At this time, Rancher has a great support for a variety of Cloud Providers, except… Azure. Though it possible to provision hosts to Azure via your Rancher interface!
We’ll be doing this via the “Other” link…
Steps for today?
- Setup Docker Machine
- Validate integration between Docker Machine & Azure
- Use Rancher to provision a host in Azure
Docker Machine & Azure
To get docker-machine working with Azure, I would advise to follow this guide ;https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-docker-machine/
Be sure to have “docker-machine” installed. This does not come with the basic docker installation, and should be downloaded seperately ; https://docs.docker.com/machine/install-machine/
root@docker01:/rancher# openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout ./rancher-kvaes.pem -out ./rancher-kvaes.pem
Generating a 1024 bit RSA private key
root@docker01:/rancher# openssl x509 -inform pem -in ./rancher-kvaes.pem -outform der -out ./rancher-kvaes.cer
root@docker01:/rancher# openssl pkcs12 -export -out ./rancher-kvaes.pfx -in ./rancher-kvaes.pem -name “Azure kvaes”
Enter Export Password:
Verifying – Enter Export Password:
root@docker01:/rancher# curl -L https://github.com/docker/machine/releases/download/v0.5.3/docker-machine_linux-amd64 >/usr/local/bin/docker-machine
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 599 0 599 0 0 1328 0 –:–:– –:–:– –:–:– 1331
100 14.1M 100 14.1M 0 0 2545k 0 0:00:05 0:00:05 –:–:– 3074k
root@docker01:/rancher# chmod +x /usr/local/bin/docker-machine
root@docker01:/rancher# /usr/local/bin/docker-machine create -d azure –azure-subscription-id 0aaaa22a-a222-2222-aa22-2a222a22a2aa –azure-subscription-cert=/rancher/rancher-kvaes.pem dockermachine
Creating CA: /root/.docker/machine/certs/ca.pem
Creating client certificate: /root/.docker/machine/certs/cert.pem
Running pre-create checks…
(dockermachine) Creating Azure machine…
Waiting for machine to be running, this may take a few minutes…
Machine is running, waiting for SSH to be available…
Detecting operating system of created instance…
Detecting the provisioner…
Provisioning with ubuntu(systemd)…
Copying certs to the local machine directory…
Copying certs to the remote machine…
Setting Docker configuration on the remote daemon…
Checking connection to Docker…
Docker is up and running!
To see how to connect Docker to this machine, run: /usr/local/bin/docker-machine env dockermachine
And you’ll see the machine popping up…
Docker Machine & Azure
Check out the documentation for the options & default values that are applicable between both ; https://docs.docker.com/machine/drivers/azure/
To check which locations & sizes are available to you, run the following Azure powershell commands ;
Get-AzureRoleSize | Select-Object InstanceSize,RoleSizeLabel
Get-AzureLocation | Select-Object Name
Deploying an Azure Docker Host via Rancher – Preface
Here is the tricky part that had me in the ropes for about a week… Every way I entered the credentials I always got a “illegal base64 data at input byte ***” (where the byte sometimes changes).
Was it by providing a local path (for the rancher server) to the cer, the content of the cer, the local path of the publishsettingsfile, etc… Nothing worked! In attempt to reach out on twitter RancherLabs & on the forum, I didn’t get one step closer…
Though, when going through some Azure documentation about the docker extension, a command rose out of the text to me…
cat ~/.docker/ca.pem | base64
Suddenly I realized… This i had not tried! And yes… That was the actual solution. So without further ado…
Deploying an Azure Docker Host via Rancher – The Real Stuff!
So we created our Certificates and imported them into the Azure management certificates store… Good! Now we can start with using Rancher to deploy our docker hosts.
Sadly there is not dedicated option (like Amazon, DigitalOcean, Exoscale, Packet, Rackspace or Ubiquity…), so we’ll be using the “Other” option…
Meanwhile, we’ll convert our .pem certificate to a base64 string (!)
root@docker01:/root/.docker/machine/# cat mycert.pem | base64
Copy that string to notepad (or equivalent) and make sure there are no line break / cariage returns as it should be one fluent string. Copy that and use it as the value for the “subscriptionCert” field.
Notice that we also entered the location & size, as I didn’t want the docker-machine defaults… and off course the subscriptionId. And then press “Create”… and we’ll see the machine being created.
And even pop up in Azure… (go figure!)
The machine is located in “West Europe”, as requested… and it’s an A3 (“Large”).
Though be patient… as it can take a few minutes to provision the host.
Yet, in the end, it still failed… 😦
So I did another test with adding a username/password, and that did the trick.
I was able to ssh to the box and Rancher showed it was already installing docker upon it.
Which was verified by looking towards the running processes.
The install continued and at a given point I noticed that the Rancher agent (also a container) was being “installed”.
More awaiting ahead…
And the agent got ready…
Sadly the story ends here, as I did this from a Rancher host that had no public endpoint. Though if yours does, then the agent will be reach back to the Rancher host and join the herd!
Watch out! Default values ahead…
When you leave certain parameters emtpy, the docker-machine (which Rancher utilizes underneath) will use default values… My advise is to always enter a minimum of ;
Deleting the host in Rancher will also do a proper cleanup in Azure… Offcourse it’s best to always cross/doublecheck. Though with the tests I did so far, the hosts always got decommisioned cleanly. Which is always nice for your budget!
- You can provision hosts from Rancher
- The proces is not that user friendly (@RancherLabs : Plz Fix!)
- Be sure to enter a minimum of values to avoid the pesky defaults (also ; possible security risk!)
- The subscriptionPassword variable is a base64 of the .pem file (certificate)
- The address of your Rancher host should be reachable by your agent (*oops*)
- Deleting a host in Rancher will also clean it up in Azure
I hope this tutorial was useful for you. Always feel free to give me a shout if it was!