emo Ansible package to install WordPress in a highly available 3-tier configuration on IBM Cloud. The target IBM Cloud IaaS environment is as defined in the IBM Solution Tutorial Web application serving from a secure private network. This utilises Vyatta routers to create a secure network enclosure on the IBM Cloud IaaS network with an IBM Cloud Load Balancer. Other infrastructure deployment options are also possible using Security Groups or VSIs on the private network.
The Ansible package described in this tutorial, deploys the following components into VSI’s hosted on the IBM Cloud.
- IBM Cloud Load Balancer
- httpd app server
This is written as a capability demostration of building high availability web sites using IBM Cloud IaaS and secure networking and is not intended as a fully functional WordPress deployment.
This pacakge supports two deployment options:
- Single site deployment of multiple httpd webservers with a single Mariadb database host with an IBM Cloud Load Balancer (CLB) as a local LB.
- Dual site high availability configuration, with webservers and DB’s deployed in two data centers, each with CLBs, fronted by IBM Cloud Internet Services (CloudFlare) as a global load balancer. The WordPress database is replicated master-master over the IBM Cloud private network.
Deployment architecture is determined dynamically based on the Ansible inventory file specifying two Mariadb servers in different data centers. The inventory file can be statically specified with manual deployment of hosts on IBM Cloud, or used with Ansible dynamic inventory with Terraform automated deployment of servers and LBs.
Single site deployment, using 3 Centos 7.x VSIs and a Cloud Load Balancer
Dual site deployment. This is the same as the single site configuration, but duplicated across two data centers, fronted by IBM Cloud Internet Services (CloudFlare) Global Load Balancer. In addition it also uses the Solution Tutorial Linking secure private networks over the IBM network to configure connectivity between the two data centers.
Install Ansible package
Create a new local directory
Download Ansible package from GitHub into the new directory
git clone https://github.com/stevestrutt/wordpress_ansible_ibmcloud
Configure Ansible Vault
This package was developed on OSX and as such requires sudo rights to execute some of the updates performed to the host file on the OSX control workstation and install modules for monitoring the state of the application. The OSX user password is saved as the encrypted variable ‘su_password’ in an Ansible Vault file in group_vars/control. The vault password is expected to be stored in the users home directory ~/vault_pass.txt. ansible.cfg in the root of the package defines the location of the vault password.
See the Ansible Vault documentation for how to encrypt the control workstation password and store as a vault file.
If this package is executed on Linux from a user with sudo rights, these step can be ignored.
Deploy IBM Cloud infrastructure
The single site target deployment environment is specified in the IBM Cloud Solution Tutorial –
Deploy the IBM IaaS infrastructure as described in this tutorial.
Configure Ansible inventory
Ansible inventory is defined in
When used with a manually deployed environment, host details take the form: app101 ansible_host=10.72.58.78 ansible_user=root
Alternatively an Ansible dynamic inventory script can be used. In this case no ansible_host definitions are required, only the existing ‘control’.
- Ansible_user set to root to be compatible with IBM Cloud default user
- host name is used to provide human readable names during execution
# Inventory file for IBM Cloud
#lb101 ansible_host=10.72.58.87 ansible_user=root
app101 ansible_host=10.72.58.78 ansible_user=root
app101 ansible_host=10.72.58.89 ansible_user=root
### If second data center
#app201 ansible_host=10.137.xx.xx ansible_user=root ansible_become=yes
#app202 ansible_host=10.137.xx.xx ansible_user=root ansible_become=yes
db101 ansible_host=10.72.58.86 ansible_user=root ansible_become=yes
### If second data center
#db201 ansible_host=10.137.xx.xx ansible_user=root ansible_become=yes
control ansible_connection=local ansible_become=yes
From the ansible_wordpress directory, run the Ansible playbook
ansible-playbook -i inventory site.yml
After about 5 minutes the Ansible playbook should have completed successfully with all tasks successful and no failures.
After initial installation, WordPress is not accessible via the GLB or CLB load balancers at the registered domain name of the website, due to a HTTP 503 response code.
The 503 HTTP response code is issued by the CLB as it considers the initial state of the WordPress website to be unhealthy. This is due to WordPress initially redirecting to the initial setup/configuration page. with a 302 ‘Temporary Redirect’ HTTP response code. CLB does not recognise this as a healthy state and propogates the 503 error.
A curl issued to the httpd webserver, clearly shows the 302 HTTP response code.
curl http://app101 -vS
The redirected URL is http://app101/wp-admin/install.php and is an expected part of WordPress initial setup. To resolve the 302 redirect, its necessary to perform the initial WordPress setup from the IBM private network by passing the load balancers.
At a web browser, enter the host name or IP address of one of the httpd webservers on the IBM Cloud private network:
This redirects to:
Perform initial setup and click ‘Install WordPress’. This configures the WordPress database, which is replicated to both sites.
Then login to the WordPress admin console using the userid and password just set.
Nagivate to the settings page and set the registered domain name for the website. Due to the initial browser access via http://app01 over the private network, this has been set by WordPress as the domain name. It is necessary to insert the correct registed domain name for the website, such that WordPress correctly constructs all the URLs to navigate between pages on the site from the Internet via the public load balancers. Failure to do so will result in broken page links while navigating the site.
Set the WordPress Address and Site Address to the desired domain name registered with your DNS provider.
Once saved. WordPress will now be available at the registered domain name.
At the end of this tutorial WordPress will be load balanced either within a single data center, or across two data centers.
The resilience of the site can be tested by selectively stopping the VSIs comprising the httpd app servers and the mariadb servers and monitoring the health of the load balancers from the IBM Cloud console.