Author: Kyle Bassett


I feel like we have been talking for years about when Canadian based businesses will be able to utilize a Canadian based public cloud. There have been a few options over the past year or so but those offerings looked much more like a traditional managed service offering than a real “Cloud” IMHO. Personally I always felt that Amazon EC2 would be the first to open their doors to Canadians but Microsoft beat them across the boarder.

Today Azure is available in both Toronto and Quebec City. You can see based on the image below there are 30 regions available across the globe. Like any real cloud it’s a common user experience. Here are a few links if you want to read a little deeper. Microsoft’s announcement on the Canadian Launch, Microsoft Azure Canada FAQ, and an interesting article on Data Sovereignty.

In this BLOG I am going to show you how I provision a fully functioning, multi-node, OpenShift Container Platform Cluster on Azure - In Canada !!!. The best part of this story is I didn’t have to stand-up any hardware and worry about all that virtualization stuff. All I needed was my little Macbook and a wifi connection. You will see by leveraging the Azure API, CLI tooling, and Ansible you can do a lot of work with a few keystrokes.

Free trial to the rescue, I did some experimenting earlier in the year with Azure on some of the things they are doing in the docker container space. It was mostly manual setup work to get a feel for what they had to offer. The Web Portal was nice but there had to be a better way (More on that in a minute). As you know if you have read some of my other BLOGS Arctiq spends lots of time in the automation and containers space. Our go to platform is generally OpenShift. You may also know that Microsoft and Red Hat are now buddies, well Microsoft now loves Linux and they have a strong growing partnership. It’s a mutually beneficial relationship and something many people said would new happen. Well … Thanks to “The Cloud”, things are certainly getting interesting.

If you want to kick the tires with Azure, you can sign-up for a free trial here. When you create your resource group, just pick a Canadian region.

After I get my trial account setup and working my approach is to build a management virtual machine (jumpbox), I use the Azure CLI to make that happen. Here is some sample code, I assign some variables to make things easier later, they help us automate and keeps my code flexible.

azure network public-ip create --resource-group $resourceGroupName \
    --name $publicIPName \
    --location $location \
    --allocation-method Static

azure network nic create --name $nicName \
    --resource-group $resourceGroupName \
    --location $location \
    --subnet-id $subnetId \
    --network-security-group-name $networkSecurityGroup \
    --public-ip-name $publicIPName

azure vm create --resource-group $resourceGroupName \
    --name $vmName \
    --location $location \
    --vm-size $vmSize \
    --subnet-id $subnetId \
    --nic-names $nicName \
    --os-type linux \
    --image-urn RHEL \
    --storage-account-name $storageAccountName \
    --admin-username $adminUserName \
    --ssh-publickey-file ~/.ssh/id_rsa.pub

After I run my script I get the following output:

info:    Executing command vm create
+ Looking up the VM "arctiq-jump-server"
info:    Verifying the public key SSH file: /root/.ssh/id_rsa.pub
info:    Using the VM Size "Standard_DS1_V2"
info:    The [OS, Data] Disk or image configuration requires storage account
+ Looking up the storage account openshiftcanadaeast
warn:    Found --nic-ids or --nic-names parameters. --nic-name, --nic-id, --subnet-id and any --vnet-* parameters will be ignored
+ Looking up the NIC "arctiqjumpservernic"
+ Looking up the storage account clisto1598960224arctiqju
info:    The storage URI 'https://clisto1598960224arctiqju.blob.core.windows.net/' will be used for boot diagnostics settings, and it can be overwritten by the parameter input of '--boot-diagnostics-storage-uri'.
+ Creating VM "arctiq-jump-server"
info:    vm create command OK

You can see when I look inside the Azure Portal my new virtual machine is ready and we have assigned a public and private ip address, name, storage, security token, access rules and so on…

So now that we have our Azure jumpbox up and running, it’s time to build all the infrastructure required to provision a multi-node OpenShift environment in Azure. I am leveraging the Azure CLI for all my infrastructure automation - I plan to move this shell script based approach to an Ansible playbook soon. That will make things even more flexible and extendable.

So I run my Azure CLI script and a lot happens (automation to the rescue)

source ./addAzureHosts.sh

You can see via the Azure Portal and my CLI, I was able to stand up 6 new virtual machines

Output: The script is all done in a few mins, you can see all our virtual machines are deployed inside a resource group. We have also configured external public ip’s, internal VLAN and ip’s, additional storage, DNS, security tokens and access rules to limit the environment exposure.

You can see all our Azure RHEL 7 based virtual machines have a nice SAFE private VLAN. We only expose the Masters and Infrastructure nodes to the Public side of the internet. This allows the end users to login to the OpenShift WebUI and also access the containerized applications that they deploy on our new Canadian Container Bases Cloud Service.

I’m not going to cover the OpenShift platform install but next I go ahead and provision the multi-node cluster inside Azure using our jumpbox and Ansible playbooks. When I wrote this BLOG we were using OCP 3.3. I will be able to test a 3.3 to 3.4 upgrade soon.

We expose the WebUI via https://master.ocp.azure.arctiq.ca and we automatically expose the applications that are deployed via https://<appname>.master.ocp.azure.arctiq.ca using our Arctiq.ca domain. You can see our OpenShift WebUI below, we are ready to deploy containerized applications. I am using the Azure CLI and some scripts to be able to stop our environment when we are not using it. I can simple start it backup in a few minutes for a demo or when I need to test something.

As you can see if you have been holding off utilizing the public cloud because of data locality you now have some options. With some effort and know-how you can get started very quickly. In another BLOG I plan to detail some of the financial aspects of running workloads on “Azure in Canada”. It does take some planning but you can certainly reduce cost by taking this approach. Red Hat also offers a Cloud Access Program, essentially you can leverage your existing subscriptions on Azure and other certified cloud providers.

Interested in Azure or running OpenShift on Azure //take the first step, we wold love to have a deeper business discussion and dive into some of the work we are doing.

Tagged:



//comments