Skip to content

EntropyGuru/OpenShiftWorkshop

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 

Repository files navigation

OpenShift Origin Deployment Template

OpenShift Origin 3.9 with Username / Password

To view all the default templates, please select from the openshift project.

This template deploys OpenShift Origin with basic username / password for authentication to OpenShift. This uses CentOS and includes the following resources:

Resource Properties
Virtual Network Address prefix: 10.0.0.0/8
Master subnet: 10.1.0.0/16
Node subnet: 10.2.0.0/16
Master Load Balancer 2 probes and 2 rules for TCP 443 and TCP 9090
NAT rules for SSH on Ports 2200-220X
Infra Load Balancer 3 probes and 3 rules for TCP 80, TCP 443 and TCP 9090
Public IP Addresses OpenShift Master public IP attached to Master Load Balancer
OpenShift Router public IP attached to Infra Load Balancer
Storage Accounts
Unmanaged Disks
1 Storage Account for Master VMs
1 Storage Account for Infra VMs
2 Storage Accounts for Node VMs
2 Storage Accounts for Diagnostics Logs
1 Storage Account for Private Docker Registry
1 Storage Account for Persistent Volumes
Storage Accounts
Managed Disks
2 Storage Accounts for Diagnostics Logs
1 Storage Account for Private Docker Registry
Network Security Groups 1 Network Security Group Master VMs
1 Network Security Group for Infra VMs
1 Network Security Group for Node VMs
Availability Sets 1 Availability Set for Master VMs
1 Availability Set for Infra VMs
1 Availability Set for Node VMs
Virtual Machines 1, 3 or 5 Masters. First Master is used to run Ansible Playbook to install OpenShift
1, 2 or 3 Infra nodes
User-defined number of Nodes (1 to 30)
All VMs include a single attached data disk for Docker thin pool logical volume

If you have a Red Hat subscription and would like to deploy an OpenShift Container Platform (formerly OpenShift Enterprise) cluster, please visit: https://github.com/Microsoft/openshift-container-platform

Prerequisites

Generate SSH Keys

You'll need to generate a pair of SSH keys in order to provision this template. Ensure that you do NOT include a passphrase with the private key.

If you are using a Windows computer, you can download puttygen.exe. You will need to export to OpenSSH (from Conversions menu) to get a valid Private Key for use in the Template.

From a Linux or Mac, you can just use the ssh-keygen command. Once you are finished deploying the cluster, you can always generate new keys that uses a passphrase and replace the original ones used during inital deployment.

Create Key Vault to store SSH Private Key

You will need to create a Key Vault to store your SSH Private Key that will then be used as part of the deployment.

Create Key Vault using Azure CLI 2.0
a. Create new Resource Group: az group create -n <name> -l <location>
Ex: az group create -n ResourceGroupName -l 'North Europe'
b. Create Key Vault: az keyvault create -n <vault-name> -g <resource-group> -l <location> --enabled-for-template-deployment true
Ex: az keyvault create -n KeyVaultName -g ResourceGroupName -l 'North Europe' --enabled-for-template-deployment true
c. Create Secret: az keyvault secret set --vault-name <vault-name> -n <secret-name> --file <private-key-file-name>
Ex: az keyvault secret set --vault-name KeyVaultName -n SecretName --file ~/.ssh/id_rsa

Generate Azure Active Directory (AAD) Service Principal

To configure Azure as the Cloud Provider for OpenShift Container Platform, you will need to create an Azure Active Directory Service Principal. The easiest way to perform this task is via the Azure CLI. Below are the steps for doing this.

Assigning permissions to the entire Subscription is the easiest method but does give the Service Principal permissions to all resources in the Subscription. Assigning permissions to only the Resource Group is the most secure as the Service Principal is restricted to only that one Resource Group.

Azure CLI 2.0

Create Service Principal and assign permissions to Subscription
az ad sp create-for-rbac -n <friendly name> --role contributor --scopes /subscriptions/<subscription_id>
Ex: az ad sp create-for-rbac -n openshiftcloudprovider --role contributor --scopes /subscriptions/555a123b-1234-5ccc-defgh-6789abcdef01

You will get an output similar to:

{
  "appId": "2c8c6a58-44ac-452e-95d8-a790f6ade583",
  "displayName": "openshiftcloudprovider",
  "name": "http://openshiftcloudprovider",
  "password": "Pass@word1",
  "tenant": "12a345bc-1234-dddd-12ab-34cdef56ab78"
}

The appId is used for the aadClientId parameter.

azuredeploy.Parameters.json File Explained

Property Description Valid options Default value
_artifactsLocation The base URL where artifacts required by this template are located. If you are using your own fork of the repo and want the deployment to pick up artifacts from your fork, update this value appropriately (user and branch), for example, change from https://raw.githubusercontent.com/Microsoft/openshift-origin/master/ to https://raw.githubusercontent.com/YourUser/openshift-origin/YourBranch/
masterVmSize Size of the Master VM. Select from one of the allowed VM sizes listed in the azuredeploy.json file
infraVmSize Size of the Infra VM. Select from one of the allowed VM sizes listed in the azuredeploy.json file
nodeVmSize Size of the Node VM. Select from one of the allowed VM sizes listed in the azuredeploy.json file
storageKind The type of storage to be used. - "managed"
- "unmanaged"
openshiftClusterPrefix Cluster Prefix used to configure hostnames for all nodes - master, infra and nodes. Between 1 and 20 characters
masterInstanceCount Number of Masters nodes to deploy
infraInstanceCount Number of infra nodes to deploy
nodeInstanceCount Number of Nodes to deploy
dataDiskSize Size of data disk to attach to nodes for Docker volume. - 32 GB
- 64 GB
- 128 GB
- 256 GB
- 512 GB
- 1024 GB
- 2048 GB
adminUsername Admin username for both OS login and OpenShift login
openshiftPassword Password for OpenShift login
enableMetrics Enable Metrics - "true"
- "false
enableLogging Enable Logging - "true"
- "false
sshPublicKey Copy your SSH Public Key here
keyVaultResourceGroup The name of the Resource Group that contains the Key Vault
keyVaultName The name of the Key Vault you created
keyVaultSecret The Secret Name you used when creating the Secret (that contains the Private Key)
enableAzure Enable Azure Cloud Provider - "true"
- "false
aadClientId Azure Active Directory Client ID also known as Application ID for Service Principal
aadClientSecret Azure Active Directory Client Secret for Service Principal
defaultSubDomainType This will either be nipio (if you don't have your own domain) or custom if you have your own domain that you would like to use for routing
defaultSubDomain The wildcard DNS name you would like to use for routing if you selected custom above. If you selected nipio above, then this field will be ignored

Deploy Template

Once you have collected all of the prerequisites for the template, you can deploy the template by populating the azuredeploy.parameters.local.json file and executing Resource Manager deployment commands with PowerShell or the CLI.

For Azure CLI 2.0, sample commands:

az group create --name OpenShiftTestRG --location northeurope

while in the folder where your local fork resides

az group deployment create --name 1-node-1 --resource-group OpenShiftTestRG --template-file azuredeploy.json --parameters @azuredeploy.parameters.json --no-wait

Monitor deployment via CLI or Portal and get the console URL from outputs of successful deployment which will look something like (if using sample parameters file and "North Europe" location):

https://me-master1.northeurope.cloudapp.azure.com/console

The cluster will use self-signed certificates. Accept the warning and proceed to the login page.

If you chose to deploy metrics and / or logging, make sure you select an appropriate VM size (i.e. the Standard_DS2_v2 is too small). Also, the deployment will take longer as extra time is needed for the additional playbooks to run.

NOTE

The OpenShift Ansible playbook does take a while to run when using VMs backed by Standard Storage. VMs backed by Premium Storage are faster. If you want Premimum Storage, select a DS or GS series VM.


Be sure to follow the OpenShift instructions to create the necessary DNS entry for the OpenShift Router for access to applications.

Post-Deployment Operations

Additional OpenShift Configuration Options

You can configure additional settings per the official OpenShift Origin Documentation.

Few options you have

  1. Deployment Output a. openshiftConsoleUrl the openshift console url
    b. openshiftMasterSsh ssh command for master node
    c. openshiftNodeLoadBalancerFQDN node load balancer
  2. Get the deployment output data a. portal.azure.com -> choose 'Resource groups' select your group select 'Deployments' and there the deployment 'Microsoft.Template'. As output from the deployment it contains information about the openshift console url, ssh command and load balancer url.
    b. With the Azure CLI :
    az group deployment list -g <resource group name>
  3. Add additional users. you can find much detail about this in the openshift.org documentation under 'Cluster Administration' and 'Managing Users'. This installation uses htpasswd as the identity provider. To add more users, ssh in to each master node and execute following command:
    sudo htpasswd /etc/origin/master/htpasswd user1

now this user can login with the 'oc' CLI tool or the openshift console url

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors