Skip to content

Instantly share code, notes, and snippets.

@stevenfollis
Last active June 17, 2020 10:35
Show Gist options
  • Save stevenfollis/3a34873516b687ce759e5a947bbe65b2 to your computer and use it in GitHub Desktop.
Save stevenfollis/3a34873516b687ce759e5a947bbe65b2 to your computer and use it in GitHub Desktop.
Manually install Docker Enterprise with the Azure CLI
#!/bin/sh
# Manually setup a Docker Enterprise Cluster
# in Azure using the Azure CLI
# ================================
# Azure Variables
# ================================
CLUSTER_NAME='follis-cluster' # Used as the base name for Azure Resource Groups
AZ_LOCATION='eastus2'
# ================================
# Setup Azure Virtual Network in a dedicated RG
# Simulates a real world installation where VNet RG != Nodes RG
# ================================
az group create \
--name "${CLUSTER_NAME}-vnet" \
--location "${AZ_LOCATION}" \
--tags 'owner=Follis' # Needed for my Azure Subscription's Policy, can be left off
# Create vnet to simulate existing resource
az network vnet create \
--location "${AZ_LOCATION}" \
--resource-group "${CLUSTER_NAME}-vnet" \
--name vnet \
--address-prefix 172.16.0.0/16 \
--subnet-name docker-nodes \
--subnet-prefix 172.16.8.0/24
# ================================
# Setup Docker nodes in a separate RG
# ================================
az group create \
--name "${CLUSTER_NAME}-nodes" \
--location "${AZ_LOCATION}" \
--tags 'owner=Follis' # Needed for my Azure Subscription's Policy, can be left off
# Create an NSG for nodes
az network nsg create \
--name "${CLUSTER_NAME}" \
--resource-group "${CLUSTER_NAME}-nodes"
# Open ports within NSG for common use cases
# 22 = SSH
# 3389 = Microsoft Remote Desktop
# 443 = SSL for UCP
# 6443 = Kubectl
# 8443 = Interlock 3
# 33000-33002 = Istio
PRIORITY=100
for PORT in 22 443 3389 6443 8443 33000 33001 33002
do
echo Opening Port $PORT
az network nsg rule create \
--access allow \
--destination-port-ranges "${PORT}" \
--name Allow"${PORT}" \
--nsg-name "${CLUSTER_NAME}" \
--priority "${PRIORITY}" \
--protocol tcp \
--resource-group "${CLUSTER_NAME}-nodes"
# Increment Priority
PRIORITY=$((PRIORITY+1))
done
# Get Subnet ID for VNet
SUBNET_ID=$(az network vnet subnet show \
--name docker-nodes \
--output tsv \
--query id \
--resource-group "${CLUSTER_NAME}-vnet" \
--vnet-name vnet)
# Create an availability set for managers
az vm availability-set create \
--name 'managers' \
--resource-group "${CLUSTER_NAME}-nodes"
# Create the first manager node
# Manually iterate this and re-run the next az vm create command for additional nodes
NODE_NAME='manager01' # manager01
# Create first manager node
az vm create \
--availability-set 'managers' \
--image UbuntuLTS \
--location "${AZ_LOCATION}" \
--name "${NODE_NAME}" \
--nsg "${CLUSTER_NAME}" \
--os-disk-name "${NODE_NAME}" \
--public-ip-address "${NODE_NAME}" \
--resource-group "${CLUSTER_NAME}-nodes" \
--size Standard_DS3_v2 \
--subnet "${SUBNET_ID}"
# ssh to the node
NODE_IP=$(az vm list-ip-addresses \
--name "${NODE_NAME}" \
--output tsv \
--query "[0].virtualMachine.network.publicIpAddresses[0].ipAddress" \
--resource-group "${CLUSTER_NAME}-nodes")
ssh "${NODE_IP}"
# ================================
# Install Docker Engine - Enterprise
# Sourced from https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/docker-engine-enterprise/dee-linux/ubuntu.html
# ================================
# Docker Variables
DOCKER_EE_URL='https://storebits.docker.com/ee/m/sub-00000000-0000-0000-0000-000000000000' # Located in Mirantis Support Portal
