Last active
June 17, 2020 10:35
-
-
Save stevenfollis/3a34873516b687ce759e5a947bbe65b2 to your computer and use it in GitHub Desktop.
Manually install Docker Enterprise with the Azure CLI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Manually setup a Docker Enterprise Cluster | |
| # in Azure using the Azure CLI | |
| # ================================ | |
| # Azure Variables | |
| # ================================ | |
| CLUSTER_NAME='follis-cluster' # Used as the base name for Azure Resource Groups | |
| AZ_LOCATION='eastus2' | |
| # ================================ | |
| # Setup Azure Virtual Network in a dedicated RG | |
| # Simulates a real world installation where VNet RG != Nodes RG | |
| # ================================ | |
| az group create \ | |
| --name "${CLUSTER_NAME}-vnet" \ | |
| --location "${AZ_LOCATION}" \ | |
| --tags 'owner=Follis' # Needed for my Azure Subscription's Policy, can be left off | |
| # Create vnet to simulate existing resource | |
| az network vnet create \ | |
| --location "${AZ_LOCATION}" \ | |
| --resource-group "${CLUSTER_NAME}-vnet" \ | |
| --name vnet \ | |
| --address-prefix 172.16.0.0/16 \ | |
| --subnet-name docker-nodes \ | |
| --subnet-prefix 172.16.8.0/24 | |
| # ================================ | |
| # Setup Docker nodes in a separate RG | |
| # ================================ | |
| az group create \ | |
| --name "${CLUSTER_NAME}-nodes" \ | |
| --location "${AZ_LOCATION}" \ | |
| --tags 'owner=Follis' # Needed for my Azure Subscription's Policy, can be left off | |
| # Create an NSG for nodes | |
| az network nsg create \ | |
| --name "${CLUSTER_NAME}" \ | |
| --resource-group "${CLUSTER_NAME}-nodes" | |
| # Open ports within NSG for common use cases | |
| # 22 = SSH | |
| # 3389 = Microsoft Remote Desktop | |
| # 443 = SSL for UCP | |
| # 6443 = Kubectl | |
| # 8443 = Interlock 3 | |
| # 33000-33002 = Istio | |
| PRIORITY=100 | |
| for PORT in 22 443 3389 6443 8443 33000 33001 33002 | |
| do | |
| echo Opening Port $PORT | |
| az network nsg rule create \ | |
| --access allow \ | |
| --destination-port-ranges "${PORT}" \ | |
| --name Allow"${PORT}" \ | |
| --nsg-name "${CLUSTER_NAME}" \ | |
| --priority "${PRIORITY}" \ | |
| --protocol tcp \ | |
| --resource-group "${CLUSTER_NAME}-nodes" | |
| # Increment Priority | |
| PRIORITY=$((PRIORITY+1)) | |
| done | |
| # Get Subnet ID for VNet | |
| SUBNET_ID=$(az network vnet subnet show \ | |
| --name docker-nodes \ | |
| --output tsv \ | |
| --query id \ | |
| --resource-group "${CLUSTER_NAME}-vnet" \ | |
| --vnet-name vnet) | |
| # Create an availability set for managers | |
| az vm availability-set create \ | |
| --name 'managers' \ | |
| --resource-group "${CLUSTER_NAME}-nodes" | |
| # Create the first manager node | |
| # Manually iterate this and re-run the next az vm create command for additional nodes | |
| NODE_NAME='manager01' # manager01 | |
| # Create first manager node | |
| az vm create \ | |
| --availability-set 'managers' \ | |
| --image UbuntuLTS \ | |
| --location "${AZ_LOCATION}" \ | |
| --name "${NODE_NAME}" \ | |
| --nsg "${CLUSTER_NAME}" \ | |
| --os-disk-name "${NODE_NAME}" \ | |
| --public-ip-address "${NODE_NAME}" \ | |
| --resource-group "${CLUSTER_NAME}-nodes" \ | |
| --size Standard_DS3_v2 \ | |
| --subnet "${SUBNET_ID}" | |
| # ssh to the node | |
| NODE_IP=$(az vm list-ip-addresses \ | |
| --name "${NODE_NAME}" \ | |
| --output tsv \ | |
| --query "[0].virtualMachine.network.publicIpAddresses[0].ipAddress" \ | |
| --resource-group "${CLUSTER_NAME}-nodes") | |
| ssh "${NODE_IP}" | |
| # ================================ | |
| # Install Docker Engine - Enterprise | |
| # Sourced from https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/docker-engine-enterprise/dee-linux/ubuntu.html | |
| # ================================ | |
| # Docker Variables | |
| DOCKER_EE_URL='https://storebits.docker.com/ee/m/sub-00000000-0000-0000-0000-000000000000' # Located in Mirantis Support Portal | |
| DOCKER_EE_VERSION='stable-19.03' | |
| # Update package manager | |
| sudo apt-get update | |
| # Install pre-requisites | |
| sudo apt-get install -y \ | |
| apt-transport-https \ | |
| ca-certificates \ | |
| curl \ | |
| software-properties-common | |
| # Add Docker's GPG Key | |
| sudo curl -fsSL "${DOCKER_EE_URL}/ubuntu/gpg" | sudo apt-key add - | |
| # Verify key | |
| sudo apt-key fingerprint 6D085F96 | |
| # Add stable repository | |
| sudo add-apt-repository \ | |
| "deb [arch=$(dpkg --print-architecture)] $DOCKER_EE_URL/ubuntu \ | |
| $(lsb_release -cs) \ | |
| $DOCKER_EE_VERSION" | |
| # Install Docker Engine Enerprise | |
| sudo apt-get update | |
| sudo apt-cache madison docker-ee | |
| sudo apt-get -y install docker-ee docker-ee-cli containerd.io | |
| # Add user into docker group | |
| # https://docs.docker.com/engine/install/linux-postinstall/ | |
| sudo groupadd docker | |
| sudo usermod -aG docker "${USER}" | |
| newgrp docker | |
| # Confirm engine is working | |
| # May need to reload SSH or sudo | |
| docker version | |
| docker container run --rm hello-world | |
| # ================================ | |
| # Prepare UCP Pre-Requisites | |
| # ================================ | |
| # UCP Variables | |
| UCP_HUB_ORG='docker' # change to dockereng for private beta testing | |
| UCP_HUB_USERNAME='moby' | |
| UCP_HUB_PASSWORD='password' | |
| UCP_VERSION='3.2.6' | |
| AZ_SUBNET_CIDR='172.16.8.0/24' # Must match the subnet-prefix when the Azure VNet was created previously | |
| # Create an azure.json file for use with the Kubernetes Cloud Provider | |
| # Note that an Azure Service Principal with granted permissions is necessary | |
| # Details at https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/install-ucp.html#install-ucp-on-azure | |
| sudo mkdir /etc/kubernetes | |
| sudo touch /etc/kubernetes/azure.json | |
| sudo vi /etc/kubernetes/azure.json | |
| { | |
| "cloud": "AzurePublicCloud", | |
| "tenantId": "00000000-0000-0000-0000-000000000000", | |
| "subscriptionId": "00000000-0000-0000-0000-000000000000", | |
| "aadClientId": "000000000000000000000000000000000000", | |
| "aadClientSecret": "00000000000000000000000000000000", | |
| "resourceGroup": "follis-cluster-nodes", | |
| "location": "eastus2", | |
| "primaryAvailabilitySetName": "" | |
| "subnetName": "docker-nodes", | |
| "securityGroupName": "follis-cluster", | |
| "vnetName": "vnet", | |
| "vnetResourceGroup": "follis-cluster-vnet", | |
| "useInstanceMetadata": true | |
| } | |
| # Login into Docker Hub | |
| docker login \ | |
| --username "${UCP_HUB_USERNAME}" \ | |
| --password "${UCP_HUB_PASSWORD}" | |
| # Pre-pull necessary UCP images | |
| docker pull "${UCP_HUB_ORG}/ucp:${UCP_VERSION}" | |
| docker pull "${UCP_HUB_ORG}/ucp-agent:${UCP_VERSION}" | |
| for IMAGE in $(docker container run \ | |
| --rm \ | |
| --interactive \ | |
| --tty \ | |
| --name ucp \ | |
| "${UCP_HUB_ORG}/ucp:${UCP_VERSION}" \ | |
| images \ | |
| --list); | |
| do | |
| IMAGE=$(echo "${IMAGE}" | tr -d " \t\n\r"); | |
| docker image pull "${IMAGE}"; | |
| echo "Pulling image for: ${IMAGE}" | |
| done | |
| # ================================ | |
| # Install Universal Control Plane (UCP) | |
| # ================================ | |
| docker container run \ | |
| --rm \ | |
| --interactive \ | |
| --tty \ | |
| --name ucp \ | |
| --volume /var/run/docker.sock:/var/run/docker.sock \ | |
| docker/ucp:"${UCP_VERSION}" install \ | |
| --admin-username 'admin' \ | |
| --admin-password 'DockerEE123!' \ | |
| --azure-ip-count 20 \ | |
| --cloud-provider 'Azure' \ | |
| --debug \ | |
| --host-address "$(hostname -I | cut -d ' ' -f1)" \ | |
| --pod-cidr "${AZ_SUBNET_CIDR}" | |
| # --host-address is merely a fancy way to get Private IP of the VM | |
| # ==================================================== | |
| # 💣 Tidy up a node | |
| # ==================================================== | |
| docker swarm leave --force | |
| docker container rm --force $(docker container ls --all --quiet) | |
