ARM template to create a k8s cluster on Azure
Also, updated the Helm version to 2.9.1
Change-Id: I8ac57c19c135370d9189b83947b4e67216e63740
Issue-ID: INT-626
Signed-off-by: Sudhakar Reddy <>
diff --git a/deployment/Azure_ARM_Template/scripts/ b/deployment/Azure_ARM_Template/scripts/
new file mode 100644
index 0000000..919d148
--- /dev/null
+++ b/deployment/Azure_ARM_Template/scripts/
@@ -0,0 +1,54 @@
+# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
+sed -i 's/PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
+sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
+service sshd restart
+echo -e "oom\noom" | passwd root
+apt-get update
+curl$ | sh
+mkdir -p /etc/systemd/system/docker.service.d/
+cat > /etc/systemd/system/docker.service.d/docker.conf << EOF
+ExecStart=/usr/bin/dockerd -H fd://
+systemctl daemon-reload
+systemctl restart docker
+apt-mark hold docker-ce
+#IP_ADDY=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
+#echo "$IP_ADDY $HOSTNAME" >> /etc/hosts
+docker login -u docker -p docker
+sudo apt-get install make -y
+sudo curl -LO$KUBECTL_VERSION/bin/linux/amd64/kubectl
+sudo chmod +x ./kubectl
+sudo mv ./kubectl /usr/local/bin/kubectl
+sudo mkdir ~/.kube
+sudo tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz
+sudo mv linux-amd64/helm /usr/local/bin/helm
+# install nfs
+sudo apt-get install nfs-common -y
+#Create NFS directory
+sudo mkdir -p /dockerdata-nfs
+#Mount the remote NFS directory to the local one
+sudo mount $MASTER_IP:/dockerdata-nfs /dockerdata-nfs/
+echo "$MASTER_IP:/dockerdata-nfs /dockerdata-nfs nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0" | sudo tee -a /etc/fstab
+exit 0
diff --git a/deployment/Azure_ARM_Template/scripts/ b/deployment/Azure_ARM_Template/scripts/
new file mode 100644
index 0000000..1c4373c
--- /dev/null
+++ b/deployment/Azure_ARM_Template/scripts/
@@ -0,0 +1,190 @@
+set -x
+# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
+sed -i 's/PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
+sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
+service sshd restart
+echo -e "oom\noom" | passwd root
+apt-get update
+curl$ | sh
+mkdir -p /etc/systemd/system/docker.service.d/
+cat > /etc/systemd/system/docker.service.d/docker.conf << EOF
+ExecStart=/usr/bin/dockerd -H fd://
+systemctl daemon-reload
+systemctl restart docker
+apt-mark hold docker-ce
+#IP_ADDY=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
+#echo "$IP_ADDY $HOSTNAME" >> /etc/hosts
+docker login -u docker -p docker
+sudo apt-get install make -y
+sudo docker run -d --restart=unless-stopped -p 8080:8080 --name rancher_server rancher/server:v$RANCHER_VERSION
+sudo curl -LO$KUBECTL_VERSION/bin/linux/amd64/kubectl
+sudo chmod +x ./kubectl
+sudo mv ./kubectl /usr/local/bin/kubectl
+sudo mkdir ~/.kube
+sudo tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz
+sudo mv linux-amd64/helm /usr/local/bin/helm
+# nfs server
+sudo apt-get install nfs-kernel-server -y
+sudo mkdir -p /nfs_share
+sudo chown nobody:nogroup /nfs_share/
+sudo mkdir -p /dockerdata-nfs
+sudo chmod 777 -R /dockerdata-nfs
+sudo chown nobody:nogroup /dockerdata-nfs/
+NFS_EXP="*(rw,sync,no_root_squash,no_subtree_check) "
+echo "/dockerdata-nfs "$NFS_EXP | sudo tee -a /etc/exports
+#Restart the NFS service
+sudo exportfs -a
+sudo systemctl restart nfs-kernel-server
+echo "wait before installing rancher server"
+sleep 60
+# Create ONAP environment on rancher and register the nodes...
+echo "SERVER: ${SERVER}"
+#install sshpass to login to the k8s nodes to run rancher agent
+sudo apt-get install sshpass
+# create kubernetes environment on rancher using cli
+sudo tar -zxvf rancher-linux-amd64-v${RANCHER_CLI_VER}.tar.gz
+sudo cp rancher-v${RANCHER_CLI_VER}/rancher .
+sudo chmod +x ./rancher
+sudo apt install jq -y
+echo "wait for rancher server container to finish - 3 min"
+sleep 60
+echo "2 more min"
+sleep 60
+echo "1 min left"
+sleep 60
+echo "get public and private tokens back to the rancher server so we can register the client later"
+API_RESPONSE=`curl -s 'http://$SERVER:8080/v2-beta/apikey' -d '{"type":"apikey","accountId":"1a1","name":"autoinstall","description":"autoinstall","created":null,"kind":null,"removeTime":null,"removed":null,"uuid":null}'`
+# Extract and store token
+KEY_PUBLIC=`echo $API_RESPONSE | jq -r .publicValue`
+KEY_SECRET=`echo $API_RESPONSE | jq -r .secretValue`
+echo "publicValue: $KEY_PUBLIC secretValue: $KEY_SECRET"
+export RANCHER_URL=http://${SERVER}:8080
+./rancher env ls
+echo "wait 60 sec for rancher environments can settle before we create the onap kubernetes one"
+sleep 60
+echo "Creating kubernetes environment named ${KUBE_ENV_NAME}"
+./rancher env create -t kubernetes $KUBE_ENV_NAME > kube_env_id.json
+echo "env id: $PROJECT_ID"
+export RANCHER_HOST_URL=http://${SERVER}:8080/v1/projects/$PROJECT_ID
+echo "you should see an additional kubernetes environment usually with id 1a7"
+./rancher env ls
+# optionally disable cattle env
+# add host registration url
+echo "sleep 60 to wait for REG to ACTIVE"
+./rancher env ls
+sleep 30
+echo "check on environments again before registering the URL response"
+./rancher env ls
+sleep 30
+REG_URL_RESPONSE=`curl -X POST -u $KEY_PUBLIC:$KEY_SECRET -H 'Accept: application/json' -H 'ContentType: application/json' -d '{"name":"$SERVER"}' "http://$SERVER:8080/v1/projects/$PROJECT_ID/registrationtokens"`
+echo "wait for server to finish url configuration - 2 min"
+sleep 60
+echo "60 more sec"
+sleep 60
+# see registrationUrl in
+REGISTRATION_TOKENS=`curl http://$SERVER:8080/v2-beta/registrationtokens`
+REGISTRATION_URL=`echo $REGISTRATION_TOKENS | jq -r .data[0].registrationUrl`
+REGISTRATION_TOKEN=`echo $REGISTRATION_TOKENS | jq -r .data[0].token`
+echo "Registering host for image: $REGISTRATION_DOCKER url: $REGISTRATION_URL registrationToken: $REGISTRATION_TOKEN"
+HOST_REG_COMMAND=`echo $REGISTRATION_TOKENS | jq -r .data[0].command`
+#Loop using the private IP and the no of VMS to SSH into each machine
+for i in `seq 1 $((${NODE_COUNT}-1))`;
+ sshpass -p "oom" ssh -o StrictHostKeyChecking=no root@${NODE_IP} "hostnamectl set-hostname node$i && docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/racher:/var/lib/rancher $REGISTRATION_DOCKER $RANCHER_URL/v1/scripts/$REGISTRATION_TOKEN"
+echo "waiting 10 min for host registration to finish"
+sleep 540
+echo "1 more min"
+sleep 60
+#read -p "wait for host registration to complete before generating the client token....."
+# base64 encode the kubectl token from the auth pair
+# generate this after the host is registered
+KUBECTL_TOKEN=$(echo -n 'Basic '$(echo -n "$RANCHER_ACCESS_KEY:$RANCHER_SECRET_KEY" | base64 -w 0) | base64 -w 0)
+echo "KUBECTL_TOKEN base64 encoded: ${KUBECTL_TOKEN}"
+# add kubectl config - NOTE: the following spacing has to be "exact" or kubectl will not connect - with a localhost:8080 error
+cat > ~/.kube/config <<EOF
+apiVersion: v1
+kind: Config
+- cluster:
+ api-version: v1
+ insecure-skip-tls-verify: true
+ server: "https://$SERVER:8080/r/projects/$PROJECT_ID/kubernetes:6443"
+ name: "${ENVIRON}"
+- context:
+ cluster: "${ENVIRON}"
+ user: "${ENVIRON}"
+ name: "${ENVIRON}"
+current-context: "${ENVIRON}"
+- name: "${ENVIRON}"
+ user:
+ token: "$KUBECTL_TOKEN"
+echo "run the following if you installed a higher kubectl version than the server"
+echo "helm init --upgrade"
+echo "Verify all pods up on the kubernetes system - will return localhost:8080 until a host is added"
+echo "kubectl get pods --all-namespaces"
+kubectl get pods --all-namespaces
+exit 0