DOCKER_EE_VERSION='stable-19.03'
# Update package manager
sudo apt-get update
# Install pre-requisites
sudo apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
# Add Docker's GPG Key
sudo curl -fsSL "${DOCKER_EE_URL}/ubuntu/gpg" | sudo apt-key add -
# Verify key
sudo apt-key fingerprint 6D085F96
# Add stable repository
sudo add-apt-repository \
"deb [arch=$(dpkg --print-architecture)] $DOCKER_EE_URL/ubuntu \
$(lsb_release -cs) \
$DOCKER_EE_VERSION"
# Install Docker Engine Enerprise
sudo apt-get update
sudo apt-cache madison docker-ee
sudo apt-get -y install docker-ee docker-ee-cli containerd.io
# Add user into docker group
# https://docs.docker.com/engine/install/linux-postinstall/
sudo groupadd docker
sudo usermod -aG docker "${USER}"
newgrp docker
# Confirm engine is working
# May need to reload SSH or sudo
docker version
docker container run --rm hello-world
# ================================
# Prepare UCP Pre-Requisites
# ================================
# UCP Variables
UCP_HUB_ORG='docker' # change to dockereng for private beta testing
UCP_HUB_USERNAME='moby'
UCP_HUB_PASSWORD='password'
UCP_VERSION='3.2.6'
AZ_SUBNET_CIDR='172.16.8.0/24' # Must match the subnet-prefix when the Azure VNet was created previously
# Create an azure.json file for use with the Kubernetes Cloud Provider
# Note that an Azure Service Principal with granted permissions is necessary
# Details at https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/install-ucp.html#install-ucp-on-azure
sudo mkdir /etc/kubernetes
sudo touch /etc/kubernetes/azure.json
sudo vi /etc/kubernetes/azure.json
{
"cloud": "AzurePublicCloud",
"tenantId": "00000000-0000-0000-0000-000000000000",
"subscriptionId": "00000000-0000-0000-0000-000000000000",
"aadClientId": "000000000000000000000000000000000000",
"aadClientSecret": "00000000000000000000000000000000",
"resourceGroup": "follis-cluster-nodes",
"location": "eastus2",
"primaryAvailabilitySetName": ""
"subnetName": "docker-nodes",
"securityGroupName": "follis-cluster",
"vnetName": "vnet",
"vnetResourceGroup": "follis-cluster-vnet",
"useInstanceMetadata": true
}
# Login into Docker Hub
docker login \
--username "${UCP_HUB_USERNAME}" \
--password "${UCP_HUB_PASSWORD}"
# Pre-pull necessary UCP images
docker pull "${UCP_HUB_ORG}/ucp:${UCP_VERSION}"
docker pull "${UCP_HUB_ORG}/ucp-agent:${UCP_VERSION}"
for IMAGE in $(docker container run \
--rm \
--interactive \
--tty \
--name ucp \
"${UCP_HUB_ORG}/ucp:${UCP_VERSION}" \
images \
--list);
do
IMAGE=$(echo "${IMAGE}" | tr -d " \t\n\r");
docker image pull "${IMAGE}";
echo "Pulling image for: ${IMAGE}"
done
# ================================
# Install Universal Control Plane (UCP)
# ================================
docker container run \
--rm \
--interactive \
--tty \
--name ucp \
--volume /var/run/docker.sock:/var/run/docker.sock \
docker/ucp:"${UCP_VERSION}" install \
--admin-username 'admin' \
--admin-password 'DockerEE123!' \
--azure-ip-count 20 \
--cloud-provider 'Azure' \
--debug \
--host-address "$(hostname -I | cut -d ' ' -f1)" \
--pod-cidr "${AZ_SUBNET_CIDR}"
# --host-address is merely a fancy way to get Private IP of the VM
# ====================================================
# 💣 Tidy up a node
# ====================================================
docker swarm leave --force
