HOWTO build microservices infrastructure with Mantl

Mantl is a platform for rapidly deploying a global distributed infrastructure

Overview

I’ve been watching ciscocloud/microservices-infrastructure for awhile, an ambitious project designed to get a microservices infrastructure setup with a reasonable set of defaults. Now they seem to be getting more serious about the project and have renamed it mantl, which they define as, “A container orchestrator, docker, a network stack, something to pool your logs, something to monitor health, a sprinkle of service discovery and some automation”. This sounds amazing, and certainly similar to something I did/try to do with my stax project… but just like with stax, there’s lots to do up front. Let’s give it a go. Will run it on AWS, but note that it can also be run on Vagrant, Openstack, Google Compute Engine, as well as bare metal, via Terraform. As usual I’m working from Debian, so if you’re in something else, or OSX, your initial setup will vary.

Mantl

Getting started

Installing required software

apt-get update; apt-get install -y git curl unzip python-pip python-crypto-dbg
pip install ansible markupsafe

Installing and configuring mantl

git clone https://github.com/CiscoCloud/mantl
cd mantl
pip install -r requirements.txt
cp terraform/aws.sample.tf aws.tf
provider "aws" {
  access_key = "***REMOVED***"
  secret_key = "***REMOVED***"
  region = "us-east-1"
}

module "aws-dc" {
  source = "./terraform/aws"
  availability_zone = "us-east-1e"
  control_type = "t2.small"
  worker_type = "t2.small"
  ssh_username = "centos"
  source_ami = "ami-96a818fe"
  control_count = 3
  worker_count = 3
}

In AWS setup permssions and access control

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1433450536000",
      "Effect": "Allow",
      "Action": [
        "ec2:AttachInternetGateway",
        "ec2:AttachVolume",
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:CreateInternetGateway",
        "ec2:CreateRoute",
        "ec2:CreateRouteTable",
        "ec2:CreateSecurityGroup",
        "ec2:CreateSubnet",
        "ec2:CreateTags",
        "ec2:CreateVolume",
        "ec2:CreateVpc",
        "ec2:DeleteInternetGateway",
        "ec2:DeleteKeyPair",
        "ec2:DeleteRouteTable",
        "ec2:DeleteSecurityGroup",
        "ec2:DeleteSubnet",
        "ec2:DeleteVolume",
        "ec2:DeleteVpc",
        "ec2:DescribeImages",
        "ec2:DescribeInstances",
        "ec2:DescribeInternetGateways",
        "ec2:DescribeKeyPairs",
        "ec2:DescribeNetworkAcls",
        "ec2:DescribeRouteTables",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeSubnets",
        "ec2:DescribeVolumes",
        "ec2:DescribeVpcAttribute",
        "ec2:DescribeVpcs",
        "ec2:DetachInternetGateway",
        "ec2:DetachVolume",
        "ec2:ImportKeyPair",
        "ec2:ModifyInstanceAttribute",
        "ec2:ModifyVpcAttribute",
        "ec2:ReplaceRouteTableAssociation",
        "ec2:RevokeSecurityGroupEgress",
        "ec2:RunInstances",
        "ec2:TerminateInstances"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}
./security-setup

NOTE provide new admin password when prompted

ssh-keygen -b 2048 -f ~/.ssh/id_rsa -P ''
terraform get
terraform apply
ansible all -i plugins/inventory/terraform.py -m ping
cp terraform.sample.yml terraform.yml
vi terraform.yml
ansible-playbook -i plugins/inventory/terraform.py -e @security.yml terraform.yml

NOTE this things take time (about 30 minutes in my tests)

Login to Marathon

Conclusion

The Mantl project feels very well thought out, and once you have it up and running you can start to understand how all the bits work together. I think this is a far better way than trying to reinvent the wheel youself and have to deal with the new shinny apps out there that just don’t seem ready for primetime, or at least not mature enough to play well with others. I’m going to try and get this running within Vagrant and will report back if that’s successful on my laptop.

 
comments powered by Disqus