ1)
curl -X POST "$VPC_API_ENDPOINT/v1/load_balancers/$LB1/pools/$POOL1/members?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"port\" : 80, \
\"target\" : { \"address\" : \"$APPSERV1_IP\" } \
}"
Result
{
"id": "eca72ea9-a80e-4565-829a-e3f574cd2c76",
"href": "https://us-south.iaas.cloud.ibm.com/v1/load_balancers/ba346f3c-6f09-4dd9-9318-1586f8cf8231/pools/33000f8f-1058-4bdf-842f-e50d03b0776e/members/eca72ea9-a80e-4565-829a-e3f574cd2c76",
"port": 80,
"target": {
"address": "10.10.11.6"
},
"weight": 50,
"health": "unknown",
"created_at": "2019-04-16T19:51:33.095088731Z",
"provisioning_status": "create_pending"
}
Pool member = 10.10.11.7 (AppServ2)
curl -X POST "$VPC_API_ENDPOINT/v1/load_balancers/$LB1/pools/$POOL1/members?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"port\" : 80, \
\"target\" : { \"address\" : \"$APPSERV2_IP\" } \
}"
Result
{
"id": "c0a3ed35-6258-425c-b180-5edc9b7b79f3",
"href": "https://us-south.iaas.cloud.ibm.com/v1/load_balancers/ba346f3c-6f09-4dd9-9318-1586f8cf8231/pools/33000f8f-1058-4bdf-842f-e50d03b0776e/members/c0a3ed35-6258-425c-b180-5edc9b7b79f3",
"port": 80,
"target": {
"address": "10.10.11.11"
},
"weight": 50,
"health": "unknown",
"created_at": "2019-04-16T19:52:55.906802206Z",
"provisioning_status": "create_pending"
}
Add Listener
Add a public front-end http listener for our web application using port 80 and assign it to back-end pool pool1
Syntax: Creates a listener
curl -X POST "$VPC_API_ENDPOINT/v1/load_balancers/$LB1/listeners?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"port\" : 80, \
\"protocol\" : \"http\", \
\"default_pool\" : { \"id\" : \"$POOL1\" } \
}"
Result
{
"id": "dd931f58-c399-405c-b288-7bd5dc00c496",
"href": "https://us-south.iaas.cloud.ibm.com/v1/load_balancers/ba346f3c-6f09-4dd9-9318-1586f8cf8231/listeners/dd931f58-c399-405c-b288-7bd5dc00c496",
"protocol": "http",
"port": 80,
"default_pool": {
"id": "33000f8f-1058-4bdf-842f-e50d03b0776e",
"href": "https://us-south.iaas.cloud.ibm.com/v1/load_balancers/ba346f3c-6f09-4dd9-9318-1586f8cf8231/pools/33000f8f-1058-4bdf-842f-e50d03b0776e",
"name": "pool1"
},
"provisioning_status": "create_pending",
"created_at": "2019-04-16T20:00:09.138558855Z"
}
Note: Load Balancer health checks will fail until the application is installed in section Install and Configure Application Software.
Because custom images are not supported (Bring-Your-Own-Image), we will enable access to the internet for each VPC instance so we can download the required application software. Since the VSIs are isolated from the internet, a floating IPs will be used to temporarily gain access. Once the application software has been installed, internet access will be disabled.
Reserve and associate a floating IP address to enable each instance to be reachable from the internet.
Syntax: Reserve a floating IP
FIP = app1fip
curl -X POST "$VPC_API_ENDPOINT/v1/floating_ips?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"app1fip\", \
\"zone\" : { \"name\" : \"$ZONE\" } \
}"
Result
{
"id": "1a42d8bd-aa46-465b-9533-759d68de9b57",
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::floating-ip:1a42d8bd-aa46-465b-9533-759d68de9b57",
"name": "app1fip",
"address": "169.61.245.0",
"href": "https://us-south.iaas.cloud.ibm.com/v1/floating_ips/1a42d8bd-aa46-465b-9533-759d68de9b57",
"status": "pending",
"created_at": "2019-04-16T20:27:09Z",
"zone": {
"name": "us-south-1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1"
},
"target": null,
"resource_group": {
"id": "00d24065a2ec44efb9de172e6d19b919"
}
}
- Environment variable:
APP1FIP=1a42d8bd-aa46-465b-9533-759d68de9b57
FIP = app2fip
curl -X POST "$VPC_API_ENDPOINT/v1/floating_ips?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"app2fip\", \
\"zone\" : { \"name\" : \"$ZONE\" } \
}"
Result
{
"id": "775fe1a1-2124-44d0-8164-3a3c00dbb916",
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::floating-ip:775fe1a1-2124-44d0-8164-3a3c00dbb916",
"name": "app2fip",
"address": "169.61.244.56",
"href": "https://us-south.iaas.cloud.ibm.com/v1/floating_ips/775fe1a1-2124-44d0-8164-3a3c00dbb916",
"status": "pending",
"created_at": "2019-04-16T20:29:31Z",
"zone": {
"name": "us-south-1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1"
},
"target": null,
"resource_group": {
"id": "00d24065a2ec44efb9de172e6d19b919"
}
}
- Environment variable:
APP2FIP=775fe1a1-2124-44d0-8164-3a3c00dbb916
FIP = data1fip
curl -X POST "$VPC_API_ENDPOINT/v1/floating_ips?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"data1fip\", \
\"zone\" : { \"name\" : \"$ZONE\" } \
}"
Result
{
"id": "02eda268-cbe4-47d7-bb2c-c28d47b5f376",
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::floating-ip:02eda268-cbe4-47d7-bb2c-c28d47b5f376",
"name": "data1fip",
"address": "169.61.244.85",
"href": "https://us-south.iaas.cloud.ibm.com/v1/floating_ips/02eda268-cbe4-47d7-bb2c-c28d47b5f376",
"status": "pending",
"created_at": "2019-04-16T20:35:26Z",
"zone": {
"name": "us-south-1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1"
},
"target": null,
"resource_group": {
"id": "00d24065a2ec44efb9de172e6d19b919"
}
}
- Environment variable:
DATA1FIP=02eda268-cbe4-47d7-bb2c-c28d47b5f376
FIP = data2fip
curl -X POST "$VPC_API_ENDPOINT/v1/floating_ips?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"data2fip\", \
\"zone\" : { \"name\" : \"$ZONE\" } \
}"
Result
{
"id": "2f906957-973d-4fbb-8c2a-ec5775d599d5",
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::floating-ip:2f906957-973d-4fbb-8c2a-ec5775d599d5",
"name": "data2fip",
"address": "169.61.245.24",
"href": "https://us-south.iaas.cloud.ibm.com/v1/floating_ips/2f906957-973d-4fbb-8c2a-ec5775d599d5",
"status": "pending",
"created_at": "2019-04-16T20:39:48Z",
"zone": {
"name": "us-south-1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1"
},
"target": null,
"resource_group": {
"id": "00d24065a2ec44efb9de172e6d19b919"
}
}
- Environment variable:
DATA2FIP=2f906957-973d-4fbb-8c2a-ec5775d599d5
Assign Public IPs to VSIs
Add a reserved IP address to each VPC instance's primary interface (obtained when each server was created).
Syntax: Associates a floating IP with a network interface
Associate app1fip to instance AppServ1
curl -X PATCH "$VPC_API_ENDPOINT/v1/floating_ips/$APP1FIP?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"target\" : { \"id\" : \"$APPSERV1_NIC0\" } }"
Result
{
"id": "1a42d8bd-aa46-465b-9533-759d68de9b57",
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::floating-ip:1a42d8bd-aa46-465b-9533-759d68de9b57",
"name": "app1fip",
"address": "169.61.245.0",
"href": "https://us-south.iaas.cloud.ibm.com/v1/floating_ips/1a42d8bd-aa46-465b-9533-759d68de9b57",
"status": "available",
"created_at": "2019-04-16T20:27:09Z",
"zone": {
"name": "us-south-1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1"
},
"target": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/3b5bf3b2-19bf-43b7-a9c7-27cc5e6b4106/network_interfaces/9d76a0dd-2fc2-47ef-ac42-c57da3eff344",
"id": "9d76a0dd-2fc2-47ef-ac42-c57da3eff344",
"name": "eth0",
"primary_ipv4_address": "10.10.11.6",
"resource_type": "network-interface",
"subnet": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/90a3b25a-6e42-4718-bf95-8eaf67083108",
"id": "90a3b25a-6e42-4718-bf95-8eaf67083108",
"name": "subnet1"
}
},
"resource_group": {
"id": "00d24065a2ec44efb9de172e6d19b919"
}
}
Associate app2fip to instance AppServ2
curl -X PATCH "$VPC_API_ENDPOINT/v1/floating_ips/$APP2FIP?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"target\" : { \"id\" : \"$APPSERV2_NIC0\" } }"
Result
{
"id": "775fe1a1-2124-44d0-8164-3a3c00dbb916",
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::floating-ip:775fe1a1-2124-44d0-8164-3a3c00dbb916",
"name": "app2fip",
"address": "169.61.244.56",
"href": "https://us-south.iaas.cloud.ibm.com/v1/floating_ips/775fe1a1-2124-44d0-8164-3a3c00dbb916",
"status": "available",
"created_at": "2019-04-16T20:29:31Z",
"zone": {
"name": "us-south-1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1"
},
"target": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/d0964dc9-4a33-452d-823b-4ebdd366154c/network_interfaces/4894653d-6535-4253-9d28-351402db0961",
"id": "4894653d-6535-4253-9d28-351402db0961",
"name": "eth0",
"primary_ipv4_address": "10.10.11.11",
"resource_type": "network-interface",
"subnet": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/90a3b25a-6e42-4718-bf95-8eaf67083108",
"id": "90a3b25a-6e42-4718-bf95-8eaf67083108",
"name": "subnet1"
}
},
"resource_group": {
"id": "00d24065a2ec44efb9de172e6d19b919"
}
}
Associate data1fip to instance MySQL1
curl -X PATCH "$VPC_API_ENDPOINT/v1/floating_ips/$DATA1FIP?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"target\" : { \"id\" : \"$MYSQL1_NIC\" } }"
Result
{
"id": "02eda268-cbe4-47d7-bb2c-c28d47b5f376",
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::floating-ip:02eda268-cbe4-47d7-bb2c-c28d47b5f376",
"name": "data1fip",
"address": "169.61.244.85",
"href": "https://us-south.iaas.cloud.ibm.com/v1/floating_ips/02eda268-cbe4-47d7-bb2c-c28d47b5f376",
"status": "available",
"created_at": "2019-04-16T20:35:26Z",
"zone": {
"name": "us-south-1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1"
},
"target": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/2e1e2720-bc9a-46d0-83a8-d5711f12074b/network_interfaces/46bc7db5-4c8d-4d7e-9274-81416fa99423",
"id": "46bc7db5-4c8d-4d7e-9274-81416fa99423",
"name": "eth0",
"primary_ipv4_address": "10.10.12.7",
"resource_type": "network-interface",
"subnet": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"id": "ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"name": "subnet2"
}
},
"resource_group": {
"id": "00d24065a2ec44efb9de172e6d19b919"
}
}
Associate data1fip to instance MySQL2
curl -X PATCH "$VPC_API_ENDPOINT/v1/floating_ips/$DATA2FIP?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"target\" : { \"id\" : \"$MYSQL2_NIC\" } }"
Result
{
"id": "2f906957-973d-4fbb-8c2a-ec5775d599d5",
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::floating-ip:2f906957-973d-4fbb-8c2a-ec5775d599d5",
"name": "data2fip",
"address": "169.61.245.24",
"href": "https://us-south.iaas.cloud.ibm.com/v1/floating_ips/2f906957-973d-4fbb-8c2a-ec5775d599d5",
"status": "available",
"created_at": "2019-04-16T20:39:48Z",
"zone": {
"name": "us-south-1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1"
},
"target": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/instances/fb481148-64e8-4c95-a9c5-b7c8b98b7908/network_interfaces/d374f88e-1172-432b-aa7e-60600e4a32e8",
"id": "d374f88e-1172-432b-aa7e-60600e4a32e8",
"name": "eth0",
"primary_ipv4_address": "10.10.12.12",
"resource_type": "network-interface",
"subnet": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/subnets/ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"id": "ec46126e-973d-46d7-bb2b-ea0e21dd0b89",
"name": "subnet2"
}
},
"resource_group": {
"id": "00d24065a2ec44efb9de172e6d19b919"
}
}
Create a Public Gateway to give access to the internet and deploy images to the application and database servers from the public repositories.
Syntax: Create a public gateway
Create Public Gateway
curl -X POST "$VPC_API_ENDPOINT/v1/public_gateways?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"name\" : \"vpc_pub_gw\", \
\"vpc\" : { \"id\" : \"$VPC\" }, \
\"zone\" : { \"name\" : \"$ZONE\" } \
}"
Result
{
"id": "6acc672b-8772-44e2-9b25-fcaa3e97ce53",
"name": "vpc_pub_gw",
"href": "https://us-south.iaas.cloud.ibm.com/v1/public_gateways/6acc672b-8772-44e2-9b25-fcaa3e97ce53",
"resource_type": "public-gateway",
"created_at": "2019-04-17T01:04:11Z",
"zone": {
"name": "us-south-1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1"
},
"vpc": {
"id": "71b4f281-df4d-453b-9ca9-15dddc671697",
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::vpc:71b4f281-df4d-453b-9ca9-15dddc671697",
"name": "vpc1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/71b4f281-df4d-453b-9ca9-15dddc671697"
},
"floating_ip": {
"id": "6acc672b-8772-44e2-9b25-fcaa3e97ce53",
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::floating-ip:6acc672b-8772-44e2-9b25-fcaa3e97ce53",
"name": "yearling-starch-shrank-igloo-curtsy",
"address": "169.61.244.214",
"href": "https://us-south.iaas.cloud.ibm.com/v1/floating_ips/6acc672b-8772-44e2-9b25-fcaa3e97ce53"
},
"status": "pending"
}
- Environment variable:
PUBGW=6acc672b-8772-44e2-9b25-fcaa3e97ce53
Add Public Gateway to each subnet
Syntax: Attaches a public gateway to a subnet
Subnet1
curl -X PUT "$VPC_API_ENDPOINT/v1/subnets/$SUBNET1/public_gateway?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"id\" : \"$PUBGW\" }"
Result
{
"id": "6acc672b-8772-44e2-9b25-fcaa3e97ce53",
"name": "vpc_pub_gw",
"href": "https://us-south.iaas.cloud.ibm.com/v1/public_gateways/6acc672b-8772-44e2-9b25-fcaa3e97ce53",
"resource_type": "public-gateway",
"created_at": "2019-04-17T01:04:11Z",
"zone": {
"name": "us-south-1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1"
},
"vpc": {
"id": "71b4f281-df4d-453b-9ca9-15dddc671697",
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::vpc:71b4f281-df4d-453b-9ca9-15dddc671697",
"name": "test_iam_vpc",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/71b4f281-df4d-453b-9ca9-15dddc671697"
},
"floating_ip": {
"id": "6acc672b-8772-44e2-9b25-fcaa3e97ce53",
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::floating-ip:6acc672b-8772-44e2-9b25-fcaa3e97ce53",
"name": "yearling-starch-shrank-igloo-curtsy",
"address": "169.61.244.214",
"href": "https://us-south.iaas.cloud.ibm.com/v1/floating_ips/6acc672b-8772-44e2-9b25-fcaa3e97ce53"
},
"status": "available"
}
Subnet2
curl -X PUT "$VPC_API_ENDPOINT/v1/subnets/$SUBNET2/public_gateway?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"id\" : \"$PUBGW\" }"
Result
{
"id": "6acc672b-8772-44e2-9b25-fcaa3e97ce53",
"name": "vpc_pub_gw",
"href": "https://us-south.iaas.cloud.ibm.com/v1/public_gateways/6acc672b-8772-44e2-9b25-fcaa3e97ce53",
"resource_type": "public-gateway",
"created_at": "2019-04-17T01:04:11Z",
"zone": {
"name": "us-south-1",
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1"
},
"vpc": {
"id": "71b4f281-df4d-453b-9ca9-15dddc671697",
"crn": "crn:v1:bluemix:public:is:us-south:a/843f59bad5553123f46652e9c43f9e89::vpc:71b4f281-df4d-453b-9ca9-15dddc671697",
"name": "test_iam_vpc",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/71b4f281-df4d-453b-9ca9-15dddc671697"
},
"floating_ip": {
"id": "6acc672b-8772-44e2-9b25-fcaa3e97ce53",
"crn": "crn:v1:bluemix:public:is:us-south-1:a/843f59bad5553123f46652e9c43f9e89::floating-ip:6acc672b-8772-44e2-9b25-fcaa3e97ce53",
"name": "yearling-starch-shrank-igloo-curtsy",
"address": "169.61.244.214",
"href": "https://us-south.iaas.cloud.ibm.com/v1/floating_ips/6acc672b-8772-44e2-9b25-fcaa3e97ce53"
},
"status": "available"
}
In our scenario we will configure the security groups to enable the required ports and protocols.
To allow ssh, MySQL, and HTTP traffic, in each security group do the following:
Syntax: Create a security group rule
Application Security Group
Add an inbound rule to allow all tcp access on port 22 for SSH access to the VSIs.
curl -X POST "$VPC_API_ENDPOINT/v1/security_groups/$APP_SG/rules?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"direction\" : \"inbound\", \
\"protocol\" : \"tcp\", \
\"port_min\" : 22, \
\"port_max\" : 22 \
}"
Result
{
"id": "b597cff2-38e8-4e6e-999d-000005159339",
"direction": "inbound",
"ip_version": "ipv4",
"protocol": "tcp",
"port_min": 22,
"port_max": 22
}
Add an inbound rule to allow all tcp access on port 80 for HTTP access to the web application.
curl -X POST "$VPC_API_ENDPOINT/v1/security_groups/$APP_SG/rules?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"direction\" : \"inbound\", \
\"protocol\" : \"tcp\", \
\"port_min\" : 80, \
\"port_max\" : 80 \
}"
Result
{
"id": "b597cff2-38e8-4e6e-999d-000005158885",
"direction": "inbound",
"ip_version": "ipv4",
"protocol": "tcp",
"port_min": 80,
"port_max": 80
}
Add an outbound rule to allow all outbound access
curl -X POST "$VPC_API_ENDPOINT/v1/security_groups/$APP_SG/rules?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"direction\" : \"outbound\", \
\"protocol\" : \"all\"
}"
Result
{
"id": "b597cff2-38e8-4e6e-999d-000005160823",
"direction": "outbound",
"ip_version": "ipv4",
"protocol": "all"
}
Data Security Group
Add an inbound rule to allow all tcp access on port 22 for SSH access to the VSIs.
curl -X POST "$VPC_API_ENDPOINT/v1/security_groups/$DATA_SG/rules?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"direction\" : \"inbound\", \
\"protocol\" : \"tcp\", \
\"port_min\" : 22, \
\"port_max\" : 22 \
}"
Result
{
"id": "b597cff2-38e8-4e6e-999d-000005159419",
"direction": "inbound",
"ip_version": "ipv4",
"protocol": "tcp",
"port_min": 22,
"port_max": 22
}
Add an inbound rule to allow all tcp access on port 3306 for MySQL (default port for MySQL).
curl -X POST "$VPC_API_ENDPOINT/v1/security_groups/$DATA_SG/rules?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"direction\" : \"inbound\", \
\"protocol\" : \"tcp\", \
\"port_min\" : 3306, \
\"port_max\" : 3306 \
}"
Result
{
"id": "b597cff2-38e8-4e6e-999d-000005159171",
"direction": "inbound",
"ip_version": "ipv4",
"protocol": "tcp",
"port_min": 3306,
"port_max": 3306
}
Add an outbound rule to allow all outbound access
curl -X POST "$VPC_API_ENDPOINT/v1/security_groups/$DATA_SG/rules?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token" \
-d "{ \"direction\" : \"outbound\", \
\"protocol\" : \"all\"
}"
Result
{
"id": "b597cff2-38e8-4e6e-999d-000005160445",
"direction": "outbound",
"ip_version": "ipv4",
"protocol": "all"
}
At this point the VPC infrastructure components are ready for the next step which is to deploy the application software to the VSIs and test the Load Balancer. Please go to Install and Configure Application Software for the next steps.
Once the environment is up and running, you can remove the floating IPs to remove public access on the VSIs.
Syntax: Disassociates specified floating IP
For example, to remove the floating IP on AppServ1:
curl -v -X DELETE "$VPC_API_ENDPOINT/v1/instances/$APPSERV1/network_interfaces/$APPSERV1_NIC0/floating_ips/$APP1FIP?version=$API_VERSION&generation=2" \
-H "Authorization: Bearer $iam_token"
The above command will generate a verbose output which will include an HTTP return code (204 expected). The system may take a couple of minutes to disassociate the floating IP.
Optionally, you can also release the Floating IPs if there is no longer a need for them.
Syntax: Release the specified floating IP
For example, to release floating IP app1fip:
curl -X DELETE "$VPC_API_ENDPOINT/v1/floating_ips/$APP1FIP?version=$API_VERSION&generation=2 \
-H "Authorization: $iam_token"