docker container rm --force $(docker container ls --all --quiet)
docker volume rm $(docker volume ls --quiet)
docker system prune --force --volumes
sudo rm -rf /opt/cni
sudo rm -rf /etc/cni
#!/bin/sh
# Manually setup a Docker Enterprise Cluster
# in Azure using the Azure CLI
# ================================
# Azure Variables
# ================================
CLUSTER_NAME='follis-cluster' # Used as the base name for Azure Resource Groups
AZ_LOCATION='eastus2'
# ================================
# Setup Azure Virtual Network in a dedicated RG
# Simulates a real world installation where VNet RG != Nodes RG
# ================================
az group create \
--name "${CLUSTER_NAME}-vnet" \
--location "${AZ_LOCATION}" \
--tags 'owner=Follis' # Needed for my Azure Subscription's Policy, can be left off
# Create vnet to simulate existing resource
az network vnet create \
--location "${AZ_LOCATION}" \
--resource-group "${CLUSTER_NAME}-vnet" \
--name vnet \
--address-prefix 172.16.0.0/16 \
--subnet-name docker-nodes \
--subnet-prefix 172.16.8.0/24
# ================================
# Setup Docker nodes in a separate RG
# ================================
az group create \
--name "${CLUSTER_NAME}-nodes" \
--location "${AZ_LOCATION}" \
--tags 'owner=Follis' # Needed for my Azure Subscription's Policy, can be left off
# Create an NSG for nodes
az network nsg create \
--name "${CLUSTER_NAME}" \
--resource-group "${CLUSTER_NAME}-nodes"
# Open ports within NSG for common use cases
# 22 = SSH
# 3389 = Microsoft Remote Desktop
# 443 = SSL for UCP
# 6443 = Kubectl
# 8443 = Interlock 3
# 33000-33002 = Istio
PRIORITY=100
for PORT in 22 443 3389 6443 8443 33000 33001 33002
do
echo Opening Port $PORT
az network nsg rule create \
--access allow \
--destination-port-ranges "${PORT}" \
--name Allow"${PORT}" \
--nsg-name "${CLUSTER_NAME}" \
--priority "${PRIORITY}" \
--protocol tcp \
--resource-group "${CLUSTER_NAME}-nodes"
# Increment Priority
PRIORITY=$((PRIORITY+1))
done
# Get Subnet ID for VNet
SUBNET_ID=$(az network vnet subnet show \
--name docker-nodes \
--output tsv \
--query id \
--resource-group "${CLUSTER_NAME}-vnet" \
--vnet-name vnet)
# Create an availability set for managers
az vm availability-set create \
--name 'managers' \
--resource-group "${CLUSTER_NAME}-nodes"
# Create the first manager node
# Manually iterate this and re-run the next az vm create command for additional nodes
NODE_NAME='manager01' # manager01
# Create first manager node
az vm create \
--availability-set 'managers' \
--image UbuntuLTS \
--location "${AZ_LOCATION}" \
--name "${NODE_NAME}" \
--nsg "${CLUSTER_NAME}" \
--os-disk-name "${NODE_NAME}" \
--public-ip-address "${NODE_NAME}" \
--resource-group "${CLUSTER_NAME}-nodes" \
--size Standard_DS3_v2 \
--subnet "${SUBNET_ID}"
# ssh to the node
NODE_IP=$(az vm list-ip-addresses \
--name "${NODE_NAME}" \
--output tsv \
--query "[0].virtualMachine.network.publicIpAddresses[0].ipAddress" \
--resource-group "${CLUSTER_NAME}-nodes")
ssh "${NODE_IP}"
# ================================
# Install Docker Engine - Enterprise
# Sourced from https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/docker-engine-enterprise/dee-linux/ubuntu.html
# ================================
# Docker Variables
DOCKER_EE_URL='https://storebits.docker.com/ee/m/sub-00000000-0000-0000-0000-000000000000' # Located in Mirantis Support Portal
DOCKER_EE_VERSION='stable-19.03'
# Update package manager
sudo apt-get update
# Install pre-requisites
sudo apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
# Add Docker's GPG Key
sudo curl -fsSL "${DOCKER_EE_URL}/ubuntu/gpg" | sudo apt-key add -
# Verify key
sudo apt-key fingerprint 6D085F96
# Add stable repository
sudo add-apt-repository \
"deb [arch=$(dpkg --print-architecture)] $DOCKER_EE_URL/ubuntu \
$(lsb_release -cs) \
$DOCKER_EE_VERSION"
# Install Docker Engine Enerprise
sudo apt-get update
sudo apt-cache madison docker-ee
sudo apt-get -y install docker-ee docker-ee-cli containerd.io
# Add user into docker group
# https://docs.docker.com/engine/install/linux-postinstall/
sudo groupadd docker
sudo usermod -aG docker "${USER}"
newgrp docker
# Confirm engine is working
# May need to reload SSH or sudo
docker version
docker container run --rm hello-world
# ================================
# Prepare UCP Pre-Requisites
# ================================
# UCP Variables
UCP_HUB_ORG='docker' # change to dockereng for private beta testing
UCP_HUB_USERNAME='moby'
UCP_HUB_PASSWORD='password'
UCP_VERSION='3.3.0'
AZ_SUBNET_CIDR='172.16.8.0/24' # Must match the subnet-prefix when the Azure VNet was created previously
# Create an azure.json file for use with the Kubernetes Cloud Provider
# Note that an Azure Service Principal with granted permissions is necessary
# Details at https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/install-ucp.html#install-ucp-on-azure
sudo mkdir /etc/kubernetes
sudo touch /etc/kubernetes/azure.json
sudo vi /etc/kubernetes/azure.json
{
"cloud": "AzurePublicCloud",
"tenantId": "00000000-0000-0000-0000-000000000000",
"subscriptionId": "00000000-0000-0000-0000-000000000000",
"aadClientId": "000000000000000000000000000000000000",
"aadClientSecret": "00000000000000000000000000000000",
"resourceGroup": "follis-cluster-nodes",
"location": "eastus2",
"primaryAvailabilitySetName": ""
"subnetName": "docker-nodes",
"securityGroupName": "follis-cluster",
"vnetName": "vnet",
"vnetResourceGroup": "follis-cluster-vnet",
"useInstanceMetadata": true
}
# Login into Docker Hub
docker login \
--username "${UCP_HUB_USERNAME}" \
--password "${UCP_HUB_PASSWORD}"
# Pre-pull necessary UCP images
docker pull "${UCP_HUB_ORG}/ucp:${UCP_VERSION}"
docker pull "${UCP_HUB_ORG}/ucp-agent:${UCP_VERSION}"
for IMAGE in $(docker container run \
--rm \
--interactive \
--tty \
--name ucp \
"${UCP_HUB_ORG}/ucp:${UCP_VERSION}" \
images \
--list);
do
IMAGE=$(echo "${IMAGE}" | tr -d " \t\n\r");
docker image pull "${IMAGE}";
echo "Pulling image for: ${IMAGE}"
done
# ================================
# Install Universal Control Plane (UCP)
# ================================
docker container run \
--rm \
--interactive \
--tty \
--name ucp \
--volume /var/run/docker.sock:/var/run/docker.sock \
docker/ucp:"${UCP_VERSION}" install \
--admin-username 'admin' \
--admin-password 'DockerEE123!' \
--cloud-provider 'Azure' \
--debug
# ====================================================
# 💣 Tidy up a node
# ====================================================
docker swarm leave --force
docker container rm --force $(docker container ls --all --quiet)
docker volume rm $(docker volume ls --quiet)
docker system prune --force --volumes
sudo rm -rf /opt/cni
sudo rm -rf /etc/cni
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment