One place for hosting & domains

      17 Ways to Build a Massive Following on Instagram for Your Website


      Instagram is one of the most popular social media platforms among younger users. Even so, “Gen Z” might still be ignoring your image feed. While this may be frustrating, it’s not an insurmountable problem.

      Fortunately, there are plenty of ways to take a well-rounded approach to Instagram infamy. This means you can take advantage of the 200 million Instagram users who visit business-niche profiles daily — including the key 18–24 demographic.

      In this article, we’ll take a look at what makes Instagram such a hot property for marketing right now. Then, we’ll show you how to create a strategy and highlight 17 growth tactics you can put to work. Let’s get started!

      What Makes Instagram a Valuable Marketing Tool for Your Website

      Instagram continues to be one of the fastest-growing social media platforms available. In fact, it’s grown 5–6% in terms of users in the United States over the past year, continues to trend upward, and is actually more popular among teenagers than adults.

      Given this, let’s take a look at some of the benefits of using the Instagram app as a marketing platform:

      • It’s visual. We all know the phrase, “a picture is worth a thousand words” — it almost applies to Instagram itself. Your images can reach millions of people on the platform and can quickly deliver valuable visual messages about your business.
      • You can start for free. You can jump on Instagram within seconds to start an account at no cost. While advanced features and Instagram ads have a price tag, you can still use the platform to build a following and post brand-relevant content.
      • Integrations are easy. Integrating with other social channels (such as Facebook) is a snap. This means you can post to multiple platforms with a minimum of clicks.

      Additionally, when it comes specifically to dedicated advertising features, you can also use Instagram’s popular Stories ads option. In fact, Clif Bar did this — and when they used quirky, memorable videos across all formats, it resulted in a 28-point lift in ad recall among followers.

      Your Instagram Bio Needs a Website Link

      We’ll make sure your website is fast, secure, and always up so your visitors trust you. Plans start at $2.59/mo.

      How to Create an Instagram Marketing Strategy

      When it comes to marketing on Instagram, some best practices can help enhance your results. As a foundation, note that establishing a strategy is not the equivalent of posting pictures when you feel like it.

      Some helpful starting points for setting your strategy include:

      • Identify Your Instagram Goals. SMART goals are valuable when it comes to creating a measurable plan. In this case, it’s best to set your goals so they fall within the strengths the Instagram platform offers.
      • Research Your Target Audience. The more you know about your potential customers, the more likely you are to deliver content they’ll be interested in. Google’s Consumer Insights tool can help you gather valuable audience research data.
      • Set Your Instagram Theme. This should support your brand and overall business mission and vision. All of your content should then tie into that theme.
      • Choose Your Growth Tactics. Keeping up to date with Instagram trends can help you implement your next steps with the platform. By doing this, you’ll be much better prepared to take the next level with Instagram marketing, when your business shows signs it’s ready to grow.

      With the above in mind, some specific tactics can help you build a massive following on Instagram. After all, you want as many targeted followers as you can get for your marketing efforts to pay off.

      17 Ways to Build a Massive Following on Instagram

      Instagram offers some unique, visual opportunities that are not as prevalent on other platforms. Given this, here are 17 tips to help as you begin marketing with Instagram.

      1. Use the Best Filters

      Instagram filters are a way to apply corrective or artistic features to your images without the need to use editing software. These are applied before you post an image to your feed.

      Instagram offers quite a few filters already built into the app. These typically play with the color and light in your images. However, filters can be used to help create a cohesive look for your feed. By including in-house guidance regarding which filters can and can’t be used by your marketing team, followers will begin to associate it with your brand.

      2. Post Consistently

      Posting consistently lets your followers know they can always rely on fresh content from you. This means they’ll also be more likely to make your feed a regular stop when they get online. One way to do this is to create a content calendar like the example Instagram provides.

      ‘Instagram’s sample content calendar’.

      When it comes to posting content, consistency can also help build trust with users. This is one way you can use Instagram to build and maintain relationships with your customers.

      3. Use Relevant Hashtags

      The “hashtag” — also called the “pound” sign or “octothorpe” — is used to make certain phrases or words in a post searchable. This helps categorize them and makes it easier for visitors to find the content they’re looking for.

      Hashtags are meant to be used often, but you do have to watch for those not representing your brand well enough. For the right hashtags, using the same ones consistently can lead to higher rates of engagement with your visitors.

      Additionally, if you use an Instagram business account, you can access data about your hashtags and see which ones perform the best.

      4. Organize Your Stories into Highlights on Your Profile

      Instagram Stories enables you to combine images and videos together into a dynamic slideshow on your feed. To give you more control over your stories and how viewers see them, Instagram introduced the “Highlights” feature.

      ‘Example of Highlights from the Ellen DeGeneres Show Instagram feed’.

      Highlights remain visible until you take them down, so they’re akin to pinned posts on other platforms.

      This is a dynamic way to make sure users who are new to your feed get the most critical information front and center — for example, Highlights relating to your brand story or goals.

      5. Utilize Video

      Overall, marketers overwhelmingly agree that video ads give them a worthwhile Return On Investment (ROI). It can also help you develop leads and directly increase sales. While your videos are limited to 60 seconds (with the exception of IGTV), you can enhance them with filters, hashtags, text, and location tags.

      Although it started out strictly as a photo-sharing platform, Instagram quickly added the ability for users to share short videos. These videos can be used to leverage content such as influencer interviews or product demonstrations as a way to engage with your followers.

      6. Geotag Your Instagram Photos

      Instagram uses geolocation technology to afford users the ability to tag their posts with their exact location. This can be helpful when trying to build a following. For example, if your business doesn’t have a listed location on Instagram, you can use your connected Facebook account to create one.

      Once you’ve done this, visitors to your business can tag their posts with your location. This gives you a lot of visibility throughout Instagram and also allows you the opportunity to use geotagging to run contests, promote events, or find influencers in your area.

      7. Post at Ideal Times

      Saying that there is one definitive “best time” for posting on Instagram is not simple. Data collected by different marketing firms shows a wide variety of peak times. However, collecting some of your own data is likely the best way to target the ideal time for your audience.

      Instagram Business accounts can view insights for their account in three main areas. This includes content, activity, and audience. Keeping track of these stats can help you determine the best time to post so you reach more followers. Additionally, the days you post also have an impact on how well your posts and promotions are received.

      8. Cross-Post on Other Platforms

      Cross-posting is a technique used to easily push your Instagram posts out to other platforms.

      For example, Application Programming Interfaces (APIs) enable you to connect Instagram to your WordPress website using a plugin such as Blog2Social.

      ‘The Blog2Social plugin for WordPress’.

      With this, you can send your blog posts to Instagram or vice versa. Even if you cross-post your content manually, it’s an excellent way to reach users who only use one particular platform and would miss out on your content otherwise.

      9. Socialize With Your Followers

      Instagram gives you a great way to connect with your followers. It has very few on-screen distractions, and you can guide the conversation with the imagery you use.

      Even more importantly, customers want brands to connect with them — they’re more likely to purchase from brands with a strong social media presence. In fact, 76% of people said they are more likely to choose a brand they feel connected to over other choices.

      10. Invite Your Followers to Share Posts With Friends

      Whether you encourage your followers to share your content through contests or by simply asking them to, social sharing is a powerful tool. This is mainly because, unlike other forms of advertising, social sharing can grow exponentially.

      For example, what if one of your followers, who happens to have 1,000 followers of their own, shares your post? Of course, there are additional views up for grabs — not to mention what happens if each of those users shares your post too.

      This is a time-honored technique that’s tailor-made for social media. In fact, it should be foundational to your overall approach.

      11. Share User-Generated Content

      User-Generated Content (UGC) does what it says on the tin. This kind of engagement can be very exciting for loyal customers and employs simple hashtags, submission forms, and more.

      One example of UGC is Wayfair’s #wayfairathome campaign.

      ‘Wayfair’s UGC content campaign on Instagram’.

      With over 43,000 posts from users, you can see how UGC can be an effective way to fill out your content calendar and get your users excited to engage with your Instagram feed. With a concept users can get behind, it’s one of the more successful ways to build an Instagram following.

      12. Collaborate With Other Users and Brands in Your Niche

      When you reach out to collaborate with other users and brands in your niche, you can accomplish a couple of major goals.

      1. This is a good way to find a potential instagram influencer who might want to promote your business.
      2. Finding brands in your niche market not directly competing for the same customers can be mutually beneficial. You can essentially double your reach by joining forces with a complementary brand to market both products collaboratively across both feeds.

      13. Engage With Your Competitor’s Followers

      Contrary to what you may think, it’s OK to leverage your competitor’s followers. First, establish your niche and gather some valuable search data. To do this, you can use tools such as Google’s Keyword Planner or your own Instagram Insights.

      Once you know what to search for, you can begin reviewing your competitor’s feeds. The idea is to look for popular hashtags that are used by your competition’s followers and then follow their feeds. Many people have their accounts set to “auto-follow” their own new followers, which potentially means you’ll gain some new visitors.

      14. Run a Giveaway

      We’ve mentioned giveaways previously, but it’s worth dedicating more time to the concept. There are a lot of applications available to help you create and run giveaways on your Instagram account. Most require users to share the post in addition to either inviting a friend or reposting content.

      ‘The Rafflecopter giveaway app’.

      There are plenty of steps to consider here. You’ll need to set a deadline and outline the actions the user needs to take in order to be eligible, before choosing a winner.

      Overall, this method is a frontrunner for boosting shares, engagement, and visibility among your users.

      15. Pay for Sponsored Posts

      If you’re familiar with Facebook’s post-boosting options, you can achieve the same thing on Instagram. Sponsoring a post means you can pay to have it placed in feeds outside your follower list.

      This means you won’t have to create new content to sponsor. Another benefit of using this method is that you’ll also be able to choose relevant targeting criteria to make sure it’s delivered to your chosen audience. This can include age, location, and interests.

      16. Hop on Viral Trends

      Making your own version of a popular meme is a fun way to take advantage of viral trends. One example of this is the celebrity reaction to the “Dolly Parton” meme.

      ‘The viral Dolly Parton meme’.

      Celebrities took up the challenge and posted their own versions. Brands can do this too, using sites such as Digg. It’s an opportunity to demonstrate your company’s humor in a way that can remain relevant to your brand.

      17. Use Analytics to Measure Success

      Remember those SMART goals we mentioned earlier? Don’t forget to use your data to measure your success and set your sights on where to improve.

      Since it’s not really feasible to implement all of these tactics at the same time, you’ll want to monitor performance to see which ones garner the best outcomes based on your goals. You can use the built-in Insights option to collect data or try a free, third-party collection tool.

      Ready to Hone Your Social Media Strategy?

      Whether you want to increase Instagram followers, understand Facebook ads, or get more out of Twitter, we can help! Subscribe to our monthly newsletter so you never miss an article.

      Build Brand Awareness With a Successful Instagram Strategy

      As you can see, there are many tactics you can implement on Instagram to create a strategy that will gain your target market’s trust and a massive following. It might seem overwhelming, but Instagram is also fun, engaging, and worth the effort to market to users.

      A cohesive theme throughout your feed is one of the cornerstones of the strategy. Additionally, you can easily leverage concepts such as UGC, as well as collaborations with other brands in your niche, to gain followers. Ultimately, you’ll want to aim to create an attainable set of goals and make sure your tactics line up with those.

      It can be easy to lose sight of your goals once you’re in the trenches using all the tools we’ve discussed. One thing you shouldn’t have to worry about, though? Your web host. Check out our shared hosting plans today so you can focus on becoming the next Instagram sensation!

      Image credits: Instagram





      Source link

      How To Build a Hashicorp Vault Server Using Packer and Terraform on DigitalOcean [Quickstart]


      Introduction

      Vault, by Hashicorp, is an open-source tool for securely storing secrets and sensitive data in dynamic cloud environments. Packer and Terraform, also developed by Hashicorp, can be used together to create and deploy images of Vault.

      In this tutorial, you’ll use Packer to create an immutable snapshot of the system with Vault installed, and orchestrate its deployment using Terraform.

      For a more detailed version of this tutorial, please refer to How To Build a Hashicorp Vault Server Using Packer and Terraform on DigitalOcean.

      Prerequisites

      • Packer installed on your local machine. For instructions, visit the official documentation.
      • Terraform installed on your local machine. Visit the official documentation for a guide.
      • A personal access token (API key) with read and write permissions for your DigitalOcean account. Visit How to Create a Personal Access Token to create one.
      • An SSH key you’ll use to authenticate with the deployed Vault Droplets, available on your local machine and added to your DigitalOcean account. You’ll also need its fingerprint, which you can copy from the Security page of your account once you’ve added it. See the DigitalOcean documentation for detailed instructions or the How To Set Up SSH Keys tutorial.

      Step 1 — Creating a Packer Template

      Create and move into the ~/vault-orchestration directory to store your Vault files:

      • mkdir ~/vault-orchestration
      • cd ~/vault-orchestration

      Create separate directories for Packer and Terraform configuration by running:

      Navigate to the Packer directory:

      Using Template Variables

      Create a variables.json in your packer subdirectory to store your private variable data:

      Add the following lines:

      ~/vault-orchestration/packer/variables.json

      {
        "do_token": "your_do_api_key",
        "base_system_image": "ubuntu-18-04-x64",
        "region": "nyc3",
        "size": "s-1vcpu-1gb"
      }
      

      You’ll use these variables in the template you are about to create. You can edit the base image, region, and Droplet size values according to the developer docs.

      Replace your_do_api_key with your API key, then save and close the file.

      Creating Builders and Provisioners

      Create your Packer template for Vault in a file named template.json:

      Add the following lines:

      ~/vault-orchestration/packer/template.json

      {
         "builders": [{
             "type": "digitalocean",
             "api_token": "{{user `do_token`}}",
             "image": "{{user `base_system_image`}}",
             "region": "{{user `region`}}",
             "size": "{{user `size`}}",
             "ssh_username": "root"
         }],
         "provisioners": [{
             "type": "shell",
             "inline": [
                 "sleep 30",
                 "sudo apt-get update",
                 "sudo apt-get install unzip -y",
                 "curl -L https://releases.hashicorp.com/vault/1.3.2/vault_1.3.2_linux_amd64.zip -o vault.zip",
                 "unzip vault.zip",
                 "sudo chown root:root vault",
                 "mv vault /usr/local/bin/",
                 "rm -f vault.zip"
             ]
      }]
      }
      

      You define a single digitalocean builder. Packer will create a temporary Droplet of the defined size, image, and region using the provided API key.

      The provisioner will connect to it using SSH with the specified username and will sequentially execute all defined provisioners before creating a DigitalOcean Snapshot from the Droplet and deleting it.

      It’s of type shell, which will execute given commands on the target. The commands in the template will wait 30 seconds for the system to boot up, and will then download and unpack Vault 1.3.2. Check the official Vault download page for the most up-to-date version for Linux.

      Save and close the file.

      Verify the validity of your template:

      • packer validate -var-file=variables.json template.json

      You’ll see the following output:

      Output

      Template validated successfully.

      Step 2 — Building the Snapshot

      Build your snapshot with the Packer build command:

      • packer build -var-file=variables.json template.json

      You’ll see a lot of output, which will look like this:

      Output

      digitalocean: output will be in this color. ==> digitalocean: Creating temporary ssh key for droplet... ==> digitalocean: Creating droplet... ==> digitalocean: Waiting for droplet to become active... ==> digitalocean: Using ssh communicator to connect: ... ==> digitalocean: Waiting for SSH to become available... ==> digitalocean: Connected to SSH! ==> digitalocean: Provisioning with shell script: /tmp/packer-shell035430322 ... ==> digitalocean: % Total % Received % Xferd Average Speed Time Time Time Current ==> digitalocean: Dload Upload Total Spent Left Speed digitalocean: Archive: vault.zip ==> digitalocean: 100 45.5M 100 45.5M 0 0 154M 0 --:--:-- --:--:-- --:--:-- 153M digitalocean: inflating: vault ==> digitalocean: Gracefully shutting down droplet... ==> digitalocean: Creating snapshot: packer-1581537927 ==> digitalocean: Waiting for snapshot to complete... ==> digitalocean: Destroying droplet... ==> digitalocean: Deleting temporary ssh key... Build 'digitalocean' finished. ==> Builds finished. The artifacts of successful builds are: --> digitalocean: A snapshot was created: 'packer-1581537927' (ID: 58230938) in regions '...'

      The last line contains the name of the snapshot (such as packer-1581537927) and its ID in parentheses, highlighted here. Note your ID of the snapshot, because you’ll need it in the next step.

      If the build process fails due to API errors, wait a few minutes and then retry.

      Step 3 — Writing Terraform Configuration

      Navigate to the terraform subdirectory:

      • cd ~/vault-orchestration/terraform

      Create a file named do-provider.tf to store the provider:

      Add the following lines:

      ~/vault-orchestration/terraform/do-provider.tf

      variable "do_token" {
      }
      
      variable "ssh_fingerprint" {
      }
      
      variable "instance_count" {
      default = "1"
      }
      
      variable "do_snapshot_id" {
      }
      
      variable "do_name" {
      default = "vault"
      }
      
      variable "do_region" {
      }
      
      variable "do_size" {
      }
      
      variable "do_private_networking" {
      default = true
      }
      
      provider "digitalocean" {
      token = var.do_token
      }
      

      This file provides the digitalocean provider with an API key. To specify the values of these variables you’ll create a variable definitions file similarly to Packer. The filename must end in either .tfvars or .tfvars.json.

      Save and close the file.

      Create a variable definitions file:

      Add the following lines:

      ~/vault-orchestration/terraform/definitions.tf

      do_token         = "your_do_api_key"
      ssh_fingerprint  = "your_ssh_key_fingerprint"
      do_snapshot_id   = your_do_snapshot_id
      do_name          = "vault"
      do_region        = "nyc3"
      do_size          = "s-1vcpu-1gb"
      instance_count   = 1
      

      Replace your_do_api_key, your_ssh_key_fingerprint, and your_do_snapshot_id (the snapshot ID you noted from the previous step). The do_region and do_size parameters must have the same values as in the Packer variables file.

      Save and close the file.

      Create the following file to store the Vault snapshot deployment configuration:

      Add the following lines:

      ~/vault-orchestration/terraform/deployment.tf

      resource "digitalocean_droplet" "vault" {
      count              = var.instance_count
      image              = var.do_snapshot_id
      name               = var.do_name
      region             = var.do_region
      size               = var.do_size
      private_networking = var.do_private_networking
      ssh_keys = [
        var.ssh_fingerprint
      ]
      }
      
      output "instance_ip_addr" {
      value = {
        for instance in digitalocean_droplet.vault:
        instance.id => instance.ipv4_address
      }
      description = "The IP addresses of the deployed instances, paired with their IDs."
      }
      

      You define a single resource of the type digitalocean_droplet named vault. You set its parameters according to the variable values and add an SSH key (using its fingerprint) from your DigitalOcean account to the Droplet resource. You output the IP addresses of all newly deployed instances to the console.

      Save and close the file.

      Initialize the directory as a Terraform project:

      You’ll see the following output:

      Output

      Initializing the backend... Initializing provider plugins... The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, it is recommended to add version = "..." constraints to the corresponding provider blocks in configuration, with the constraint strings suggested below. * provider.digitalocean: version = "~> 1.14" Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.

      Step 4 — Deploying Vault Using Terraform

      Test the validity of your configuration:

      You’ll see the following output:

      Output

      Success! The configuration is valid.

      Run the plan command to see what Terraform will attempt when it comes to provision the infrastructure:

      • terraform plan -var-file="definitions.tfvars"

      The output will look similar to:

      Output

      Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ------------------------------------------------------------------------ An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # digitalocean_droplet.vault[0] will be created + resource "digitalocean_droplet" "vault" { ... } Plan: 1 to add, 0 to change, 0 to destroy. ------------------------------------------------------------------------ Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run.

      Execute the plan:

      • terraform apply -var-file="definitions.tfvars"

      The Droplet will finish provisioning and you’ll see output similar to this:

      Output

      An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: + digitalocean_droplet.vault-droplet ... Plan: 1 to add, 0 to change, 0 to destroy. ... digitalocean_droplet.vault-droplet: Creating... ... Apply complete! Resources: 1 added, 0 changed, 0 destroyed. Outputs: instance_ip_addr = { "181254240" = "your_new_server_ip" }

      Step 5 — Verifying Your Deployed Droplet

      Run the following to connect to your new Droplet:

      Once you are logged in, run Vault with:

      You’ll see its “help” output:

      Output

      Usage: vault <command> [args] Common commands: read Read data and retrieves secrets write Write data, configuration, and secrets delete Delete secrets and configuration list List data or secrets login Authenticate locally agent Start a Vault agent server Start a Vault server status Print seal and HA status unwrap Unwrap a wrapped secret Other commands: audit Interact with audit devices auth Interact with auth methods debug Runs the debug command kv Interact with Vault's Key-Value storage lease Interact with leases namespace Interact with namespaces operator Perform operator-specific tasks path-help Retrieve API help for paths plugin Interact with Vault plugins and catalog policy Interact with policies print Prints runtime configurations secrets Interact with secrets engines ssh Initiate an SSH session token Interact with tokens

      Conclusion

      You now have an automated system for deploying Hashicorp Vault on DigitalOcean Droplets using Terraform and Packer. To start using Vault, you’ll need to initialize it and further configure it. For instructions on how to do that, visit the official docs.

      For more tutorials using Terraform, check out our Terraform content page.



      Source link

      How To Build a Hashicorp Vault Server Using Packer and Terraform on DigitalOcean


      The author selected the Free and Open Source Fund to receive a donation as part of the Write for DOnations program.

      Introduction

      Vault, by Hashicorp, is an open-source tool for securely storing secrets and sensitive data in dynamic cloud environments. It provides strong data encryption, identity-based access using custom policies, and secret leasing and revocation, as well as a detailed audit log that is recorded at all times. Vault also features a HTTP API, making it the ideal choice for storing credentials in scattered service-oriented deployments, such as Kubernetes.

      Packer and Terraform, also developed by Hashicorp, can be used together to create and deploy images of Vault. Within this workflow, developers can use Packer to write immutable images for different platforms from a single configuration file, which specifies what the image should contain. Terraform will then deploy as many customized instances of the created images as needed.

      In this tutorial, you’ll use Packer to create an immutable snapshot of the system with Vault installed, and orchestrate its deployment using Terraform. In the end, you’ll have an automated system for deploying Vault in place, allowing you to focus on working with Vault itself, and not on the underlying installation and provisioning process.

      Prerequisites

      • Packer installed on your local machine. For instructions, visit the official documentation.
      • Terraform installed on your local machine. Visit the official documentation for a guide.
      • A personal access token (API key) with read and write permissions for your DigitalOcean account. To learn how to create one, visit How to Create a Personal Access Token from the docs.
      • An SSH key you’ll use to authenticate with the deployed Vault Droplets, available on your local machine and added to your DigitalOcean account. You’ll also need its fingerprint, which you can copy from the Security page of your account once you’ve added it. See the DigitalOcean documentation for detailed instructions or the How To Set Up SSH Keys tutorial.

      Step 1 — Creating a Packer Template

      In this step, you will write a Packer configuration file, called a template, that will instruct Packer on how to build an image that contains Vault pre-installed. You’ll be writing the configuration in JSON format, a commonly used human-readable configuration file format.

      For the purposes of this tutorial, you’ll store all files under ~/vault-orchestration. Create the directory by running the following command:

      • mkdir ~/vault-orchestration

      Navigate to it:

      You’ll store config files for Packer and Terraform separately, in different subdirectories. Create them using the following command:

      Because you’ll first be working with Packer, navigate to its directory:

      Using Template Variables

      Storing private data and application secrets in a separate variables file is the ideal way of keeping them out of your template. When building the image, Packer will substitute the referenced variables with their values. Hard coding secret values into your template is a security risk, especially if it’s going to be shared with team members or put up on public sites, such as GitHub.

      You’ll store them in the packer subdirectory, in a file called variables.json. Create it using your favorite text editor:

      Add the following lines:

      ~/vault-orchestration/packer/variables.json

      {
          "do_token": "your_do_api_key",
          "base_system_image": "ubuntu-18-04-x64",
          "region": "nyc3",
          "size": "s-1vcpu-1gb"
      }
      

      The variables file consists of a JSON dictionary, which maps variable names to their values. You’ll use these variables in the template you are about to create. If you wish, you can edit the base image, region, and Droplet size values according to the developer docs.

      Remember to replace your_do_api_key with your API key you created as part of the prerequisites, then save and close the file.

      Creating Builders and Provisioners

      With the variables file ready, you’ll now create the Packer template itself.

      You’ll store the Packer template for Vault in a file named template.json. Create it using your text editor:

      Add the following lines:

      ~/vault-orchestration/packer/template.json

      {
           "builders": [{
               "type": "digitalocean",
               "api_token": "{{user `do_token`}}",
               "image": "{{user `base_system_image`}}",
               "region": "{{user `region`}}",
               "size": "{{user `size`}}",
               "ssh_username": "root"
           }],
           "provisioners": [{
               "type": "shell",
               "inline": [
                   "sleep 30",
                   "sudo apt-get update",
                   "sudo apt-get install unzip -y",
                   "curl -L https://releases.hashicorp.com/vault/1.3.2/vault_1.3.2_linux_amd64.zip -o vault.zip",
                   "unzip vault.zip",
                   "sudo chown root:root vault",
                   "mv vault /usr/local/bin/",
                   "rm -f vault.zip"
               ]
          }]
      }
      

      In the template, you define arrays of builders and provisioners. Builders tell Packer how to build the system image (according to their type) and where to store it, while provisioners contain sets of actions Packer should perform on the system before turning it into an immutable image, such as installing or configuring software. Without any provisioners, you would end up with an untouched base system image. Both builders and provisioners expose parameters for further work flow customization.

      You first define a single builder of the type digitalocean, which means that when ordered to build an image, Packer will use the provided parameters to create a temporary Droplet of the defined size using the provided API key, with the specified base system image and in the specified region. The format for fetching a variable is {{user 'variable_name'}}, where the highlighted part is its name.

      When the temporary Droplet is provisioned, the provisioner will connect to it using SSH with the specified username, and will sequentially execute all defined provisioners before creating a DigitalOcean Snapshot from the Droplet and deleting it.

      It’s of type shell, which will execute given commands on the target. Commands can be specified either inline, as an array of strings, or defined in separate script files if inserting them into the template becomes unwieldy due to size. The commands in the template will wait 30 seconds for the system to boot up, and will then download and unpack Vault 1.3.2. Check the official Vault download page and replace the link in the commands with a newer version for Linux, if available.

      When you’re done, save and close the file.

      To verify the validity of your template, run the following command:

      • packer validate -var-file=variables.json template.json

      Packer accepts a path to the variables file via the -var-file argument.

      You’ll see the following output:

      Output

      Template validated successfully.

      If you get an error, Packer will specify exactly where it occurred, so you’ll be able to correct it.

      You now have a working template that produces an image with Vault installed, with your API key and other parameters defined in a separate file. You’re now ready to invoke Packer and build the snapshot.

      Step 2 — Building the Snapshot

      In this step, you’ll build a DigitalOcean Snapshot from your template using the Packer build command.

      To build your snapshot, run the following command:

      • packer build -var-file=variables.json template.json

      This command will take some time to finish. You’ll see a lot of output, which will look like this:

      Output

      digitalocean: output will be in this color. ==> digitalocean: Creating temporary ssh key for droplet... ==> digitalocean: Creating droplet... ==> digitalocean: Waiting for droplet to become active... ==> digitalocean: Using ssh communicator to connect: ... ==> digitalocean: Waiting for SSH to become available... ==> digitalocean: Connected to SSH! ==> digitalocean: Provisioning with shell script: /tmp/packer-shell035430322 ... ==> digitalocean: % Total % Received % Xferd Average Speed Time Time Time Current ==> digitalocean: Dload Upload Total Spent Left Speed digitalocean: Archive: vault.zip ==> digitalocean: 100 45.5M 100 45.5M 0 0 154M 0 --:--:-- --:--:-- --:--:-- 153M digitalocean: inflating: vault ==> digitalocean: Gracefully shutting down droplet... ==> digitalocean: Creating snapshot: packer-1581537927 ==> digitalocean: Waiting for snapshot to complete... ==> digitalocean: Destroying droplet... ==> digitalocean: Deleting temporary ssh key... Build 'digitalocean' finished. ==> Builds finished. The artifacts of successful builds are: --> digitalocean: A snapshot was created: 'packer-1581537927' (ID: 58230938) in regions '...'

      Packer logs all the steps it took while building your template. The last line contains the name of the snapshot (such as packer-1581537927) and its ID in parentheses, marked in red. Note your ID of the snapshot, because you’ll need it in the next step.

      If the build process fails due to API errors, wait a few minutes and then retry.

      You’ve built a DigitalOcean Snapshot according to your template. The snapshot has Vault pre-installed, and you can now deploy Droplets with it as their system image. In the next step, you’ll write Terraform configuration for automating such deployments.

      Step 3 — Writing Terraform Configuration

      In this step, you’ll write Terraform configuration for automating Droplet deployments of the snapshot containing the Vault you just built using Packer.

      Before writing actual Terraform configuration for deploying Vault from the previously built snapshot, you’ll first need to configure the DigitalOcean provider for it. Navigate to the terraform subdirectory by running:

      • cd ~/vault-orchestration/terraform

      Then, create a file named do-provider.tf, where you’ll store the provider:

      Add the following lines:

      ~/vault-orchestration/terraform/do-provider.tf

      variable "do_token" {
      }
      
      variable "ssh_fingerprint" {
      }
      
      variable "instance_count" {
        default = "1"
      }
      
      variable "do_snapshot_id" {
      }
      
      variable "do_name" {
        default = "vault"
      }
      
      variable "do_region" {
      }
      
      variable "do_size" {
      }
      
      variable "do_private_networking" {
        default = true
      }
      
      provider "digitalocean" {
        token = var.do_token
      }
      

      This file declares parameter variables and provides the digitalocean provider with an API key. You’ll later use these variables in your Terraform template, but you’ll first need to specify their values. For that purpose, Terraform supports specifying variable values in a variable definitions file similarly to Packer. The filename must end in either .tfvars or .tfvars.json. You’ll later pass that file to Terraform using the -var-file argument.

      Save and close the file.

      Create a variable definitions file called definitions.tfvars using your text editor:

      Add the following lines:

      ~/vault-orchestration/terraform/definitions.tf

      do_token         = "your_do_api_key"
      ssh_fingerprint  = "your_ssh_key_fingerprint"
      do_snapshot_id   = your_do_snapshot_id
      do_name          = "vault"
      do_region        = "nyc3"
      do_size          = "s-1vcpu-1gb"
      instance_count   = 1
      

      Remember to replace your_do_api_key, your_ssh_key_fingerprint, and your_do_snapshot_id with your account API key, the fingerprint of your SSH key, and the snapshot ID you noted from the previous step, respectively. The do_region and do_size parameters must have the same values as in the Packer variables file. If you want to deploy multiple instances at once, adjust instance_count to your desired value.

      When finished, save and close the file.

      For more information on the DigitalOcean Terraform provider, visit the official docs.

      You’ll store the Vault snapshot deployment configuration in a file named deployment.tf, under the terraform directory. Create it using your text editor:

      Add the following lines:

      ~/vault-orchestration/terraform/deployment.tf

      resource "digitalocean_droplet" "vault" {
        count              = var.instance_count
        image              = var.do_snapshot_id
        name               = var.do_name
        region             = var.do_region
        size               = var.do_size
        private_networking = var.do_private_networking
        ssh_keys = [
          var.ssh_fingerprint
        ]
      }
      
      output "instance_ip_addr" {
        value = {
          for instance in digitalocean_droplet.vault:
          instance.id => instance.ipv4_address
        }
        description = "The IP addresses of the deployed instances, paired with their IDs."
      }
      

      Here you define a single resource of the type digitalocean_droplet named vault. Then, you set its parameters according to the variable values and add a SSH key (using its fingerprint) from your DigitalOcean account to the Droplet resource. Finally, you output the IP addresses of all newly deployed instances to the console.

      Save and close the file.

      Before doing anything else with your deployment configuration, you’ll need to initialize the directory as a Terraform project:

      You’ll see the following output:

      Output

      Initializing the backend... Initializing provider plugins... The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, it is recommended to add version = "..." constraints to the corresponding provider blocks in configuration, with the constraint strings suggested below. * provider.digitalocean: version = "~> 1.14" Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.

      When initializing a directory as a project, Terraform reads the available configuration files and downloads plugins deemed necessary, as logged in the output.

      You now have Terraform configuration for deploying your Vault snapshot ready. You can now move on to validating it and deploying it on a Droplet.

      Step 4 — Deploying Vault Using Terraform

      In this section, you’ll verify your Terraform configuration using the validate command. Once it verifies successfully, you’ll apply it and deploy a Droplet as a result.

      Run the following command to test the validity of your configuration:

      You’ll see the following output:

      Output

      Success! The configuration is valid.

      Next, run the plan command to see what Terraform will attempt when it comes to provision the infrastructure according to your configuration:

      • terraform plan -var-file="definitions.tfvars"

      Terraform accepts a variable definitions file via the -var-file parameter.

      The output will look similar to:

      Output

      Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ------------------------------------------------------------------------ An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # digitalocean_droplet.vault[0] will be created + resource "digitalocean_droplet" "vault" { ... } Plan: 1 to add, 0 to change, 0 to destroy. ------------------------------------------------------------------------ Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run.

      The green + on the beginning of the resource "digitalocean_droplet" "vault" line means that Terraform will create a new Droplet called vault, using the parameters that follow. This is correct, so you can now execute the plan by running terraform apply:

      • terraform apply -var-file="definitions.tfvars"

      Enter yes when prompted. After a few minutes, the Droplet will finish provisioning and you’ll see output similar to this:

      Output

      An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: + digitalocean_droplet.vault-droplet ... Plan: 1 to add, 0 to change, 0 to destroy. ... digitalocean_droplet.vault-droplet: Creating... ... Apply complete! Resources: 1 added, 0 changed, 0 destroyed. Outputs: instance_ip_addr = { "181254240" = "your_new_server_ip" }

      In the output, Terraform logs what actions it has performed (in this case, to create a Droplet) and displays its public IP address at the end. You’ll use it to connect to your new Droplet in the next step.

      You have created a new Droplet from the snapshot containing Vault and are now ready to verify it.

      Step 5 — Verifying Your Deployed Droplet

      In this step, you’ll access your new Droplet using SSH and verify that Vault was installed correctly.

      If you are on Windows, you can use software such as Kitty or Putty to connect to the Droplet with an SSH key.

      On Linux and macOS machines, you can use the already available ssh command to connect:

      Answer yes when prompted. Once you are logged in, run Vault by executing:

      You’ll see its “help” output, which looks like this:

      Output

      Usage: vault <command> [args] Common commands: read Read data and retrieves secrets write Write data, configuration, and secrets delete Delete secrets and configuration list List data or secrets login Authenticate locally agent Start a Vault agent server Start a Vault server status Print seal and HA status unwrap Unwrap a wrapped secret Other commands: audit Interact with audit devices auth Interact with auth methods debug Runs the debug command kv Interact with Vault's Key-Value storage lease Interact with leases namespace Interact with namespaces operator Perform operator-specific tasks path-help Retrieve API help for paths plugin Interact with Vault plugins and catalog policy Interact with policies print Prints runtime configurations secrets Interact with secrets engines ssh Initiate an SSH session token Interact with tokens

      You can quit the connection by typing exit.

      You have now verified that your newly deployed Droplet was created from the snapshot you made, and that Vault is installed correctly.

      Conclusion

      You now have an automated system for deploying Hashicorp Vault on DigitalOcean Droplets using Terraform and Packer. You can now deploy as many Vault servers as you need. To start using Vault, you’ll need to initialize it and further configure it. For instructions on how to do that, visit the official docs.

      For more tutorials using Terraform, check out our Terraform content page.



      Source link