Merging Clouds¶
Bcome lets you create namespaces across disparate clouds. This example shows a simple merged AWS EC2 & GCP inventory, where application servers from both clouds are placed into one inventory.
You may interact with merged inventories in the usual manner: via the console, from the terminal, or from your custom orchestation scripts.
The point of this guide is to demonstrate how simple this connectivity can be to set up.
Note
You may merge any inventories - irrespective of their origins.
Network Configuration¶
Below is my network configuration - my networks.yml configuration file. It defines two namespaces - one each per GCP & EC2, and within each I have a namespace named ‘wbzsite’ containing application servers, and a ‘jump’ namespace containing a jump host through which ingress into each respective network is achieved.
I then define an inventory of type inventory-merge
which I name multicloud_app
which provides a view on all my application servers from both cloud providers.
---
wbz:
type: collection
description: Entire WBZ estate
wbz:aws:
type: collection
description: WBZ aws estate
ssh_settings:
proxy:
host_lookup: by_bcome_namespace
namespace: aws:jump:bastion
network:
type: ec2
credentials_key: webzakimbo
provisioning_region: eu-west-1
filters:
instance-state-name: running
wbz:aws:all:
type: inventory
description: all production servers
hidden: true
network:
filters:
tag:stack: prod-net
wbz:aws:jump:
type: inventory-subselect
description: Operations namespace
subselect_from: aws:all
ssh_settings:
proxy: []
filters:
by_tag:
division: "xops"
function: "bastion"
wbz:aws:wbzsite:
type: inventory-subselect
description: Frontend wbzsite
subselect_from: aws:all
filters:
by_tag:
function: "frontend-wbzsite"
wbz:gcp:
type: collection
description: WBZ gcp estate
network:
type: gcp
project: wbznet
authentication_scheme: oauth
secrets_filename: wbz-net-oauth-secrets.json
service_scopes:
- https://www.googleapis.com/auth/compute.readonly
- https://www.googleapis.com/auth/cloud-platform
filters: status:running AND labels.environment=prod-net
zone: europe-west1-b
ssh_settings:
proxy:
- host_lookup: by_bcome_namespace
namespace: gcp:jump:bastion
wbz:gcp:all:
hidden: true
type: inventory
description: All Production environment
wbz:gcp:jump:
type: inventory-subselect
subselect_from: gcp:all
description: Public machines
ssh_settings:
proxy: []
filters:
by_label:
group: operations
function:
- bastion
wbz:gcp:wbzsite:
type: inventory-subselect
subselect_from: gcp:all
description: Frontend wbzsite
filters:
by_label:
group: application
function: frontend-wbzsite
wbz:multicloud_app:
type: inventory-merge
description: All application servers from AWS & GCP
contributors:
- gcp:wbzsite
- aws:wbzsite
Tree Hierarchy¶
Take a look the tree hierarchy, generated by invoking Bcome’s tree
command:
▐▆ Namespace tree wbz
│
├───╸ collection aws
│ ├───╸ inventory-subselect jump
│ │ └───╸ server bastion
│ │
│ └───╸ inventory-subselect wbzsite
│ ├───╸ server app1
│ └───╸ server app2
│
│
├───╸ collection gcp
│ ├───╸ inventory-subselect jump
│ │ └───╸ server bastion
│ │
│ └───╸ inventory-subselect wbzsite
│ ├───╸ server app_10s7
│ └───╸ server app_x52z
│
│
└───╸ inventory-merge multicloud_app
├───╸ server wbz_aws_wbzsite_app1
├───╸ server wbz_aws_wbzsite_app2
├───╸ server wbz_gcp_wbzsite_app_10s7
└───╸ server wbz_gcp_wbzsite_app_x52z
Routes¶
Take a look at the routes
output for my multicloud namespace - ingress to each respective cloud is achieved through different jump hosts, each origin cloud maintaining its own SSH configuration:
▐▆ Ssh connection routes wbz:multicloud_app
│
├───╸ proxy [1]
│ bcome node wbz:gcp:jump:bastion
│ host 104.155.101.98
│ user guillaume
│
│ ├───╸ server
│ │ namespace: wbz:multicloud_app:wbz_gcp_wbzsite_app_10s7
│ │ ip address 10.0.0.48
│ │ user guillaume
│ │
│ └───╸ server
│ namespace: wbz:multicloud_app:wbz_gcp_wbzsite_app_x52z
│ ip address 10.0.0.47
│ user guillaume
│
│
└───╸ proxy [1]
bcome node wbz:aws:jump:bastion
host 52.211.150.69
user ubuntu
├───╸ server
│ namespace: wbz:multicloud_app:wbz_aws_wbzsite_app1
│ ip address 10.0.27.219
│ user ubuntu
│
└───╸ server
namespace: wbz:multicloud_app:wbz_aws_wbzsite_app2
ip address 10.0.11.41
user ubuntu
Ascii Cast¶
The following Asciicast presents a quick demonstration of connectivity to our multi-cloud merged inventory:
Note
To replay this Asciicast in your own terminal, install the asciinema
package from https://asciinema.org/, and then enter the following in your terminal:
asciinema play https://asciinema.org/a/vW24SCPt8ZXpZ9Hq0BurPZ70F