Infrastructure setup for MTA PoC environments
This template currently deploys a UCP manager, a single DTR replica and UCP workers (Windows Server 2016)
Deploy Docker EE to Azure using interactive deployment script
wget https://raw.githubusercontent.com/BrandonRoyal/mta_infra/master/deploy.shaz login[Optional] Set environment variables to prepopulate variables in the deployment script
export AZURE_RESOURCE_GROUP_NAME=<azure _resource_group_name>
export AZURE_LOCATION=<azure_location>
export AZURE_ITEM_PREFIX=<azure_item_prefix>
export AZURE_DOCKER_ADMIN_PASSWORD=<azure_docker_admin_password>
export SSH_PUBLIC_KEY=$(cat ~/.ssh/id_rsa.pub)sh deploy.shNote the hostnames returned when script is complete
Use SSH (or Remote Desktop Client) to connect to Windows Worker. Note that each ports are used to access the appropriate worker host
| worker | hostname | port (SSH) | port (RDP) |
|---|---|---|---|
| *-wrk0 | <wrk-hostname> |
50020 | 50000 |
| *-wrk1 | <wrk-hostname> |
50021 | 50001 |
| *-wrk2 | <wrk-hostname> |
50022 | 50002 |
ssh -p 50020 docker@<wrk-hostname>Open PowerShell
%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exeJoin node to domain
$password = Read-Host "Admin password: " -AsSecureString
$password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
$password = ConvertTo-SecureString $password -AsPlainText -Force
$credentials = New-Object System.Management.Automation.PSCredential ('docker', $password)
Add-Computer -DomainName 'docker.local' -Credential $credentials
Restart-Computer -ForceRepeat for each worker node
Use SSH (or Remote Desktop Client) to connect to AD Domain Controller
ssh docker@<ad-server-hostname>Open PowerShell
%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exeRun configuration script to complete AD controller setup
cd C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.9\Downloads\0
.\configure-ad.ps1 -MachinePrefix <azure_item_prefix>NOTE: This script creates the following in AD
- group for all container hosts -
containerhosts - group managed service accounts for test app -
app1.docker.local - test user -
user1 - group for authorized users of test app -
app1 authorized users
Use SSH (or Remote Desktop Client) to connect to Windows Worker.
ssh -p 50020 docker@<ad-server-hostname>Open PowerShell
%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exeCreate CredentialSpec for app1.docker.local
Start-BitsTransfer https://raw.githubusercontent.com/Microsoft/Virtualization-Documentation/live/windows-server-container-tools/ServiceAccounts/CredentialSpec.psm1
Import-Module ./CredentialSpec.psm1
Import-Module .\CredentialSpec.psm1
New-CredentialSpec -Name app1 -AccountName app1Deploy test container
docker run -it --security-opt "credentialspec=file://app1.json" microsoft/windowsservercore cmdRepeat for each of three workers
To develop the template locally, use the DEBUG=true environment variable. This points to the local azuredeploy.json file (azure/ee-windows/azuredeploy.json)
When running in DEBUG mode, the script will temporarily upload script files to a private gist, allowing you to test incremental changes before committing them to the repo
- Set debug variable
export DEBUG=true- Login to Azure CLI (Optional if not already logged in)
az login- Login to GitHub Gist (Optional if not already logged in)
gist --login- Deploy using script
sh deploy.sh- gist -pR returns null when too ~10+ files are uploaded at any one time. Only relevent for DEBUG configuration since that's the only place where gist is used.