Rancher : Provisioning hosts on Azure

Introduction

At this time, Rancher has a great support for a variety of Cloud Providers, except… Azure. Though it possible to provision hosts to Azure via your Rancher interface!

2016-01-08 11_46_58-Foto's

We’ll be doing this via the “Other” link…

Steps for today?

Setup Docker Machine
Validate integration between Docker Machine & Azure
Use Rancher to provision a host in Azure

Docker Machine & Azure

To get docker-machine working with Azure, I would advise to follow this guide ;https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-docker-machine/

Be sure to have “docker-machine” installed. This does not come with the basic docker installation, and should be downloaded seperately ; https://docs.docker.com/machine/install-machine/

Example Flow

root@docker01:/rancher# openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout ./rancher-kvaes.pem -out ./rancher-kvaes.pem
Generating a 1024 bit RSA private key
…….++++++
……………++++++
…
root@docker01:/rancher# openssl x509 -inform pem -in ./rancher-kvaes.pem -outform der -out ./rancher-kvaes.cer
root@docker01:/rancher# openssl pkcs12 -export -out ./rancher-kvaes.pfx -in ./rancher-kvaes.pem -name “Azure kvaes”
Enter Export Password:
Verifying – Enter Export Password:
root@docker01:/rancher# curl -L https://github.com/docker/machine/releases/download/v0.5.3/docker-machine_linux-amd64 >/usr/local/bin/docker-machine
% Total    % Received % Xferd Average Speed   Time    Time     Time Current
Dload Upload   Total   Spent    Left Speed
100   599    0   599    0     0   1328      0 –:–:– –:–:– –:–:– 1331
100 14.1M 100 14.1M    0     0 2545k      0 0:00:05 0:00:05 –:–:– 3074k

root@docker01:/rancher# chmod +x /usr/local/bin/docker-machine
root@docker01:/rancher# /usr/local/bin/docker-machine create -d azure –azure-subscription-id 0aaaa22a-a222-2222-aa22-2a222a22a2aa –azure-subscription-cert=/rancher/rancher-kvaes.pem dockermachine
Creating CA: /root/.docker/machine/certs/ca.pem
Creating client certificate: /root/.docker/machine/certs/cert.pem
Running pre-create checks…
Creating machine…
(dockermachine) Creating Azure machine…
Waiting for machine to be running, this may take a few minutes…
Machine is running, waiting for SSH to be available…
Detecting operating system of created instance…
Detecting the provisioner…
Provisioning with ubuntu(systemd)…
Installing Docker…
Copying certs to the local machine directory…
Copying certs to the remote machine…
Setting Docker configuration on the remote daemon…
Checking connection to Docker…
Docker is up and running!
To see how to connect Docker to this machine, run: /usr/local/bin/docker-machine env dockermachine

And you’ll see the machine popping up…

2016-01-08 11_45_59-Foto's

Docker Machine & Azure

Check out the documentation for the options & default values that are applicable between both ; https://docs.docker.com/machine/drivers/azure/

To check which locations & sizes are available to you, run the following Azure powershell commands ;

Get-AzureRoleSize | Select-Object InstanceSize,RoleSizeLabel

2016-01-08 11_58_08-Microsoft Azure PowerShell

Get-AzureLocation | Select-Object Name

2016-01-08 11_58_25-Microsoft Azure PowerShell

Deploying an Azure Docker Host via Rancher – Preface

Here is the tricky part that had me in the ropes for about a week… Every way I entered the credentials I always got a “illegal base64 data at input byte ***” (where the byte sometimes changes).

2016-01-15 15_16_54-Start

Was it by providing a local path (for the rancher server) to the cer, the content of the cer, the local path of the publishsettingsfile, etc… Nothing worked! In attempt to reach out on twitter RancherLabs & on the forum, I didn’t get one step closer…

Though, when going through some Azure documentation about the docker extension, a command rose out of the text to me…

cat ~/.docker/ca.pem | base64

Suddenly I realized… This i had not tried! And yes… That was the actual solution. So without further ado…

Deploying an Azure Docker Host via Rancher – The Real Stuff!

So we created our Certificates and imported them into the Azure management certificates store… Good! Now we can start with using Rancher to deploy our docker hosts.

Sadly there is not dedicated option (like Amazon, DigitalOcean, Exoscale, Packet, Rackspace or Ubiquity…), so we’ll be using the “Other” option…

2016-01-08 11_46_58-Foto's

Meanwhile, we’ll convert our .pem certificate to a base64 string (!)

root@docker01:/root/.docker/machine/# cat mycert.pem | base64
LS0tLS1CRUdJT…a-very-large-textblock…kklsjdfkl81KJLdl==

Copy that string to notepad (or equivalent) and make sure there are no line break / cariage returns as it should be one fluent string. Copy that and use it as the value for the “subscriptionCert” field.

2016-01-15 14_59_59-Foto's

2016-01-15 15_03_26-Foto's

Notice that we also entered the location & size, as I didn’t want the docker-machine defaults… and off course the subscriptionId. And then press “Create”… and we’ll see the machine being created.

2016-01-15 15_08_01-Foto's

And even pop up in Azure… (go figure!)

2016-01-15 15_09_13-Foto's

The machine is located in “West Europe”, as requested… and it’s an A3 (“Large”).

2016-01-15 15_14_07-Start

Though be patient… as it can take a few minutes to provision the host.

2016-01-15 15_10_09-Foto's

Yet, in the end, it still failed… 😦

2016-01-15 15_15_32-Start

So I did another test with adding a username/password, and that did the trick.

2016-01-15 15_22_30-Start

I was able to ssh to the box and Rancher showed it was already installing docker upon it.

2016-01-15 15_22_44-Start

Which was verified by looking towards the running processes.

2016-01-15 15_24_48-Foto's

The install continued and at a given point I noticed that the Rancher agent (also a container) was being “installed”.

2016-01-15 15_26_13-Start

More awaiting ahead…

2016-01-15 15_27_23-Start

And the agent got ready…

2016-01-15 15_29_14-New notification

Sadly the story ends here, as I did this from a Rancher host that had no public endpoint. Though if yours does, then the agent will be reach back to the Rancher host and join the herd!

Watch out! Default values ahead…

When you leave certain parameters emtpy, the docker-machine (which Rancher utilizes underneath) will use default values… My advise is to always enter a minimum of ;

location
username
password

2016-01-15 15_21_01-Foto's

Sidenote

Deleting the host in Rancher will also do a proper cleanup in Azure… Offcourse it’s best to always cross/doublecheck. Though with the tests I did so far, the hosts always got decommisioned cleanly. Which is always nice for your budget!

TL;DR

You can provision hosts from Rancher
The proces is not that user friendly (@RancherLabs : Plz Fix!)
Be sure to enter a minimum of values to avoid the pesky defaults (also ; possible security risk!)
The subscriptionPassword variable is a base64 of the .pem file (certificate)
The address of your Rancher host should be reachable by your agent (*oops*)
Deleting a host in Rancher will also clean it up in Azure

I hope this tutorial was useful for you. Always feel free to give me a shout if it was!