| docker volume rm $(docker volume ls --quiet) | |
| docker system prune --force --volumes | |
| sudo rm -rf /opt/cni | |
| sudo rm -rf /etc/cni |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Manually setup a Docker Enterprise Cluster | |
| # in Azure using the Azure CLI | |
| # ================================ | |
| # Azure Variables | |
| # ================================ | |
| CLUSTER_NAME='follis-cluster' # Used as the base name for Azure Resource Groups | |
| AZ_LOCATION='eastus2' | |
| # ================================ | |
| # Setup Azure Virtual Network in a dedicated RG | |
| # Simulates a real world installation where VNet RG != Nodes RG | |
| # ================================ | |
| az group create \ | |
| --name "${CLUSTER_NAME}-vnet" \ | |
| --location "${AZ_LOCATION}" \ | |
| --tags 'owner=Follis' # Needed for my Azure Subscription's Policy, can be left off | |
| # Create vnet to simulate existing resource | |
| az network vnet create \ | |
| --location "${AZ_LOCATION}" \ | |
| --resource-group "${CLUSTER_NAME}-vnet" \ | |
| --name vnet \ | |
| --address-prefix 172.16.0.0/16 \ | |
| --subnet-name docker-nodes \ | |
| --subnet-prefix 172.16.8.0/24 | |
| # ================================ | |
| # Setup Docker nodes in a separate RG | |
| # ================================ | |
| az group create \ | |
| --name "${CLUSTER_NAME}-nodes" \ | |
| --location "${AZ_LOCATION}" \ | |
| --tags 'owner=Follis' # Needed for my Azure Subscription's Policy, can be left off | |
| # Create an NSG for nodes | |
| az network nsg create \ | |
| --name "${CLUSTER_NAME}" \ | |
| --resource-group "${CLUSTER_NAME}-nodes" | |
| # Open ports within NSG for common use cases | |
| # 22 = SSH | |
| # 3389 = Microsoft Remote Desktop | |
| # 443 = SSL for UCP | |
| # 6443 = Kubectl | |
| # 8443 = Interlock 3 | |
| # 33000-33002 = Istio | |
| PRIORITY=100 | |
| for PORT in 22 443 3389 6443 8443 33000 33001 33002 | |
| do | |
| echo Opening Port $PORT | |
| az network nsg rule create \ | |
| --access allow \ | |
| --destination-port-ranges "${PORT}" \ | |
| --name Allow"${PORT}" \ | |
| --nsg-name "${CLUSTER_NAME}" \ | |
| --priority "${PRIORITY}" \ | |
| --protocol tcp \ | |
| --resource-group "${CLUSTER_NAME}-nodes" | |
| # Increment Priority | |
| PRIORITY=$((PRIORITY+1)) | |
| done | |
| # Get Subnet ID for VNet | |
| SUBNET_ID=$(az network vnet subnet show \ | |
| --name docker-nodes \ | |
| --output tsv \ | |
| --query id \ | |
| --resource-group "${CLUSTER_NAME}-vnet" \ | |
| --vnet-name vnet) | |
| # Create an availability set for managers | |
| az vm availability-set create \ | |
| --name 'managers' \ | |
| --resource-group "${CLUSTER_NAME}-nodes" | |
| # Create the first manager node | |
| # Manually iterate this and re-run the next az vm create command for additional nodes | |
| NODE_NAME='manager01' # manager01 | |
| # Create first manager node | |
| az vm create \ | |
| --availability-set 'managers' \ | |
| --image UbuntuLTS \ | |
| --location "${AZ_LOCATION}" \ | |
| --name "${NODE_NAME}" \ | |
| --nsg "${CLUSTER_NAME}" \ | |
| --os-disk-name "${NODE_NAME}" \ | |
| --public-ip-address "${NODE_NAME}" \ | |
| --resource-group "${CLUSTER_NAME}-nodes" \ | |
| --size Standard_DS3_v2 \ | |
| --subnet "${SUBNET_ID}" | |
| # ssh to the node | |
| NODE_IP=$(az vm list-ip-addresses \ | |
| --name "${NODE_NAME}" \ | |
| --output tsv \ | |
| --query "[0].virtualMachine.network.publicIpAddresses[0].ipAddress" \ | |
| --resource-group "${CLUSTER_NAME}-nodes") | |
| ssh "${NODE_IP}" | |
| # ================================ | |
| # Install Docker Engine - Enterprise | |
| # Sourced from https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/docker-engine-enterprise/dee-linux/ubuntu.html | |
| # ================================ | |
| # Docker Variables | |
| DOCKER_EE_URL='https://storebits.docker.com/ee/m/sub-00000000-0000-0000-0000-000000000000' # Located in Mirantis Support Portal | |
| DOCKER_EE_VERSION='stable-19.03' | |
| # Update package manager | |
| sudo apt-get update | |
| # Install pre-requisites | |
| sudo apt-get install -y \ | |
| apt-transport-https \ | |
| ca-certificates \ | |
| curl \ | |
| software-properties-common | |
| # Add Docker's GPG Key | |
| sudo curl -fsSL "${DOCKER_EE_URL}/ubuntu/gpg" | sudo apt-key add - | |
| # Verify key | |
| sudo apt-key fingerprint 6D085F96 | |
| # Add stable repository | |
| sudo add-apt-repository \ | |
| "deb [arch=$(dpkg --print-architecture)] $DOCKER_EE_URL/ubuntu \ | |
| $(lsb_release -cs) \ | |
| $DOCKER_EE_VERSION" | |
| # Install Docker Engine Enerprise | |
| sudo apt-get update | |
| sudo apt-cache madison docker-ee | |
| sudo apt-get -y install docker-ee docker-ee-cli containerd.io | |
| # Add user into docker group | |
| # https://docs.docker.com/engine/install/linux-postinstall/ | |
| sudo groupadd docker | |
| sudo usermod -aG docker "${USER}" | |
| newgrp docker | |
| # Confirm engine is working | |
| # May need to reload SSH or sudo | |
| docker version | |
| docker container run --rm hello-world | |
| # ================================ | |
| # Prepare UCP Pre-Requisites | |
| # ================================ | |
| # UCP Variables | |
| UCP_HUB_ORG='docker' # change to dockereng for private beta testing | |
| UCP_HUB_USERNAME='moby' | |
| UCP_HUB_PASSWORD='password' | |
| UCP_VERSION='3.3.0' | |
| AZ_SUBNET_CIDR='172.16.8.0/24' # Must match the subnet-prefix when the Azure VNet was created previously | |
| # Create an azure.json file for use with the Kubernetes Cloud Provider | |
| # Note that an Azure Service Principal with granted permissions is necessary | |
| # Details at https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/install-ucp.html#install-ucp-on-azure | |
| sudo mkdir /etc/kubernetes | |
| sudo touch /etc/kubernetes/azure.json | |
| sudo vi /etc/kubernetes/azure.json | |
| { | |
| "cloud": "AzurePublicCloud", | |
| "tenantId": "00000000-0000-0000-0000-000000000000", | |
| "subscriptionId": "00000000-0000-0000-0000-000000000000", | |
| "aadClientId": "000000000000000000000000000000000000", | |
| "aadClientSecret": "00000000000000000000000000000000", | |
| "resourceGroup": "follis-cluster-nodes", | |
| "location": "eastus2", | |
| "primaryAvailabilitySetName": "" | |
| "subnetName": "docker-nodes", | |
| "securityGroupName": "follis-cluster", | |
| "vnetName": "vnet", | |
| "vnetResourceGroup": "follis-cluster-vnet", | |
| "useInstanceMetadata": true | |
| } | |
| # Login into Docker Hub | |
| docker login \ | |
| --username "${UCP_HUB_USERNAME}" \ | |
| --password "${UCP_HUB_PASSWORD}" | |
| # Pre-pull necessary UCP images | |
| docker pull "${UCP_HUB_ORG}/ucp:${UCP_VERSION}" | |
| docker pull "${UCP_HUB_ORG}/ucp-agent:${UCP_VERSION}" | |
| for IMAGE in $(docker container run \ | |
| --rm \ | |
| --interactive \ | |
| --tty \ | |
| --name ucp \ | |
| "${UCP_HUB_ORG}/ucp:${UCP_VERSION}" \ | |
| images \ | |
| --list); | |
| do | |
| IMAGE=$(echo "${IMAGE}" | tr -d " \t\n\r"); | |
| docker image pull "${IMAGE}"; | |
| echo "Pulling image for: ${IMAGE}" | |
| done | |
| # ================================ | |
| # Install Universal Control Plane (UCP) | |
| # ================================ | |
| docker container run \ | |
| --rm \ | |
| --interactive \ | |
| --tty \ | |
| --name ucp \ | |
| --volume /var/run/docker.sock:/var/run/docker.sock \ | |
| docker/ucp:"${UCP_VERSION}" install \ | |
| --admin-username 'admin' \ | |
| --admin-password 'DockerEE123!' \ | |
| --cloud-provider 'Azure' \ | |
| --debug | |
| # ==================================================== | |
| # 💣 Tidy up a node | |
| # ==================================================== | |
| docker swarm leave --force | |
| docker container rm --force $(docker container ls --all --quiet) | |
| docker volume rm $(docker volume ls --quiet) | |
| docker system prune --force --volumes | |
| sudo rm -rf /opt/cni | |
| sudo rm -rf /etc/cni |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment