terraform/examples/azure-openshift-origin/README.md

115 lines
7.8 KiB
Markdown
Raw Normal View History

provider/azurerm: Example of Openshift origin (#15294) * initial commit - 101-vm-from-user-image * changed branch name * not deploying - storage problems * provisions vm but image not properly prepared * storage not correct * provisions properly * changed main.tf to azuredeploy.tf * added tfvars and info for README * tfvars ignored and corrected file ext * added CI config; added sane defaults for variables; updated deployment script, added mac specific deployment for local testing * deploy.sh to be executable * executable deploy files * added CI files; changed vars * prep for PR * removal of old folder * prep for PR * wrong args for travis * more PR prep * updated README * commented out variables in terraform.tfvars * Topic 101 vm from user image (#2) * initial commit - 101-vm-from-user-image * added tfvars and info for README * added CI config; added sane defaults for variables; updated deployment script, added mac specific deployment for local testing * prep for PR * added new template * oops, left off master * prep for PR * correct repository for destination * renamed scripts to be more intuitive; added check for docker * merge vm simple; vm from image * initial commit * deploys locally * updated deploy * consolidated deploy and after_deploy into a single script; simplified ci process; added os_profile_linux_config * added terraform show * changed to allow http & https (like ARM tmplt) * changed host_name & host_name variable desc * added az cli check * on this branch, only build test_dir; master will aggregate all the examples * merge master * added new constructs/naming for deploy scripts, etc. * suppress az login output * suppress az login output * forgot about line breaks * breaking build as an example * fixing broken build example * merge of CI config * fixed grammar in readme * prep for PR * took out armviz button and minor README changes * changed host_name * fixed merge conflicts * changed host_name variable * updating Hashicorp's changes to merged simple linux branch * updating files to merge w/master and prep for Hashicorp pr * Revert "updating files to merge w/master and prep for Hashicorp pr" This reverts commit b850cd5d2a858eff073fc5a1097a6813d0f8b362. * Revert "updating Hashicorp's changes to merged simple linux branch" This reverts commit dbaf8d14a9cdfcef0281919671357f6171ebd4e6. * removing vm from user image example from this branch * removed old branch * azure-2-vms-loadbalancer-lbrules (#13) * initial commit * need to change lb_rule & nic * deploys locally * updated README * updated travis and deploy scripts for Hari's repo * renamed deploy script * clean up * prep for PR * updated readme * fixing conflict in .travis.yml * add CI build tag * initial commit; in progress * in progress; merged Hashicorp master into this branch * in progress * in progress; created nsg * added vars to deploy; added vnet * chmod on deploy * edited vars * added var in travis * added var * added var to deploy * added storage accounts * fixed storage typos * removed storage tags * added PIPs * changed dns name vars * corrected PIP naming convention * added availability sets * added master-lb & rules * added infra lb & rules * added nics * added VMs, ready for VM extensions, can modularize in the future * added vm exts.; nsg is possibly broken; can't ssh * in progress * master ext succeeds * in progress, infra and nodes exts not succeeding * infra and node extensions fail * provisions with extensions * disabled password auth; ssh config added * changed ssh key vars * adding ssh var to deploy * commenting out validation * in progress; building openshift ext * troubleshooting openshift deploy script * changed vm names; added container * increased os disk size * in progress; troubleshooting deploy opnshft script * Updated the readme * updated deployment scripts; cleaned up variables, use remote-exec * more variable cleanup * more cleanup * simplified password; got rid of a needless comment * merge conflicts resolved
2017-06-15 18:26:59 +02:00
# OpenShift Origin Deployment Template
This Terraform template was based on [this](https://github.com/Microsoft/openshift-origin) Azure Quickstart Template. Changes to the ARM template that may have occurred since the creation of this example may not be reflected here.
## OpenShift Origin with Username / Password
Current template deploys OpenShift Origin 1.5 RC0.
This template deploys OpenShift Origin with basic username / password for authentication to OpenShift. You can select to use either CentOS or RHEL for the OS. It includes the following resources:
|Resource |Properties |
|-------------------|------------------------------------------------------------------------------------------------------------------------------------|
|Virtual Network |**Address prefix:** 10.0.0.0/16<br />**Master subnet:** 10.0.0.0/24<br />**Node subnet:** 10.0.1.0/24 |
|Load Balancer |2 probes and two rules for TCP 80 and TCP 443 |
|Public IP Addresses|OpenShift Master public IP<br />OpenShift Router public IP attached to Load Balancer |
|Storage Accounts |2 Storage Accounts |
|Virtual Machines |Single master<br />User-defined number of nodes<br />All VMs include a single attached data disk for Docker thin pool logical volume|
If you have a Red Hat subscription and would like to deploy an OpenShift Container Platform (formerly OpenShift Enterprise) cluster, please visit: https://github.com/Microsoft/openshift-container-platform
### Generate SSH Keys
You'll need to generate an SSH key pair in order to provision this template. Ensure that you do not include a passcode with the private key. <br/>
If you are using a Windows computer, you can download `puttygen.exe`. You will need to export to OpenSSH (from Conversions menu) to get a valid Private Key for use in the Template.<br/>
From a Linux or Mac, you can just use the `ssh-keygen` command. Once you are finished deploying the cluster, you can always generate a new key pair that uses a passphrase and replaces the original one used during initial deployment.
