Merging Clouds

Bcome lets you create namespaces across disparate clouds. This example shows a simple merged AWS EC2 & GCP inventory, where application servers from both clouds are placed into one inventory.

You may interact with merged inventories in the usual manner: via the console, from the terminal, or from your custom orchestation scripts.

The point of this guide is to demonstrate how simple this connectivity can be to set up.

Note

You may merge any inventories - irrespective of their origins.

Network Configuration

Below is my network configuration - my networks.yml configuration file. It defines two namespaces - one each per GCP & EC2, and within each I have a namespace named ‘wbzsite’ containing application servers, and a ‘jump’ namespace containing a jump host through which ingress into each respective network is achieved.

I then define an inventory of type inventory-merge which I name multicloud_app which provides a view on all my application servers from both cloud providers.

---
wbz:
  type: collection
  description: Entire WBZ estate

wbz:aws:
  type: collection
  description: WBZ aws estate

  ssh_settings:
    proxy:
      host_lookup: by_bcome_namespace
      namespace: aws:jump:bastion

  network:
    type: ec2
    credentials_key: webzakimbo
    provisioning_region: eu-west-1
    filters:
      instance-state-name: running

wbz:aws:all:
  type: inventory
  description: all production servers
  hidden: true

  network:
    filters:
      tag:stack: prod-net

wbz:aws:jump:
  type: inventory-subselect
  description: Operations namespace
  subselect_from: aws:all
  ssh_settings:
    proxy: []
  filters:
    by_tag:
      division:  "xops"
      function: "bastion"

wbz:aws:wbzsite:
  type: inventory-subselect
  description: Frontend wbzsite
  subselect_from: aws:all
  filters:
    by_tag:
      function:  "frontend-wbzsite"

wbz:gcp:
  type: collection
  description: WBZ gcp estate
  network:
    type: gcp
    project: wbznet
    authentication_scheme: oauth
    secrets_filename: wbz-net-oauth-secrets.json
    service_scopes:
    - https://www.googleapis.com/auth/compute.readonly
    - https://www.googleapis.com/auth/cloud-platform
    filters: status:running AND labels.environment=prod-net
    zone: europe-west1-b

  ssh_settings:
    proxy:
      - host_lookup: by_bcome_namespace
        namespace: gcp:jump:bastion

wbz:gcp:all:
  hidden: true
  type: inventory
  description: All Production environment


wbz:gcp:jump:
  type: inventory-subselect
  subselect_from: gcp:all
  description: Public machines
  ssh_settings:
    proxy: []
  filters:
    by_label:
      group: operations
      function:
       - bastion

wbz:gcp:wbzsite:
  type: inventory-subselect
  subselect_from: gcp:all
  description: Frontend wbzsite
  filters:
    by_label:
      group: application
      function: frontend-wbzsite

wbz:multicloud_app:
  type: inventory-merge
  description: All application servers from AWS & GCP
  contributors:
  - gcp:wbzsite
  - aws:wbzsite

Tree Hierarchy

Take a look the tree hierarchy, generated by invoking Bcome’s tree command:

▐▆   Namespace tree wbz
│
├───╸ collection aws
│         ├───╸ inventory-subselect jump
│         │         └───╸ server bastion
│         │
│         └───╸ inventory-subselect wbzsite
│                   ├───╸ server app1
│                   └───╸ server app2
│
│
├───╸ collection gcp
│         ├───╸ inventory-subselect jump
│         │         └───╸ server bastion
│         │
│         └───╸ inventory-subselect wbzsite
│                   ├───╸ server app_10s7
│                   └───╸ server app_x52z
│
│
└───╸ inventory-merge multicloud_app
          ├───╸ server wbz_aws_wbzsite_app1
          ├───╸ server wbz_aws_wbzsite_app2
          ├───╸ server wbz_gcp_wbzsite_app_10s7
          └───╸ server wbz_gcp_wbzsite_app_x52z

Routes

Take a look at the routes output for my multicloud namespace - ingress to each respective cloud is achieved through different jump hosts, each origin cloud maintaining its own SSH configuration:

▐▆   Ssh connection routes wbz:multicloud_app
│
├───╸ proxy [1]
│     bcome node wbz:gcp:jump:bastion
│     host 104.155.101.98
│     user guillaume
│
│         ├───╸ server
│         │     namespace: wbz:multicloud_app:wbz_gcp_wbzsite_app_10s7
│         │     ip address 10.0.0.48
│         │     user guillaume
│         │
│         └───╸ server
│               namespace: wbz:multicloud_app:wbz_gcp_wbzsite_app_x52z
│               ip address 10.0.0.47
│               user guillaume
│
│
└───╸ proxy [1]
      bcome node wbz:aws:jump:bastion
      host 52.211.150.69
      user ubuntu

          ├───╸ server
          │     namespace: wbz:multicloud_app:wbz_aws_wbzsite_app1
          │     ip address 10.0.27.219
          │     user ubuntu
          │
          └───╸ server
                namespace: wbz:multicloud_app:wbz_aws_wbzsite_app2
                ip address 10.0.11.41
                user ubuntu

Ascii Cast

The following Asciicast presents a quick demonstration of connectivity to our multi-cloud merged inventory:

Note

To replay this Asciicast in your own terminal, install the asciinema package from https://asciinema.org/, and then enter the following in your terminal:

asciinema play https://asciinema.org/a/vW24SCPt8ZXpZ9Hq0BurPZ70F