Intro

In my last post, I showed how to deploy an All-in-One OKD system. This is great for some initial learning, but keeping it up and running can get expensive over time. You can always shut it down and re-create it later, but this can take time and you can end up making typos and errors if you aren’t careful. If you want to be able to create (and destroy) these All-in-One environments in a more automatic way read on.

Building on the last post, we are going to take all the pre-steps, such as provisioning the server and patching it and automate them with Ansible. We actually used Ansible in the first post, when we ran the OpenShift installer. We are now going to leverage the same Inventory file used by the OpenShift installer to deploy our host in Azure and get all the presteps taken care of. If you want to learn more about Ansible you can take a free training course here

We are also going to eliminate the need for the “jump box” by using a container to run the entire process. This way we can cut down on the steps needed to build our jumpbox and as a bonus we will save a little money by only running our All-in-One server. To do this we are going to leverage Docker containers.

A container is a way of packaging up code or applications and their required system libraries and dependencies in a lightweight reusable unit. This unit can be run on multiple computing environments including the many variants of Linux as well as OSX and even Windows. Containers are similar in nature to virtualization, but without all the overhead of virtualizing a whole hardware stack and having to maintain the OS that comes along with it.

To read more about Docker and containers check out this link What is a Container

Before You Begin

The easiest way to get a container up and running is to use Docker. Docker will allow us to start up a pre-made container from which to run the Ansible playbooks. Docker is a very large topic so I won’t be able to go into all of it here. You don’t have to know a lot about Docker to follow along, but you will need Docker installed somewhere to try this out yourself. If you don’t have Docker installed, I suggest taking a look at the following articles from Docker about how to install it and get it up and running.

• Install Docker Desktop for Mac
• Install Docker Desktop for Windows
• Get Docker CE for Linux

Note that for the Linux docs, you will need to select the proper distribution of Linux for your install instructions.

Containers and Docker

Docker images are basically a grouping of tar files that build up an entire filesystem with all the binaries installed to run an application or task. The Docker image is created using a Dockerfile. The one we will be using is this one:

As you can see if you tried out my previous post for creating an All-In-One OKD deployment, what we are doing is creating a Container Image that can take the place of the “Jump Host”. Each line in the Dockerfile is a command run when building the container. Each of these lines and the resulting changes to the image are bundled up together into one unit. The best part of these containers is that we can publish them and make them available to others to use. In this case, the Dockerfile you see above created the docker image called:

registry.gitlab.com/xphyr/azure_okd:latest

and it is this container image we will use to not only create our Azure hosts but also to do the patching and the OKD install.

Ansible Scripts

Ansible is a declarative language written in YAML. The great thing about Ansible is it is easy to read and see what it is doing. Here is an example of the Ansible script you will use to patch the All-in-One host:

If you read through the list, you can see each of the steps we did manually last time around. We upgrade the server in lines 5-10. Lines 11-18 install additional software packages. Lines 19-24 update the epel repo and disable the repo package we just installed. Lines 25-31 update the network scripts to disable Network Manager. Finally, we reboot the server in lines 32-35. The Azure playbook can be read just as easily. I suggest taking a look at the source of it as well to see how it works if you want to learn more. The source for the Ansible scripts is noted at the end of this post.

Running the Container

Let’s make sure that Docker is running properly for you. Open a command prompt and run the following command:

docker pull registry.gitlab.com/xphyr/azure_okd:latest.

You should see output similar to the following:

docker pull registry.gitlab.com/xphyr/azure_okd:latest
latest: Pulling from xphyr/azure_okd
8ba884070f61: Already exists
4db0d0c771c7: Pull complete
12f1ade53d1e: Pull complete
21584f14698d: Pull complete
4d6d859b64d1: Pull complete
ff5369a8d3fb: Pull complete
Digest: sha256:0891bf4db05d24144e1bcf735d28b4e51f3ad9ca339defb2bcd1861173177022
Status: Downloaded newer image for registry.gitlab.com/xphyr/azure_okd:latest

Once you have pulled the image locally, we will test to make sure you can run it.

docker run registry.gitlab.com/xphyr/azure_okd:latest ansible-playbook --version

The output should look similar to:

docker run registry.gitlab.com/xphyr/azure_okd:latest ansible-playbook --version
ansible-playbook 2.7.9
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

Setting up Azure and SSH Authentication

Just like in the past, we are going to need an SSH key but we are also going to require Azure credentials. If you haven’t created an SSH key please see my last post with some links to how to create one.

Let’s start by downloading a template Azure credentials file. Download this link and place it in a working directory somewhere. Open the file with your favorite file editor and then Log into the Azure portal. We are going to use the Azure Cloud Shell to generate the information we need for the credentials file. Look for the icon in the upper bar that looks like this: “>_” This will start the shell. Give it a few seconds to start and then run the following commands.

az account show --query "{subscriptionId:id, tenantId:tenantId}"

In the azure_credentials file update “subscription_id” and “tenantId” with the values shown from the previous command. Now run:

az ad sp create-for-rbac --name azureDeploy

Update the azure_credentials file replacing the “secret” with the value of “password” from the last command and client_id with “appID” from the output.

Save the credentials file, we are ready to test this out.

Creating the Inventory File

Just like last time we need an inventory file. You can start with the file located here. Put this file alongside the Azure credentials file, but don’t make any changes to it just yet. We will do that in a little while.

Running the Installer

In order to make all this work, we are going to mount files from your local machine into the docker container as we start it. In order to pull off this trick you are going to need the following information:

• the location of your ssh keys
  • you will need the path to both your “id_rsa” file as well as your “id_rsa.pub” files
  • on Linux and Mac you can use “$HOME/.ssh/id_rsa” and “$HOME/.ssh/id_rsa.pub”
• the location of the azure credentials file you created in the last step
• the inventory-aio file sitting in your current working directory

To use the container run the following command but be sure to update the paths for your SSH key and your azure credentials. You may want to copy the line into a text editor and update it before pasting it into your terminal:

docker run -i -t -v <path to id_rsa>:/root/.ssh/id_rsa -v <path to id_rsa.pub>:/root/.ssh/id_rsa.pub -v <path to azure credential file>:/root/.azure/credentials -v $(pwd)/inventory-aio:/tmp/inventory registry.gitlab.com/xphyr/azure_okd:latest

Note the previous command is all one line, do not break it into multiple lines or it will not work.

If everything works, you will be sitting at a bash prompt. We are now going to use an Ansible playbook to create our “All-in-One” Server. Run the command:

ansible-playbook -i /tmp/inventory setup_scripts/azure_provision_hosts.yml

This will create a single 8Gb “Standard_D2_v3” virtual machine in Azure and will open up all the required ports necessary to install OKD. When the playbook completes, it will output an IP address. This is the public IP address of the new server just created.

Now we need to update the Ansible inventory file with the proper hostname of this new machine. Just like before we will leverage “xip.io” or “nip.io”.

• Open the ansible inventory file and replace all instances of “<xip.io hostname goes here>” with the new hostname. For example, if the All in One host from azure has an IP address of 1.2.3.4, your hostname would be “1.2.3.4.xip.io”. Want to use “nip.io”, just replace xip.io in the example above with nip.io.
• replace the one instance of “okdaioserver” at the very bottom of the inventory file with the same xip.io hostname from the step above

Note: because we have mounted the file into the Docker container, you can edit the file from your main host and the changes will be reflected inside the running container.

At this point, we can run the remaining playbooks to install our OKD “All-in-One” server. If any of the playbooks fail, just re-run them. You can run the playbooks over and over until they run successfully. Run the following commands from within your container:

ansible-playbook -i /tmp/inventory setup_scripts/prep_hosts.yml
ansible-playbook -i /tmp/inventory openshift-ansible/playbooks/prerequisites.yml 
ansible-playbook -i /tmp/inventory openshift-ansible/playbooks/deploy_cluster.yml
# Secure the OKD API/Web Interface
ansible-playbook -i /tmp/inventory setup_scripts/secure_okd.yml

The last playbook will create a default admin user. The password is specified within the Inventory file. Review the file and find the variable called “okd_admin_password”. You will see what it is by default. If you want to secure your cluster with a different password, make a change to YOUR inventory file and re-run the “secure_okd.yml” playbook again and your password will be updated.

Your cluster setup is now complete. The difference is, this time we did it all with code and we can be fairly confident that no mistakes were made along the way. One of the other bonuses is that cleanup when you are done with your cluster is easy.

Cleanup

If you are done with your cluster you can use Ansible to clean up after yourself as well.

NOTE: This will delete your deployed server completely! There is no undelete.

If you don’t still have the docker container running from before start it up using the command from “Running the Installer” section above and run just one command:

ansible-playbook -i /tmp/inventory setup_scripts/azure_cleanup.yml

This will go through and delete your VM as well as all associated resources.

Next time

If you want to see how the Docker container was built, or what all the Ansible scripts look like the source for this post can be found here: https://gitlab.com/xphyr/azure_okd Look through it and feel free to fork it, or submit pull requests if you have some improvements.

In my next (and final) post on getting OKD up and running in Azure, we will create a multi-server deployment. This will be as close as you can get to deploying a real production cluster… the only limit will be your credit-card limit.

• openshift
• azure
• ansible