Add Region in Multi-Cloud PaaS

This guide shows how to configure a new region, which can be included as a part of the Multi-Cloud PaaS. Regions are independent hardware sets with separate network configurations (usually hardware from different data centers). Follow the next steps:

If you want to run multiple hosts in the region, check the Additional Hosts section below.

Hardware Side Configuration

The exact steps may vary for different vendors, but the general flow should remain the same. We’ll check the following platforms as an example:

Vultr Configuration

1. Create the first VM for the region by following the PaaS Installation on Vultr guide.

2. Once created, you need to get an additional public address (for the region’s Shared Load Balancer).

Expand the Deploy menu at the top-right corner and select the Add Reserved IP option.

deploy reserved IP

3. Choose a location (e.g., Frankfurt) and type (IPv4) for your IP, provide some label and click Add.

add reserved IP

4. Next, you need to adjust your new IP and attach it to the server where the Shared Load Balancer will be installed.

edit reserved IP

5. In the opened Manage Reserved IP dialog, go to the Attach to server section and choose the required server from the drop-down list (i.e., the one created for the new region in the first step of this guide).

attach reserved IP

Click Attach to confirm changes.

Now, proceed to the region creation on the PaaS side.

Google Cloud Configuration

1. Create a VPC network in the Google Cloud Platform region where you want to create a new Virtuozzo Application Platform region.

1.1. In the VPC network section, click the Create VPC Network button.

Google create VPC network

1.2. Provide the preferred name and description for your VPC network.

VPC network name

1.3. Create a subnet for your VPC network. Choose any free IPv4 range for the subnet. It is enough to use /24 CIDR (Classless Inter-Domain Routing). For example, if the default subnet for the region is 10.0.0.0/24, you can use 10.0.1.0/24, 10.0.2.0/24, etc.

Google network subnet

The same VPC network creation process can be done using Google Cloud CLI:

1
2
gcloud compute networks create <network name> --project=<your project> --subnet-mode=custom --mtu=1460
gcloud compute networks subnets create <subnet name> --project=<your project> --range=<IP range> --stack-type=IPV4_ONLY --network=<network name> --region=<region>

Here:

  • <network name> – any preferred name for the network
  • <your project> - project where to create a network and a new region
  • <subnet name> - any preferred subnet name
  • <IP range> - IP range, /24 CIDR is enough (as explained in the previous step)
  • <region> - region where to create a network

2. Add firewall rules for the created VPS network.

2.1. Select your new network, go to Firewall policies, and click the Create Firewall Rule button.

Google create firewall rule

2.2. Allow the following ports for the external traffic:

  • TCP: 22,53,80,443,3022,4848,4949,7979,11000-12000,4901-4910,8443,8080,8081
  • UDP: 53,11000-12000
  • ICMP (optional)

external traffic rule

Alternatively, use Google Cloud CLI:

1
gcloud compute --project=<your project> firewall-rules create <rule name> --direction=INGRESS --priority=1000 --network=<network name> --action=ALLOW --rules=tcp:22,tcp:53,tcp:80,tcp:443,tcp:3022,tcp:4848,tcp:4949,tcp:7979,tcp:11000-12000,tcp:4901-4910,tcp:8443,tcp:8080,tcp:8081,udp:53,udp:11000-12000,icmp --source-ranges=0.0.0.0/0

Here:

  • <rule name> - any preferred name for the firewall rule
  • <network name> - name of the VPS network created in the previous step
  • <your project> - Google Cloud project where a new region is created

2.3. Allow the following ports for the internal traffic (use VPS network subnet IP range as Source IP range):

  • TCP: 8080,22,5555,64000
  • UDP: 4789

internal traffic rule

Alternatively, use Google Cloud CLI:

1
gcloud compute --project=<your project> firewall-rules create <rule name> --direction=INGRESS --priority=1000 --network=<network name> --action=ALLOW --rules=tcp:8080,tcp:22,tcp:5555,tcp:64000,udp:4789 --source-ranges= <IP range>

Here:

  • <rule name> - any preferred name for the firewall rule
  • <network name> - name of the VPS network created in the previous step
  • <your project> - Google Cloud project where a new region is created
  • <IP range> - IP range, /24 CIDR is enough (as explained in the first step)

3. Create a VM instance for your new region.

3.1. Open the VM Instances section and click the Create Instance button.

Google create instance

3.2. Configure your VM by specifying the preferred name, region and zone, machine type, etc.

Google configure VM

3.3. Next, select the Centos 7 as your Boot disk and provide at least 200 GB of disk space.

boot disk options

3.4. For the Networking settings, choose the network interface configured in the previous steps.

networking settings

3.5. Optionally, add a public SSH key for remote connections via any SSH clients. You can still connect via SSH-in-browser if not provided.

Google SSH key

Create the configured instance when ready.