### Create Key Vault to store SSH Private Key
You will need to create a Key Vault to store your SSH Private Key that will then be used as part of the deployment.
1. **Create Key Vault using Powershell**<br/>
a. Create new resource group: New-AzureRMResourceGroup -Name 'ResourceGroupName' -Location 'West US'<br/>
b. Create key vault: New-AzureRmKeyVault -VaultName 'KeyVaultName' -ResourceGroup 'ResourceGroupName' -Location 'West US'<br/>
c. Create variable with sshPrivateKey: $securesecret = ConvertTo-SecureString -String '[copy ssh Private Key here - including line feeds]' -AsPlainText -Force<br/>
d. Create Secret: Set-AzureKeyVaultSecret -Name 'SecretName' -SecretValue $securesecret -VaultName 'KeyVaultName'<br/>
e. Enable the Key Vault for Template Deployments: Set-AzureRmKeyVaultAccessPolicy -VaultName 'KeyVaultName' -ResourceGroupName 'ResourceGroupName' -EnabledForTemplateDeployment
2. **Create Key Vault using Azure CLI 1.0**<br/>
a. Create new Resource Group: azure group create \<name\> \<location\><br/>
Ex: `azure group create ResourceGroupName 'East US'`<br/>
b. Create Key Vault: azure keyvault create -u \<vault-name\> -g \<resource-group\> -l \<location\><br/>
Ex: `azure keyvault create -u KeyVaultName -g ResourceGroupName -l 'East US'`<br/>
c. Create Secret: azure keyvault secret set -u \<vault-name\> -s \<secret-name\> --file \<private-key-file-name\><br/>
Ex: `azure keyvault secret set -u KeyVaultName -s SecretName --file ~/.ssh/id_rsa`<br/>
d. Enable the Keyvvault for Template Deployment: azure keyvault set-policy -u \<vault-name\> --enabled-for-template-deployment true<br/>
Ex: `azure keyvault set-policy -u KeyVaultName --enabled-for-template-deployment true`<br/>
3. **Create Key Vault using Azure CLI 2.0**<br/>
a. Create new Resource Group: az group create -n \<name\> -l \<location\><br/>
Ex: `az group create -n ResourceGroupName -l 'East US'`<br/>
b. Create Key Vault: az keyvault create -n \<vault-name\> -g \<resource-group\> -l \<location\> --enabled-for-template-deployment true<br/>
Ex: `az keyvault create -n KeyVaultName -g ResourceGroupName -l 'East US' --enabled-for-template-deployment true`<br/>
c. Create Secret: az keyvault secret set --vault-name \<vault-name\> -n \<secret-name\> --file \<private-key-file-name\><br/>
Ex: `az keyvault secret set --vault-name KeyVaultName -n SecretName --file ~/.ssh/id_rsa`<br/>
3. **Clone the Openshift repository [here](https://github.com/Microsoft/openshift-origin)**<br/>
a. Note the local script path, this will be needed for remote-execs on the remote machines.<br/>
## Deploy Template
Once you have collected all of the prerequisites for the template, you can deploy the template via terraform.
Monitor deployment via Terraform and get the console URL from outputs of successful deployment which will look something like (if using sample parameters file and "West US 2" location):
`https://me-master1.westus2.cloudapp.azure.com:8443/console`
The cluster will use self-signed certificates. Accept the warning and proceed to the login page.
### NOTE
Ensure combination of openshiftMasterPublicIpDnsLabelPrefix, and nodeLbPublicIpDnsLabelPrefix parameters, combined with the deployment location give you globally unique URL for the cluster or deployment will fail at the step of allocating public IPs with fully-qualified-domain-names as above.
### NOTE
This template deploys a bastion host, merely for the connection provisioner and allowing remote-exec to run commands on machines without public IPs; notice the specific dependencies on the order in which VMs are created for this to work properly.
### NOTE
The OpenShift Ansible playbook does take a while to run when using VMs backed by Standard Storage. VMs backed by Premium Storage are faster. If you want Premimum Storage, select a DS or GS series VM.
<hr />
Be sure to follow the OpenShift instructions to create the ncessary DNS entry for the OpenShift Router for access to applications.
## Post-Deployment Operations
This template creates an OpenShift user but does not make it a full OpenShift user. To do that, please perform the following.
1. SSH in to master node
2. Execute the following command:
```sh
sudo oadm policy add-cluster-role-to-user cluster-admin <user>
```
### Additional OpenShift Configuration Options
You can configure additional settings per the official [OpenShift Origin Documentation](https://docs.openshift.org/latest/welcome/index.html).
Few options you have
1. Deployment Output
a. openshiftConsoleUrl the openshift console url<br/>
b. openshiftMasterSsh ssh command for master node<br/>
c. openshiftNodeLoadBalancerFQDN node load balancer<br/>
get the deployment output data
a. portal.azure.com -> choose 'Resource groups' select your group select 'Deployments' and there the deployment 'Microsoft.Template'. As output from the deployment it contains information about the openshift console url, ssh command and load balancer url.<br/>
b. With the Azure CLI : azure group deployment list &lt;resource group name>
2. add additional users. you can find much detail about this in the openshift.org documentation under 'Cluster Administration' and 'Managing Users'. This installation uses htpasswd as the identity provider. To add more user ssh in to master node and execute following command:
```sh
sudo htpasswd /etc/origin/master/htpasswd user1
```
Now this user can login with the 'oc' CLI tool or the openshift console url.