/azure-acme-foundation

A set of Azure Resource Manager templates and scripts for multi-tier, multi-tenant architectures

Primary LanguagePythonMIT LicenseMIT

Azure ACME Foundation Templates

See the feature-modular branch for a better way, that will be merged in due time.

TODO

  • Key vault
  • Service Map agent
  • Front-end load balancers
  • Docker registry and Jenkins
  • Postgres PaaS
  • Check timezones and locales in cloud-config
  • Automation account?
  • Tag solutions and OMS
  • Split monitoring and networking
  • Windows variant
  • Timestamp deployments
  • Full diagnostics and OMS configuration (solutions, dashboards, container support)
  • Docker CE repository added to all servers to ease deployment
  • Generic layer template
  • Jumpbox and diagnostics storage account
  • Networking

Note: Right now all VMs start a redis container for testing OMS monitoring. That will be removed in the future.

What

This is a set of scripts to generate and deploy Azure Resource Manager templates for multi-tier, multi-tenant solutions.

A tenant is defined as a set of resource groups, each of which maps to a typical application tier or environment:

  • foundation (networking, OMS monitoring and an SSH jumpbox)
  • data (IaaS database servers)
  • middleware (app servers)
  • frontend (front-end servers)
  • devops (Jenkins, etc.)

This is what the default monitoring dashboard looks like after a few minutes:

This is what it all looks like deployed, if you hide away storage and other inconsequentials:

Why

I needed a set of re-usable Azure templates that brought together a number of (sometimes quite widely disseminated) aspects of Linux infrastructure management (like diagnostics and monitoring) and that enabled me to get large-scale projects up to speed quickly.

As such, these templates have a number of distinguishing features from the standard Microsoft samples:

  • Everything is CLI-driven. Templates never leave your machine and are never published to a public URL
  • All layes share a foundation networking infrastructure and can be developed/tweaked independently
  • Server configurations include full Linux/Docker diagnostics, logging and monitoring, including a free tier OMS instance and sample dashboards
  • Linux package provisioning leverages cloud-config, making it easier to re-use existing on-premises (or competing providers') configurations
  • Resources and resource groups are namespaced and tagged to make it easy to deploy and manage multiple copies of the same solution for separate tenants

Why ACME? well, because I loved the Warner Bros. cartoons, and because these templates aim to let you do everything you'd possibly need to get your infrastructure running and usable in under an hour.

How

  • make keys - generates an SSH key for managing the servers
  • make params - generates ARM template parameters
  • make deploy-foundation - deploys the networking layer, the jumpbox, a diagnostics storage account and OMS for all servers
  • make deploy-<layername> - deploys a named layer using the generic-layer template
  • make endpoints - list DNS aliases
  • make destroy-<layername> - destroys the named layer

Recommended Sequence

# edit the Makefile to set the tenant name
# edit genparams.py to map layers to cloud-config files, set tags, etc.
az login
make keys
make params
make deploy-foundation
make deploy-data
make deploy-middleware
make deploy-frontend
make endpoints
make ssh

Requirements