Deploy using azuredeploy.json:
Deploy using azuredeploy.ha.json
This template deploys OpenShift Enterprise with basic username / password for authentication to OpenShift. It includes the following resources:
| Resource | Properties |
|---|---|
| Virtual Network | Address prefix: 192.168.0.0/16 Master subnet: 192.168.1.0/24 Node subnet: 192.168.2.0/24 |
| Load Balancer | 2 probes and two rules for TCP 80 and TCP 443 NAT rules for SSH on Ports 2200-220X |
| Public IP Addresses | OpenShift Master public IP OpenShift Router public IP attached to Load Balancer |
| Storage Accounts | 2 Storage Accounts |
| Virtual Machines | Single master Single infra node User-defined number of nodes All VMs include a single attached data disk for Docker thin pool logical volume |
You'll need to generate a pair of SSH keys in order to provision this template. Ensure that you do not include a passcode with the private key.
If you are using a Windows computer, you can download puttygen.exe. You will need to export to OpenSSH (from Conversions menu) to get a valid Private Key for use in the Template.
From a Linux or Mac, you can just use the ssh-keygen command.
You will need to create a Key Vault to store your SSH Private Key that will then be used as part of the deployment.
-
Create KeyVault using Powershell
a. Create new resource group: New-AzureRMResourceGroup -Name 'ResourceGroupName' -Location 'West US'
b. Create key vault: New-AzureRmKeyVault -VaultName 'KeyVaultName' -ResourceGroup 'ResourceGroupName' -Location 'West US'
c. Create variable with sshPrivateKey: $securesecret = ConvertTo-SecureString -String '[copy ssh Private Key here - including line feeds]' -AsPlainText -Force
d. Create Secret: Set-AzureKeyVaultSecret -Name 'SecretName' -SecretValue $securesecret -VaultName 'KeyVaultName' -
Create Key Vault using Azure CLI - must be run from a Linux machine (can use Azure CLI container from Docker for Windows) or Mac
a. Create new Resource Group: azure group create <name> <location>
Ex: [azure group create ResourceGroupName 'East US']
b. Create Key Vault: azure keyvault create -u <vault-name> -g <resource-group> -l <location>
Ex: [azure keyvault create -u KeyVaultName -g ResourceGroupName -l 'East US']
c. Create Secret: azure keyvault secret set -u <vault-name> -s <secret-name> --file <private-key-file-name>
Ex: [azure keyvault secret set -u KeyVaultName -s SecretName --file ~/.ssh/id_rsa
d. Enable the Keyvvault for Template Deployment: azure keyvault set-policy -u \ --enabled-for-template-deployment true
Ex: [azure keyvault set-policy -u KeyVaultName --enabled-for-template-deployment true]
- _artifactsLocation: URL for artifacts (json, scripts, etc.)
- masterVmSize: Select from one of the allowed VM sizes listed in the azuredeploy.json file
- nodeVmSize: Select from one of the allowed VM sizes listed in the azuredeploy.json file
- openshiftClusterPrefix: Cluster Prefix applied to all nodes - master, infra and nodes
- openshiftMasterPublicIpDnsLabelPrefix: A unique Public DNS name to reference the Master Node by
- nodeLbPublicIpDnsLabelPrefix: A unique Public DNS name to reference the Node Load Balancer by. Used to access deployed applications
- nodeInstanceCount: Number of Nodes to deploy
- dataDiskSize: Size of data disk to attach to nodes
- adminUsername: Admin username for both OS login and OpenShift login
- openshiftPassword: Password for OpenShift login
- cloudAccessUsername: Your Cloud Access subscription user name
- cloudAccessPassword: The password for your Cloud Access subscription
- cloudAccessPoolId: The Pool ID that contains your RHEL and OpenShift subscriptions
- sshPublicKey: Copy your SSH Public Key here
- subscriptionId: Your Subscription ID
a. PowerShell: get-AzureAccount b. Azure CLI: azure account show - Field is ID - keyVaultResourceGroup: The name of the Resource Group that contains the Key Vault
- keyVaultName: The name of the Key Vault you created
- keyVaultSecret: The Secret Name you used when creating the Secret
- defaultSubDomainType: This will either be xipio (if you don't have your own domain) or custom if you have your own domain that you would like to use for routing
- defaultSubDomain: The wildcard DNS name you would like to use for routing if you selected custom above. If you selected xipio above, then this field will be ignored
Once you have collected all of the prerequisites for the template, you can deploy the template by clicking Deploy to Azure or populating the azuredeploy.parameters.json file and executing Resource Manager deployment commands with PowerShell or the xplat CLI.
The OpenShift Ansible playbook does take a while to run when using VMs backed by Standard Storage. VMs backed by Premium Storage are faster. If you want Premimum Storage, select a DS or GS series VM.
Be sure to follow the OpenShift instructions to create the ncessary DNS entry for the OpenShift Router for access to applications.
This template creates an OpenShift user but does not make it a full OpenShift user. To do that, please perform the following.
-
SSH in to master node
-
Execute the following command:
sudo oadm policy add-cluster-role-to-user cluster-admin <user>
You can configure additional settings per the official OpenShift Enterprise Documentation.