Alternatively, use Google Cloud CLI:

1
2
3
4
5
6
gcloud compute instances create <VM name> \
--project=<your project> \
--zone=<zone> \
--machine-type=<machine type> \
--network-interface=stack-type=IPV4_ONLY,subnet=<subnet name> \
--create-disk=auto-delete=yes,boot=yes,device-name=<disk name>,image=projects/centos-cloud/global/images/centos-7-v20231115,mode=rw,size=<disk size>

Here:

  • <VM name> - any preferred name for the new VM
  • <your project> - Google Cloud project where to create a new region
  • <zone> - zone where to create a new region
  • <machine type> - machine type to define the total amount of resources available for a platform (number of CPU cores and RAM)
  • <subnet name> - name of the subnet created in the previous steps
  • <disk name> - any preferred disk name
  • <disk size> - disk size in GB (no less than 200)

Now, proceed to the region creation on the PaaS side.

DigitalOcean Configuration

Follow the first four steps of the Add VM on DigitalOcean guide.

If it is the first host of a new region, you need to additionally assign a reserved IP. It will be used as an external IP for Shared Load Balancer.

1. Open the Droplet settings, go to the Networking section, and click Enable now for Reserved IP.

DigitalOcean add reserved IP

2. Choose the required Droplet and click the Assigned Reserve IP button.

DigitalOcean assign reserved IP

3. The IP will be provided in a minute.

DigitalOcean reserved IP list

Next, proceed to the region creation on the PaaS side.

PaaS Side Configuration

1. Go to the installed platform’s admin panel and add a new region. Follow the linked guide to fill in the form.

add new region

Pay close attention to:

  • domain of the new region (check the DNS Zones Delegation Requirements document for more information)
  • network (Subnet) must not be used for another region
    • Google Cloud – additionally, the chosen network must not interfere with Google Cloud Platform subnetworks
      Note: Do not use the 172.17.0.0/16 network (or subnet) as it will interfere with the Docker network.
  • it is not recommended to assign a whole subnet for user containers (User Containers IP Range) - keep a few addresses for the new host nodes
  • add Shared Load Balancer (the Name Servers section) using the external IP address from the previous step and internal IP from the defined network
    • Vultr and DigitalOcean - use an external IP address (Reserved IP) and internal IP from the defined network
    • Google Cloud – use an external IP address of the appropriate VM and internal IP from the defined network
  • Docker Host Settings can be specified arbitrarily. These values will be overridden when adding the first host (see steps below)

2. Once the new region is created, you need to add the address of its private subnet to the jelastic.net.subnetworks system setting. Otherwise, containers in the new region may have limited external network access.

edit subnetworks setting

Notes:

  • This setting can be empty for single-region installations.
  • When adding a second region, you need to add both the default and new region subnetworks separated by semicolons.
  • For third and subsequent regions, only the new subnetwork should be added.

3. Next, add a host group for the created region.

add host group

4. Connect to your VM via SSH as root and make the following adjustments:

  • set root password - execute the passwd (sudo passwd root) command
  • edit the /etc/ssh/sshd_config file to:
    • allow password authentication - set the “PasswordAuthentication yes” parameter
    • allow root login – set the “PermitRootLogin yes” parameter

If needed, restart sshd (service sshd restart) to apply changes.

5. Add a new host via UI wizard as described in the linked guide. Use the IP address from the region network defined in the previous steps.

add host

In the Advanced Settings tab, check the following values:

  • Use as Docker Host (enable)
    Note: The “Use as Docker Host” config is for the first host in the region only. For additional host specifics, refer to the dedicated section below.
  • Use L2 Overlay Network (use the same IP address as on the previous tab)
  • External IP and Real External IP (the main IP address of the VM)

    Note: For the Google Cloud VM, use VM’s internal address as host’s External IP and VM’s external address as host’s Real External IP.

    Google Cloud VM IPs

add host advanced settings

Add a tunnel to the infrastructure host on the last Virtual Networks tab (for the first host in the region only).

10-add-host-virtual-networks.png

Click Add and wait for the host to be added.

Creating Shared Load Balancer

Create the region’s Shared Load Balancer as described in the linked document. Use the Reserved IP (Vultr and DigitalOcean) or external IP address of the VM (Google Cloud) added in the Hardware Side Configuration section of this guide as the SLB’s external IP.

Additional Hosts for Region

1. Create a new VM:

Note: Use linked guides to create VMs only. A step to add a new VM as host to the Virtuozzo Application Platform is described below.

You do not need to add Reserved IP (Vultr and DigitalOcean) for extra hosts in the region.

2. Next, add the host in the admin panel similarly to how you’ve added the first host. However, do not set “Use as Docker Host” on the Advanced Settings tab, and do not create any Virtual Networks.

additional host settings

Click Add and wait for the new host to be added.

What’s next?