Swarm Azure Container Service

Posted: November 16, 2017 in Azure

In one of my previous posts i described Kubernetes Azure cluster, in this one we’ll create Swarm container.

As i already described in Kubernetes post, we need to create public/private key, so i won’t go into much details here,we need to use PuTTy generator, save private key also.

2.jpg

New-Containers-Azure-Container Service

1.png

Copy public key from PuTTy generator, specify username

3.PNG

4.png

Agent count: For Docker Swarm and Kubernetes, this value is the initial number of agents in the agent scale set. For DC/OS, it is the initial number of agents in a private scale set. Additionally, a public scale set is created for DC/OS, which contains a predetermined number of agents. The number of agents in this public scale set is determined by the number of masters in the cluster: one public agent for one master, and two public agents for three or five masters

After Cluster is installed, we need to get public DNS name, on cluster properties click Overview

5.png

In PuTTY specify this name and port 2200

5-2.PNG

and specify private key saved in same step when creating public key

5-3.PNG

Check Swarm agent configuration:

docker -H 172.16.0.5:2375 info

root@swarm-master-BBDA4078-0:/home/ja# docker -H 172.16.0.5:2375 info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Role: primary
Strategy: spread
Filters: health, port, dependency, affinity, constraint
Nodes: 2
swarm-agent-BBDA4078000000: 10.0.0.4:2375
└ Status: Healthy
└ Containers: 0
└ Reserved CPUs: 0 / 2
└ Reserved Memory: 0 B / 4.036 GiB
└ Labels: executiondriver=, kernelversion=3.19.0-65-generic, operatingsystem=Ubuntu 14.04.4 LTS, storagedriver=overlay
└ Error: (none)
└ UpdatedAt: 2017-11-16T19:45:33Z
swarm-agent-BBDA4078000001: 10.0.0.5:2375
└ Status: Healthy
└ Containers: 0
└ Reserved CPUs: 0 / 2
└ Reserved Memory: 0 B / 4.036 GiB
└ Labels: executiondriver=, kernelversion=3.19.0-65-generic, operatingsystem=Ubuntu 14.04.4 LTS, storagedriver=overlay
└ Error: (none)
└ UpdatedAt: 2017-11-16T19:45:37Z
Plugins:
Volume:
Network:
Log:
Swarm:
NodeID:
Is Manager: false
Node Address:
Kernel Version: 3.19.0-65-generic
Operating System: linux
Architecture: amd64
CPUs: 4
Total Memory: 8.073GiB
Name: 23325e0bd3f7
Docker Root Dir:
Debug Mode (client): false
Debug Mode (server): false
Experimental: false
Live Restore Enabled: false

WARNING: No kernel memory limit support

To avoid specifying target socket (172.16.0.5:2375) every time we’ll set environmental variable

export DOCKER_HOST=172.16.0.5:2375

Deploy web server:

docker run -d -p 80:80 nginx

 

7.PNG

Browse Swarm agent’s Public DNS,it will be used as connection point to our nginx container,in Swarm Cluster properties click on agents,copy public DNS

 

5-1.PNG

And use it for connection to container

6.PNG

Advertisements

Protecting data with Azure Backup

Posted: November 16, 2017 in Azure

Azure Backup is the Azure-based service you can use to back up (or protect) and restore your data in the Microsoft cloud.

In this post we’ll backup data from on-premises to the cloud

First, we need to create backup vault

In Azure portal click New-Storage-Backup and Site Recovery (OMS)

 

2.png

 

Give name to the vault

 

3.PNG

 

After vault is created from All resources-click on vault-Backup

 

4.png

 

Click Prepare infrastructure then click on link to download and install Backup agent

 

5.png

 

After agent is downloaded, on Prepare Infrastructure page, download and install vault credentials from Azure, we’ll need it to configure Backup application we’ve just downloaded

 

6.png

After we installed Azure recovery agent click Proceed to registration

 

7.png

 

On Vault credentials page browse to Vault credentials we just downloaded

 

8.png

Then generate passphrase

 

9.PNG

 

Now it’s time to schedule backup, Click Schedule Backup

 

10

Choose data for backup

 

11.PNG

 

12.PNG

 

 

13.PNG

 

14

After backup schedule is done,click backup now

 

15

 

 

16.PNG

 

I deleted folder i just backed up and initiated restore

 

17.png

 

 

18.PNG

 

19.PNG

Click Mount

 

20.PNG

Then click Browse to see choose what to restore

 

21.png

 

22.PNG

In this post we created Azure Web application and mapped it to our custom domain name,in this one we’ll secure our site with SSL certificate.In real world we should use SSL cert from commercial trusted Certification Authorities, in this example i used self-signed certificate , just for testing purposes.

