Serverless phpIPAM on Cloud Run
Introduction
phpIPAM is a free and open-source IP address management (IPAM) software that helps you to organize, track, and manage your IP address space. It is a powerful tool for networking teams of all sizes, and it can be used to manage IP addresses for a variety of purposes, including:
- IP address management: track all IP addresses on a network, including their status, assignment, and associated devices.
- Subnet management: manage subnets, including their size, range, and VLAN assignments. It can also be used to create, split, merge and delete subnets.
- Advanced reporting and analytics: providing advanced reports and analytics on IP address usage, subnet utilization, and other IP address-related data.
If you are managing a small network, such as a home network or a small office network, you may be able to use a Spreadsheet or Excel file to track your IP addresses and subnets. However, if you are managing a medium or large network, or if you need to comply with industry regulations and standards, then you should consider using an IP address management (IPAM) software solution like phpIPAM.
Cloud Run is a fully managed, serverless, computing platform that makes it easy to deploy and run containerized web applications without having to worry about infrastructure. It is a good choice for running phpIPAM because because it is scalable, reliable, and cost-effective.
This article describes a method for accelerating the deployment of phpIPAM software on Cloud Run using Terraform and a blueprint from Cloud Foundation Fabric.
Prerequisites
- A Google Cloud Platform (GCP) account
- Google Cloud SDK
- Both Terraform and Git installed on your local machine
This example will deploy all its resources into the project defined by the project_id variable. Please note that we assume this project already exists, if that is not the case you might want to create it providing the appropriate values to the project_create variable.
The main components that are deployed in this architecture are the following:
- Cloud Run: serverless PaaS offering to host containers for web-oriented applications, while offering security, scalability and easy versioning
- Cloud SQL: Managed solution for SQL databases
- VPC Serverless Connector: Solution to access the CloudSQL VPC from Cloud Run, using only internal IP addresses
- Global Application Load Balancer (*): An external Application Load Balancer is a proxy-based Layer 7 load balancer that enables you to run and scale your services behind a single external IP address.
- Cloud Armor (*): Help protect your applications and websites against denial of service and web attacks.
- Identity Aware Proxy (*): IAP lets you establish a central authorization layer for applications accessed by HTTPS, so you can use an application-level access control model instead of relying on network-level firewalls.
- Regional Internal Application Load Balancer (*): A Google Cloud internal Application Load Balancer is a regional proxy-based layer 7 load balancer that enables you expose your services behind a single internal IP address.
(*) Product deployment depends on input variables
By default, phpIPAM will be exposed externally through a Global Application Load Balancer (GALB). This means that anyone with an internet connection will be able to access the application. If you need to restrict access to the application to specific identities, you can configure Identity-Aware Proxy (IAP) using the iap variable. It is also possible to blacklist a given list of IP addresses using the security_policy variable, configuring Cloud Armor accordingly. An alternative approach is to deploy the application internally using an Internal Application Load Balancer.
Indeed, setting the phpipam_exposure variable to INTERNAL will deploy an Internal Application Load Balancer (ILB) on the same VPC as the phpIPAM application. This may be the preferred option for enterprises because it prevents the application from being exposed to the public internet, while still allowing internal access through the private network (via either VPN or Interconnect).
Deployment
Step 0: Cloning the repository
If you want to deploy from your Cloud Shell, click on the image below, sign in if required and when the prompt appears, click on “confirm”.
Otherwise, clone the repo locally, executing the following git command:
git clone https://github.com/GoogleCloudPlatform/cloud-foundation-fabricStep 1: Prepare the variables
Navigate the cloned repository to the directory of this tutorial (blueprints/third-party-solutions/phpipam).
Configure the Terraform variables in your terraform.tfvars file. Rename or copy the terraform.tfvars.sample sample file to terraform.tfvars and edit both prefix and project_id variables. For more information on customizing variables, please refer to the README file. Below is a sample terraform.tfvars file:
prefix = "tmp"
project_id = "my-phpipam-project"Step 2: Deploy resources
Initialize your Terraform environment and deploy the resources with the following commands:
terraform init
terraform applyNote: terraform apply will prompt you to confirm the plan, type “yes” and press enter to confirm and proceed with the deployment.
Step 3: Bootstrap phpIPAM
Upon completion, you will see the output with the values for the Cloud Run service and the user and password to access the application. You can also view it later with:
terraform output
# or for the concrete variable:
terraform output cloud_run_serviceTo access the newly deployed application first get the default phpIPAM url from the terraform output in the form {IP_ADDRESS}.nip.io
Note: nip.io is an open-source DNS service that facilitates the mapping of hostnames to IP addresses. When a hostname resolves to the IP address of a Google Cloud Load Balancer (LB), the Google managed certificate will be properly configured on the LB. However, it may take some time after deployment for the certificate to become operational.
Open your browser at that URL and you will see your phpIPAM installation page, like the following one:
Click on “New phpipam installation”. On the next page click “Automatic database installation” button. You will be prompted to fill out a form with the following fields:
Insert “admin” as the MySQL username and the password available on the terraform output of this command below (without quotes). Untick the “Create new database” otherwise you’ll get an error during installation, leave all the other values as default and then click on “ Install phpipam database”.
terraform output cloudsql_passwordAfter some time a “Database installed successfully!” message should pop up. Then click “continue” and you’ll be prompted to the last form for configuring admin credentials:
Insert the phpIPAM password available in the output of the following command and choose a site title. Then insert the site url and click “Save settings”. “A Settings updated, installation complete!” message should pop up and clicking “Proceed to login.” will redirect you to the login page.
Be aware this is just a convenient way to have a backup admin password in terraform, you could use whatever password you prefer.
terraform output phpipam_passwordInsert “admin” as username and the password configured on the previous step and after login you’ll finally get to the phpIPAM homepage.
Cleaning up your environment
The easiest way to remove all the deployed resources is to run the following command:
terraform destroyThe above command will delete the associated resources so there will be no billable charges made afterwards.
If you are curious about how to keep track of Google Cloud Platform subnets on phpIPAM software please drop a comment on this article!
