Pulumi: Instance Creation, Floating IP Assignment, Rancher initialization script - Part 2
- Pulumi: Create a virtual machine configured with Rancher on OpenStack - Part 1
- Pulumi: Reorganization of the code - Part 3
- Pulumi: Creating Kubernetes clusters with Rancher and OpenStack as infrastructure provider - Part 4
After defining the security groups applicable to the instance, we now continue with the creation of an instance resource in OpenStack, which will allow us to have a virtual machine deployed with code using Pulumi.
OpenStack instances on Pulumi are created with the Instance module resource compute. It is enough to indicate a name for the instance and a JSON for the options. In our case we will include the availability zone, the name of the image as defined in OpenStack, the name of the flavor to use to create the instance, the networks to which the instance will connect, the name of the pair of keys to inject into the instance and the security groups that control access to the instance. In addition, we will include an instance initialization script in its creation (what is known as user data in other systems). In the Rancher Initialization Script section details of this script are provided. This script will install Docker on the virtual machine and run Rancher with Docker.
The following snippet illustrates the code for creating an instance in the file index.ts
import * as os from "@pulumi/openstack";
const fs = require('fs') //1
...
// Create an OpenStack resource (Compute Instance)
const rancherInstance = new os.compute.Instance("rancher-sistemas-prod", {
availabilityZone: "stic-prod",
imageName: "Ubuntu 18.04 LTS",
flavorName: "large",
networks: [
{
name: "Sistemas-prod-net",
}
],
keyPair: "os-sistemas",
userData: fs.readFileSync('./rancher-setup.sh', 'utf8'), //2
securityGroups: [etcdSecGroup.name, webSecGroup.name] //3
});
...
- TypeScript package for interacting with files.
- Loading the file containing the initialization script. Important to use utf8 .
- List of security groups to apply to the instance.
The changes would be displayed with pulumi up and selecting the option yes. The option details shows the details of each of the resources to be created, modified or deleted in the infrastructure.
The following figure shows the effect of the deployment with the instance created.
To be able to access the instance from the outside, we will assign it a floating IP address. In our case we already have the floating IP address assigned to the project and it is registered in a DNS to be able to carry out a Rancher installation with a DNS name. Therefore, it will not be necessary to create the floating IP address in the project, but we will go directly to the step of assigning said floating IP address to the instance. However, we will also see what the script would look like if the floating IP address had to be created.
OpenStack floating IP addresses on Pulumi are assigned with the FloatingIpAssociate module resource compute. It is enough to indicate a name for the IP association and a JSON for the options. In our case we will include the floating IP address and the identifier of the Rancher instance.
The following snippet illustrates the code for creating an instance in the file index.ts
...
const floatingIP = '192.168.129.1' //1
...
// Associate a floating IP to the instance
const fipFloatingIpAssociate = new os.compute.FloatingIpAssociate("fip", {
floatingIp: floatingIP, //2
instanceId: rancherInstance.id, //3
});
...
- Floating IP address to use previously available in the OpenStack project
- String with the floating IP address
- Instance identifier
The changes would be displayed with pulumi up and selecting the option yes. The option details shows the details of each of the resources to be created, modified or deleted in the infrastructure.
The following figure shows the effect of deploying with the floating IP address assigned to the instance.
If the project does not have previously reserved the floating IP address that we are going to use, we need to create a new one.
OpenStack floating IP addresses on Pulumi are created with the FloatingIp module resource networking. It is enough to indicate a name for the floating IP address and a JSON for the options. In our case we will include the name of the OpenStack floating IP address pool (in our case it is ual-net).
...
const rancherFloatingIp = new openstack.networking.FloatingIp("rancherFloatingIP", {
pool: "ual-net",
});
...
We would then assign the newly created floating IP address to the created instance. The process is similar to the one above, but substituting the IP address in the form of a string for the newly created floating IP address....