Create certification request, create file with inf or txt extension

[NewRequest]

Subject = "CN=ASTRAHOME.XYZ"
Exportable = TRUE
KeyLength = 2048
KeySpec = 1
KeyUsage = 0xA0
Provider	Name="Microsoft RSA Channel Cryptographic Provider"
ProviderType = 12
HashAlgorithm = SHA256
RequestType = Cert
ValidityPeriod = Years
ValidityPeriodUnits = 1
MachineKeySet = true
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1

Open CMD as admin and type:

certreq -new ssl.inf ssl.crt

 

1

 

Now open Certificate manager-Computer account

 

2

 

Our certificate should be created under Personal-Certificates

3.PNG

Now, export it:

 

4

Export Private key

5

Select Include all certificates in the certification path if possible

and Export all Extended properties

 

6

And save it somewhere

In Web app properties click SSL Certificates-Upload certificates

 

7

Browse to path where you exported certificate

 

 

9

Click Add binding

 

8

 

Select hostname and certificate,leave SSL type-click Add binding

 

10

 

Because it’s self-signed certificate we get warnings, but we can access to web app using HTTPS access

 

11.PNG

 

 

12.png

 

 

 

 

 

Add Azure public DNS name to your DNS manager (i’m using GoDaddy)
1
Create CNAME record and map it to Azure public DNS name
2
Now introduce Azure about these changes:In Azure Web Application properties click Custom domains-Add hostname-type your domain name (with www part)-Validate-Add hostname
3.png
Try to type http://www.your-dns-name in browser
4.PNG
If we want to remove www part we need to add Azure public IP into our DNS manager (preferably static public IP)
4-1
Create host A record and map Azure public IP to it
4-2
Create TXT record and map it to Azure public DNS name
5
Again, propagate these changes to Azure,same procedure as before:
In Web app properties click custom domains-Add hostname-enter hostname (without WWW part)-Validate-Add hostname
6.png
7
Now, in browser enter http://your-dns-name (without WWW part)
8.PNG

Azure Container Service for Kubernetes

Posted: November 4, 2017 in Azure

Azure Container Service for Kubernetes is used to create, configure, and manage a cluster of virtual machines that are preconfigured to run containerized applications.

Before starting creating Azure Container Cluster (ACS) we need first to create Service Principal Client ID and password

We can either using Azure CLI for Windows or using Azure CLI from Azure portal

0.png

az account set --subscription "subscription-id"
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/mySubscriptionID"

Now create ssh-keys, (i used PuTTY)

Start PuTTY generator and save private Key (will be used for connecting to Kubernetes),leave PuTTY generator opened

4.PNG

From Azure portal click New-Containers-Azure Container Service

1.png

Specify name and resource group

2.PNG

Specify Kubernetes as Orchestrator

3.png

Set username, copy SSH public key from PuTTY Key Generator and ID and password from Azure CLI (generated in first step)

6.PNG

5

Connecting to Cluster

Again, i used PuTTY

Connection-SSH-Auth-browse for saved private keys

9

Specify DNS cluster name

7.PNG

Test connectivity to the ACS Kubernetes cluster,

kubectl get nodes

10.PNG

Deploy container to Azure Cluster

kubectl run nginx-test --image=nginx --replicas=1 --port=80

Check container is deployed:

kubectl get deployment

11.PNG

Make the container available from Internet

kubectl expose deployment nginx-test –port=80 –type=LoadBalancer

NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 10.0.0.1  443/TCP 25m
nginx-test 10.0.30.9  80:30495/TCP 12s

Check the public IP address has been provisioned:

kubectl get services
NAME               CLUSTER-IP    EXTERNAL-IP   PORT(S)        AGE
NAME               CLUSTER-IP    EXTERNAL-IP    PORT(S)        AGE
kubernetes         10.0.0.1               443/TCP        25m
nginx-test         10.0.30.9           80:30495/TCP   12s

