Deploying Contrail on Microsoft Azure
Starting from Contrail Release 5.0.2, you can deploy Contrail on Microsoft Azure public cloud. This topic describes Contrail deployment procedures on Azure and also the procedure to delete the deployment.
Deployment of Contrail on Azure
Ensure that you have a valid subscription
to an Azure account for virtual networks and virtual machines (VMs).
Create the contrail-multicloud
resource group on the Azure
portal. Ensure that you have installed the Docker on the local deployer
host.
Perform the following detailed steps for deploying Contrail on Azure.
Perform the following steps to create a topology with two virtual networks, two gateways, two compute hosts and one controller in Azure.
- To download the Multicloud Deployer package file, follow
these steps:
Select Contrail version 5.0.x from the Version list in the Juniper Networks Software Downloads page.
In the Application Tools section, click the Multicloud Deployer tgz file.
You are now redirected to the Software Download page.
Log in to the download page.
A End User License Agreement is displayed. Select I Agree and click on Proceed.
Download the file on your localhost or on your device.
Follow the Usage Instructions on the download page to install the file.
- Extract the contents of the .tgz file.
# tar -xzvf contrail-multicloud-deployer-5.0.2-0.XXX.tgz
- Create the secret.yml file. The secrets.yml file contains
required credentials for multicloud deployment. For Azure you need
to add only the public_key.
# vi secrets.yml public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ...."
- Define the topology. The topology.yml file comprises the resource group, virtual networks or clouds, and
instances. Instances can have roles such as the gateway role for the
multicloud gateway, controller and k8s_master roles for the controller
nodes, and compute role for the compute nodes. The instance type as
defined in standard Azure documentation and you must be aware of what
is available in Azure for populating the topology.
# vi topology.yml
Here is an example of a topology.yml file.
- provider: azure organization: Juniper project: contrail-multicloud regions: - name: WestUS2 resource_group: contrail-multicloud-training vnet: - name: contrail-az-1 cidr_block: 192.168.0.0/16 subnets: - name: subnet_contrail_az_1 cidr_block: 192.168.100.0/24 security_group: allow_all_protocols security_groups: - name: allow_all_protocols-contrail-az-1 rules: - name: all_in-contrail-az-1 direction: inbound - name: all_out-contrail-az-1 direction: outbound instances: - name: az-contrail-gw-1 roles: - gateway provision: true username: ubuntu os: ubuntu16 instance_type: Standard_F16s_v2 subnets: subnet_contrail_az_1 interface: eth1 - name: controller-contrail-az-1 provision: true username: ubuntu roles: - controller - k8s_master os: ubuntu16 instance_type: Standard_F32s_v2 subnets: subnet_contrail_az_1 interface: eth0 - name: compute-contrail-az-1 provision: true username: ubuntu roles: - compute_node os: ubuntu16 instance_type: Standard_F16s_v2 subnets: subnet_contrail_az_1 interface: eth0 - name: contrail-az-2 cidr_block: 10.0.0.0/16 subnets: - name: subnet_contrail_az_2 cidr_block: 10.0.100.0/24 security_group: allow_all_protocols-contrail-az-2 security_groups: - name: allow_all_protocols-contrail-az-2 rules: - name: all_in-contrail-az-2 direction: inbound - name: all_out-contrail-az-2 direction: outbound instances: - name: az-contrail-gw-2 roles: - gateway provision: true username: ubuntu os: ubuntu16 instance_type: Standard_F16s_v2 subnets: subnet_contrail_az_2 interface: eth1 - name: compute-contrail-az-2 provision: true username: ubuntu roles: - compute_node os: ubuntu16 instance_type: Standard_F16s_v2 subnets: subnet_contrail_az_2 interface: eth0
- (Optional) On Linux-based systems, when the ssh-agent
is running, the deployer.sh can add the keys to ssh-agent. Use the
following command to start ssh-agent.
eval `ssh-agent -s`
On Linux-based systems, if the added keys are removed during cluster provisioning, add the keys to the ssh-agent by using the following command.
ssh-add <path-to-keyfile>
For example:
ssh-add contrail-multi-cloud/keys/contrail-multicloud-key-7755
- Set up the deployer.
# ./deployer.sh [-r registry -v <local|docker> -a access_key -s secret_key -k private_key ]
For example:
# ./deployer.sh -r <username> -t 5.0.1 -v $PWD:/root/multicloud -k
Use the password for the user on the local system. The
contrail-multicloud-deployer
deployer Docker container is created. - Log in to the deployer Docker container. Password for
the root user is multicloud.
# ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no -A root@127.0.0.1 -p 2222
- Navigate to the multicloud directory.
# cd multicloud
- Log in to Azure and authenticate your session.
Register your device and log in to Azure. Using the
az login
command displays a secure link to the Azure portal and a code for device authentication.# az login To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code xxxxxxxxx to authenticate.
Use a Web browser to open the displayed URL https://microsoft.com/devicelogin.
Enter the displayed code in the portal.
Enter your Azure account login credentials.
Upon successful sign-in, your device and session is authenticated and you are logged into Azure.
- (Optional) View your subscription details.
# az account list
- Navigate to the one-click-deployer directory.
# cd one-click-deployer
- Run the deploy.sh script
to generate the topology and deploy Contrail. The deploy.sh script is available in the https://github.com/Juniper/contrail-multi-cloud repository.
# ./deploy.sh
- (Optional) After Contrail deployment, if the kube-dns
pod is stuck in CreatingContainer or ErrorCreating, ensure that the
kube-dns pod is recreated. This might occor required if the container
fails during provisioning.
Check for the kube-dns pod name using the following command.
kubectl get pods --all-namespaces | grep kube-dns | awk '{print $2}'
Delete kube-dns pod using the following command.
kubectl delete pod <kube-dns-xxxxx> -n kube-system
Deleting Contrail Deployment from Azure
To delete Contrail from Azure, perform the following steps.
- Navigate to the one-click-deployer directory.
# cd multicloud/one-click-deployer
- Tear down the objects using the
teardown.sh
script../teardown.sh
- Delete the deployer Docker, keys, and generated files.
cd contrail-multi-cloud ./cleanup.sh