Enterprise Container Platform in the Cloud: OpenShift on Azure secured by Azure  ...
Enterprise Container Platform in the Cloud: OpenShift on Azure secured by Azure  ...
Enterprise Container Platform in the Cloud: OpenShift on Azure secured by Azure  ...
Overview

This articleis a collaboration fromRolf Masuch (Microsoft) and Keith Tenzer (Red Hat). It is based on our work together in the field with enterprise customers.

In this article we will explore how to deploy a production ready OpenShift enterprise container platformon the Microsoft Azure Cloud. The entire deployment iscompletely automated using Ansible and ARM (Azure Resource Manager). Everything is template driven using APIs. The bennefit of this approach is the ability to build-up and tear-down a complete OpenShift environment in the Azure cloud before your coffee gets cold.

Since OpenShift alreadyusesAnsible as its installation and configuration management tool, it made sense to stick with Ansible as opposed to using other tools such as Power Shell. A Red Hat colleague, Ivan McKinley createdan Ansible playbook thatbuilds out all the required Azure infrastructure components and integratesthe existing OpenShift installation playbook. The result is an optimally configure OpenShift environment on the Azure Cloud. We have used this recipe to deploy real production Environments for customers and it leverages both Microsoft as well as Red Hat best practices.

You can access and contribute improvements to the Ansible playbook under Ivan’s Github repository:

https://github.com/ivanthelad/ansible-azure

The following, related articles might also be of Interest in case you want a basic understanding of OpenShift.

OpenShift v3.2 All-in-one Lab Environment OpenShift Basic Release Deployment Scenarios

The pre-requisites for deploying OpenShift on Azure are a valid OpenShift subscription and a valid Azure subscription.

If you don’t already have a OpenShift Subscription you can purchase one or get an eval by talking to your partner or Red Hat account manager. If you don’t already have a Microsoft Azure Subscription you can start one here . Deploying to Azure

Install Fedora 24 workstation for use as deployment workstation. You need very recent versions of python 2.7 (2.7.12) and unfortunately it isn’t available in RHEL or CentOS at writing of this article so we used Fedora.

Install Python andDependencies # sudo yum install python # sudo yum install python-pip # sudo dnf install python-devel # sudo dnf install redhat-rpm-config # sudo dnf install openssl-devel Install Azure CLI # sudo dnf install npm # sudo npm install azure-cli -g # sudo pip install --upgrade pip # sudo pip install azure==2.0.0rc5 Authenticate Azure CLI [[email protected] ansible-azure]$ azure login info: Executing command login \info: To sign in, use a web browser to open the page https://aka.ms/devicelogin. Enter the code CB8P5ZCKP to authenticate. -info: Added subscription Pay-As-You-Go info: Added subscription ITS - RedHat Openshift info: Setting subscription "Pay-As-You-Go" as default + info: login command OK List Azure Resource Groups

In order to list resource groups you need your Azure subscription id. You can view this by logging into Azure portal with your user.

[[email protected] ansible-azure]$ azure group list --subscription <subscription id> info: Executing command group list + Listing resource groups data: Name Location Provisioning State Tags: data: ------------- ---------- ------------------ ----- data: OpenShift_POC westeurope Succeeded null data: Shared westeurope Succeeded null info: group list command OK Install Ansible Core # sudo dnf install ansible Clone OpenShift Azure Ansible Playbooks # git clone https://github.com/ivanthelad/ansible-azure.git Update Playbook parameters # cd ansible-azure # cp group_vars/all_example group_vars/all # vi group_vars/all resource_group_name: <new resource group name> ## Azure AD user. ad_username: <Azure user e.g. [email protected]> ### Azure AD password ad_password: <Azure Password> #### Azure Subscription ID subscriptionID: "<subscription id from Azure>" ## user to login to the jump host. this user will only be created on the jumphost adminUsername: <username e.g. ktenzer> ## user pwd for jump host ## Password for the jump host adminPassword: <password> ##### Public key for jump host ### Access to environment only allowed through jumphost sshkey: <ssh key e.g. cat /home/ktenzer/.ssh/id_rsa.pub> # see https://azure.microsoft.com/en-us/documentation/articles/cloud-services-sizes-specs/ ### Size for the master master_vmSize: Standard_DS3_v2 #master_vmSize: Standard_D2_v2 #master_vmSize: Standard_D1_v2 ### Size for the nodes node_vmSize: Standard_DS3_v2 #node_vmSize: Standard_D2_v2 #node_vmSize: Standard_D1_v2 #### Region to deploy in region: westeurope ## docker info docker_storage_device: /dev/sdc create_vgname: docker_vg filesystem: 'xfs' create_lvsize: '80%FREE' #create_lvsize: '2g' #### subscription information rh_subscription_user: <Red Hat Subscription User> rh_subscription_pass: <Red Hat Subscription Password> openshift_pool_id: <Red Hat Subscription Pool Id> ########### list of node ########### ### Warning, you currently cannot create more infra nodes #### ### this will change in the future ### You can add as many nodes as you want ##################################### jumphost: jumphost1: name: jumphost1 tags: region: westeurope zone: jumphost stage: jumphost masters: master1: name: master1 tags: region: westeurope zone: infra stage: none master2: name: master2 tags: region: westeurope zone: infra stage: none master3: name: master3 tags: region: westeurope zone: infra stage: none infranodes: infranode1: name: infranode1 tags: region: westeurope zone: infra stage: dev nodes: node1: name: node1 tags: region: westeurope zone: app stage: dev node2: name: node2 tags: region: westeurope zone: app stage: dev Run Ansible Playbook # ansible-playbook --forks=50 -i inventory.azure playbooks/setup_multimaster.new.yml Connect to OpenShift environment

In order to connect to OpenShift environment you need to access jump box. The public IP of jumpbox will be set during playbook run, simply look at outputs to get the public IP for jumpbox.

Connect to jumphost # ssh -i /home/ktenzer/.ssh/id_rsa.pub ktenzer@<jumphost public IP> Connect to master1

There are three masters and you can connect and manage environment from any of them.

[[email protected] ~]$ ssh master1 Login as built-in system:admin user [[email protected] ~]$ oc login -u system:admin List OpenShift nodes [[email protected] ~]$ oc get nodes NAME STATUS AGE infranode1.KgsZ98734738nshjdsj2.ax.internal.cloudapp.net Ready 34d master1.KgsZ98734738nsh

本文系统(windows)相关术语:三级网络技术 计算机三级网络技术 网络技术基础 计算机网络技术

主题: GitPython
分页:12
转载请注明
本文标题:Enterprise Container Platform in the Cloud: OpenShift on Azure secured by Azure ...
本站链接:http://www.codesec.net/view/484655.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(windows) | 评论(0) | 阅读(39)