It takes some time to get Public IP, run get services until “pending” disappear

NAME               CLUSTER-IP    EXTERNAL-IP    PORT(S)        AGE
kubernetes         10.0.0.1               443/TCP        21m
nginx-test         10.0.30.9     13.81.216.198   80:30495/TCP   2m

Test connectivity

12.PNG

Scale out container

kubectl scale --replicas=2 deployment/nginx-test
2017-11-04 15:14:37.535906 I | proto: duplicate proto type registered: google.protobuf.Any
2017-11-04 15:14:37.535967 I | proto: duplicate proto type registered: google.protobuf.Duration
2017-11-04 15:14:37.535984 I | proto: duplicate proto type registered: google.protobuf.Timestamp
deployment "nginx-test" scaled

Check another container instance is created:

kubectl get pods
NAME                         READY     STATUS    RESTARTS   AGE
nginx-test-861205578-ghpd9   1/1       Running   0          49s
nginx-test-861205578-lh32t   1/1       Running   0          4m

To remove deployments type

kubectl delete deployment nginx-test</pre>

Implementing Azure Container Registry

Posted: November 2, 2017 in Azure

Container registry is “store” for container images (I already touched this topic before)

In Azure new-Containers-Azure Container Registry

1

Enable Admin user (this allows you to use the registry name as username and admin user access key as password to docker login to the registry)

2.png

In access key section we can see username/password

3

Install docker for Windows 

1.png

And login to newly created Azure registry (use credentials from Access Keys section)

4

docker login --username user --password password mytestazureregistry.azurecr.io

I searched for windows images

5

and installed one of them,because this image doesn’t exists in our registry it will be downloaded from docker hub

docker pull microsoft/azure-cli
Using default tag: latest
latest: Pulling from microsoft/azure-cli
9f0706ba7422: Pull complete
99b6c0e3989b: Pull complete
35e890954c0c: Pull complete
7c081089dee1: Pull complete
Digest: sha256:4e84d954e3b7adecf3b5085d8baba32409fbe8b51d511a2bb2f2bc545531cfdb
Status: Downloaded newer image for microsoft/azure-cli:latest

I removed image:

docker rmi microsoft/azure-cli -f
Untagged: microsoft/azure-cli:latest
Untagged: microsoft/azure-cli@sha256:4e84d954e3b7adecf3b5085d8baba32409fbe8b51d511a2bb2f2bc545531cfdb

And i installed it again

docker pull microsoft/azure-cli
Using default tag: latest
latest: Pulling from microsoft/azure-cli
Digest: sha256:4e84d954e3b7adecf3b5085d8baba32409fbe8b51d511a2bb2f2bc545531cfdb
Status: Image is up to date for microsoft/azure-cli:latest

Because this time image is already stored in registry it takes less time to deploy

docker run -it microsoft/azure-cli
root@29f1f01b49e4:/# ls
bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var

To leave container running press CTL+Q or CTRL+P

 

Deploying Docker containers in Azure

Posted: November 2, 2017 in Azure

Think of a Docker container as another form of virtualization. Virtual Machines (VM) allow a piece of hardware to be split up into different VMs – or virtualized — so that the hardware power can be shared among different users and appear as separate servers or machines. Docker containers virtualize the OS, splitting it up into virtualized compartments to run container applications.

Installing Azure VM

This Azure VM will include support for Docker containers

First,create Azure Resource Group,availability set and Public IP (needed for Azure docker host later on)-All steps below i run on my Windows 10 lap-top

New-AzureRmResourceGroup -Name myrg1 -Location "West Europe"

New-AzureRmAvailabilitySet -Location 'west europe' -name 'myavailabilityset' -ResourceGroupName myrg1

New-AzureRmPublicIpAddress -name 'mypublicip' -ResourceGroupName 'myrg1' -Location 'west europe' -AllocationMethod Dynamic

Now see  available Docker VM’s

Install Azure CLI open CMD and run az vm image list

az vm image list

[
{
"offer": "CentOS",
"publisher": "OpenLogic",
"sku": "7.3",
"urn": "OpenLogic:CentOS:7.3:latest",
"urnAlias": "CentOS",
"version": "latest"
},
{
"offer": "CoreOS",
"publisher": "CoreOS",
"sku": "Stable",
"urn": "CoreOS:CoreOS:Stable:latest",
"urnAlias": "CoreOS",
"version": "latest"
},
{
"offer": "Debian",
"publisher": "credativ",
"sku": "8",
"urn": "credativ:Debian:8:latest",
"urnAlias": "Debian",
"version": "latest"
},
{
"offer": "openSUSE-Leap",
"publisher": "SUSE",
"sku": "42.2",
"urn": "SUSE:openSUSE-Leap:42.2:latest",
"urnAlias": "openSUSE-Leap",
"version": "latest"
},
{
"offer": "RHEL",
"publisher": "RedHat",
"sku": "7.3",
"urn": "RedHat:RHEL:7.3:latest",
"urnAlias": "RHEL",
"version": "latest"
},
{
"offer": "SLES",
"publisher": "SUSE",
"sku": "12-SP2",
"urn": "SUSE:SLES:12-SP2:latest",
"urnAlias": "SLES",
"version": "latest"
},
{
"offer": "UbuntuServer",
"publisher": "Canonical",
"sku": "16.04-LTS",
"urn": "Canonical:UbuntuServer:16.04-LTS:latest",
"urnAlias": "UbuntuLTS",
"version": "latest"
},
{
"offer": "WindowsServer",
"publisher": "MicrosoftWindowsServer",
"sku": "2016-Datacenter",
"urn": "MicrosoftWindowsServer:WindowsServer:2016-Datacenter:latest",
"urnAlias": "Win2016Datacenter",
"version": "latest"
},
{
"offer": "WindowsServer",
"publisher": "MicrosoftWindowsServer",
"sku": "2012-R2-Datacenter",
"urn": "MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:latest",
"urnAlias": "Win2012R2Datacenter",
"version": "latest"
},
{
"offer": "WindowsServer",
"publisher": "MicrosoftWindowsServer",
"sku": "2012-Datacenter",
"urn": "MicrosoftWindowsServer:WindowsServer:2012-Datacenter:latest",
"urnAlias": "Win2012Datacenter",
"version": "latest"
},
{
"offer": "WindowsServer",
"publisher": "MicrosoftWindowsServer",
"sku": "2008-R2-SP1",
"urn": "MicrosoftWindowsServer:WindowsServer:2008-R2-SP1:latest",
"urnAlias": "Win2008R2SP1",
"version": "latest"
}
]

Install Docker

Open CMD as admin

docker-machine create --driver azure --azure-ssh-user ja --azure-subscription-id "96b761b2-0307-45ca-a704-dc2cda5c129b" --azure-open-port 80 -azure-image "Canonical:UbuntuServer:16.04.0-LTS:latest" --azure-location "West Europe" --azure-resource-group "myrg1" --azure-resource-group "myrg1" --azure-availability-set "myavailabilityset" --azure-static-public-ip "mypublicip1"

Above command will create Docker VM in Azure but first Docker needs to login to Azure

1.PNG

2.PNG

3.PNG

4.PNG

During installation Docker will create self-signed certificates that will be used for connecting to Docker host, it will also store private key of the certificate in user profile

1.PNG

After installation finishes identify variables (needed to find out Docker IP address)

docker-machine env mypublicip1

SET DOCKER_TLS_VERIFY=1
SET DOCKER_HOST=tcp://52.174.2.212
SET DOCKER_CERT_PATH=C:\Users\lap-top\.docker\machine\machines\mypublicip1
SET DOCKER_MACHINE_NAME=mypublicip1
SET COMPOSE_CONVERT_WINDOWS_PATHS=true
REM Run this command to configure your shell:
REM @FOR /f “tokens=*” %i IN (‘docker-machine env mypublicip1’) DO @%i

Connecting to Docker host

docker -D -H tcp://52.174.2.212:2376 --tlsverify --tlscacert=C:\Users\lap-top\.docker\machine\certs\ca.pem --tlscert=C:\Users\lap-top\.docker\machine\certs\cert.pem -tlskey=C:\Users\lap-top\.docker\machine\certs\key.pem ps

Install basic docker container

docker run -d -p 80:80 --restart=always nginx

Find out container’s IP address:

docker-machine ip mypublicip1

 

6