// Associate a floating IP to the instance
const fipFloatingIpAssociate = new os.compute.FloatingIpAssociate("fip", {
floatingIp: rancherFloatingIp.address, //1
instanceId: rancherInstance.id,
});
...
- Floating IP address created.
Rancher initialization script
#!/bin/bash
RANCHERPASSWORD='yourpasswordhere' #1
RANCHERSERVER='https://your.url.here.com' #2
echo "Instalando Docker" #3
apt-get update
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
software-properties-common \
jq
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
apt-key fingerprint 0EBFCD88
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
apt-get update
apt-get install -y docker-ce
groupadd docker
usermod -aG docker ubuntu
systemctl enable docker
echo "Obteniendo certificados"
mkdir /home/ubuntu/rancherdata
mkdir /home/ubuntu/certificados #4
wget -O /home/ubuntu/certificados/star_stic_ual_es.crt https://your.certificate.server.here.com/star_stic_ual_es_completa.crt
wget -O /home/ubuntu/certificados/star_stic_ual_es.key https://your.certificate.server.here.com/star_stic_ual_es.key
wget -O /home/ubuntu/certificados/DigiCertCA.crt https://your.certificate.server.here.com/DigiCertCA.crt
docker run \ #5
--privileged -d \
--restart=unless-stopped \
-p 80:80 -p 443:443 \
-v /home/ubuntu/rancherdata:/var/lib/rancher \
-v /home/ubuntu/certificados/star_stic_ual_es.crt:/etc/rancher/ssl/cert.pem \
-v /home/ubuntu/certificados/star_stic_ual_es.key:/etc/rancher/ssl/key.pem \
-v /home/ubuntu/certificados/DigiCertCA.crt:/etc/rancher/ssl/cacerts.pem \
--name rancher \
rancher/rancher:v2.5.8 \
--features=unsupported-storage-drivers=true #6
echo "Configurando Rancher"
while ! curl -k https://localhost/ping; do sleep 3; done #7
# First Rancher Login #8
LOGINRESPONSE=`curl -s <8> 'https://127.0.0.1/v3-public/localProviders/local?action=login' -H 'content-type: application/json' --data-binary '{"username":"admin","password":"admin"}' --insecure`
LOGINTOKEN=`echo $LOGINRESPONSE | jq -r .token` #9
# Change password #10
curl -s 'https://127.0.0.1/v3/users?action=changepassword' \
-H 'content-type: application/json' \
-H "Authorization: Bearer $LOGINTOKEN" \
--data-binary '{"currentPassword":"admin","newPassword":"'$RANCHERPASSWORD'"}' \
--insecure
# Configure server-url #11
curl -s 'https://127.0.0.1/v3/settings/server-url' \
-H 'content-type: application/json' \
-H "Authorization: Bearer $LOGINTOKEN" \
-X PUT \
--data-binary '{"name":"server-url","value":"'$RANCHERSERVER'"}' \
--insecure
# Activate OpenStack node driver #12
curl -s 'https://127.0.0.1/v3/nodeDrivers/openstack?action=activate' \
-H 'content-type: application/json' \
-H "Authorization: Bearer $LOGINTOKEN" \
-X POST \
--insecure
exit 0
- Variable with the administrator password
- Variable with DNS name to assign to Rancher
- Installing required packages for Docker
- Download certificates
- Start a Rancher container with the previously downloaded certificates
- Enable experimental storage drivers to allow the use of OpenStack Cinder as a storage provider
- Wait for Rancher to be active
- Use the Rancher API with the credentials admin/admin and capture the response
- Get the login token from the previous call
- Use the Rancher API with the login token to set the new password with the variable set at the start of the script
- Use the Rancher API with the login token to set the DNS name with the variable set at the start of the script
- Use the Rancher API with the login token to activate the OpenStack driver
The following figure shows Rancher available after instance startup
The following figure shows the unsupported storage driver features enabled to allow the use of OpenStack Cinder volumes.The following figure shows the OpenStack driver activated for the creation of Kubernetes nodes
Post a Comment