Pages

Wednesday, 6 September 2017

Introduction to ForgeRock DevOps - Part 3 - Deploying Clusters

We have just launched Version 5 of the ForgeRock Identity Platform with numerous enhancements for DevOps friendliness. I have been meaning to jump into the world of DevOps for some time so the new release afforded a great opportunity to do just that.

Catch up with previous entries in the series:

http://identity-implementation.blogspot.co.uk/2017/04/introduction-to-forgerock-devops-part-1.html
http://identity-implementation.blogspot.co.uk/2017/05/introduction-to-forgerock-devops-part-2.html


I will be using IBM Bluemix here as I have recent experience of it but nearly all of the concepts will be similar for any other cloud environment.

Deploying Clusters

So now we have docker images deployed into Bluemix. The next step is to actually deploy the images into a Kubernetes cluster. Firstly we need to create a cluster, then we need to actually deploy into it. For what we are doing here we need a standard paid cluster.

Preperation

1. Log in to the Blue Mix CLI using you Blue Mix account credentials:

bx login -a https://api.ng.bluemix.net

2. Choose a location, you can view locations with:

bx cs locations



2. Choose machine type, you can view machine types for locations with:

bx cs machine-types dal10



3. Check for VLANS. You need to choose both a public and private VLAN for a standard cluster. It should look something like this:

bx cs vlans dal10



If you need to create them... init the SoftLayer CLI first:

bx sl init

Just select Single Sign On: (2)



You should be logged in and able to create vlans:

bx sl vlan create -t public -d dal10 -s 8 -n waynepublic

Note: Your Bluemix account needs permission to create VLANs, if you don't have this you need to contact support. You'll be told if this is the case. You should get one free public VLAN I believe.

Creating a Cluster

1. Create a cluster:

Assuming you have public and private VLANs you can create a kubernetes cluster:

bx cs cluster-create --location dal10 --machine-type u1c.2x4 --workers 2 --name wbcluster --private-vlan 1638423 --public-vlan 2106869



You *should* also be able to use the Bluemix UI to create clusters.

2. You may need to wait a little while for the cluster to be deployed. You can check the status of it using:

bx cs clusters



During the deployment you will likely receive various emails from Bluemix confirming infrastructure has been provisioned.

3. When the cluster has finished deployment ( state is pending ), set the new cluster as the current context:

bx cs cluster-config wbcluster



The statement in yellow is the important bit, copy and paste that export back into the terminal to configure the environment for kubernetes to run.



4. Now you can run kubectl commands, view the cluster config with:

kubectl config view



See the kubernetes documentation for the full set of commands you can run, we will only be looking at a few key ones for now.

5. Clone (or download) the ForgeRock Kubernetes repo to somewhere local:

https://stash.forgerock.org/projects/DOCKER/repos/fretes/browse

6. Navigate to the fretes directory:

cd /usr/local/DevOps/stash/fretes

 

7. We need to make a tweak to the fretes/helm/custom.yaml file and add the following:

storageClass: ibmc-file-bronze



This specified the type of storage we want our deployment to use in Bluemix. If it were AWS or Azure you may need something similar.

8. From the same terminal window that you have setup kubectl, navigate to the fretes/helm/ directory and run:

helm init



This will install the helm component into the cluster ready to process the helm scripts we are going to run.

9. Run the OpenAM helm script which will configure instances of AM, backed by DJ into our kubernetes cluster:

/usr/local/DevOps/stash/fretes/helm/bin/openam.sh

This script will take a while and again will trigger the provisioning of infrastructure, storage and other components resulting in emails from Bluemix. While this is happening you should see something like this:



If you have to re-deploy on subsequent occasions, the storage will not need to be re-provisioned and the whole process will be significantly faster. When it is all done you should see something like this:



10. Proxy the kube dash:

kubectl proxy



Navigate to http://127.0.0.1:8001/ui in a browser and you should see the kubernetes console!



Here you can see everything that has been deployed automatically using the helm script!

We have multiple instances of AM and DJ with storage deployed into Bluemix ready to configure!

In the next blog we will take a detailed look at the kubernetes dashboard to understand exactly what we have done, but for now lets take a quick look at one of our new AM instances.

11. Log in to AM:

Ctrl-C the proxy command and type the following:

bx cs workers wbcluster



You can see a list of our workers above, and the IP they have been exposed publicly on.

Note: There are defined ways of accessing applications using Kubernetes, typically you would use an ingress or a load balancer and not go directly using the public IP. We may look at these in later blogs.

As you probably know, AM expects a fully qualified domain name so before we can log in we need to edit /etc/hosts and add the following:



Then you can navigate to AM:

http://openam.example.com:30080/openam



You should be able to login with amadmin/password!


Summary

So far in this series we have created docker containers with the ForgeRock components, uploaded these to Bluemix and run the orchestration helm script to actually deploy instances of these containers into a meaningful architecture. Not bad!

In the next blog we will take a detailed look at the kubernetes console and examine what has actually been deployed.





18 comments:

  1. I ‘d mention that most of us visitors are endowed to exist in a fabulous place with very many wonderful individuals with very helpful things.
    Devops Training in Bangalore

    ReplyDelete
  2. orthful Hadoop tutorial. Appreciate a lot for taking up the pain to write such a quality content on Hadoop course. Just now I watched this similar Hadoop tutorial and I think this will enhance the knowledge of other visitors for sure. Thanks anyway.https://www.youtube.com/watch?v=cY5AnQMdXhY

    ReplyDelete
  3. Vey good explanation about forgerock devops. I learned more information from this blog. kkep your good work.

    DevOps Training in Chennai | DevOps Training Institute in Chennai

    ReplyDelete
  4. thanks you for providing such nice piece of article.i am glad to leave a comment.
    Devops Training in Pune

    ReplyDelete
  5. thanks you for providing such nice piece of article.i am glad to leave a comment.
    Devops Training in Pune

    ReplyDelete
  6. This concept is a good way to enhance the knowledge.thanks for sharing. please keep it up
    Linux Administration Training in Hyderabad

    ReplyDelete
  7. This concept is a good way to enhance the knowledge.thanks for sharing. please keep it up
    Linux Administration Training in Hyderabad

    ReplyDelete
  8. Thanks for giving a great information about DevOps Good Explination nice Article
    anyone want to learn advance devops tools or devops online training
    DevOps Online Training
    DevOps Online Training hyderabad

    ReplyDelete
  9. Thanks for giving a great information about DevOps Good Explination nice Article
    anyone want to learn advance devops tools or devops online training
    DevOps Online Training
    DevOps Online Training hyderabad
    DevOps Training

    ReplyDelete
  10. There are defined ways of accessing applications using Kubernetes, typically you would use an ingress or a load balancer and not go directly using the public IP. We may look at these in later blogs.Thanks for helping me to understand basic concepts. As a beginner in DevOps, your post helps me a lot.
    best devops training in chennai | DevOps training in Chennai omr | DevOps training in Chennai with placement

    ReplyDelete
  11. well! Thanks for providing a good stuff related to DevOps Explination is good, nice Article
    anyone want to learn advance devops tools or devops online training
    DevOps Online Training
    DevOps Online Training hyderabad

    ReplyDelete
  12. This is very much impressive. Thanks for giving such a valuable information, keep up the good work.
    DevOps Online Training

    ReplyDelete
  13. PCB Design Training in Bangalore offered by myTectra. India's No.1 PCB Design Training Institute. Classroom, Online and Corporate training in PCB Design
    pcb design training in bangalore

    ReplyDelete
  14. myTectra offers technology and business courses to professionals and students across the globe on a differentiated real-time instructor-led online training . myTectra offers classroom training at 10+ cities globally .
    corporate training in bangalore
    top 10 corporate training companies in india
    and we provide Iterview questions to help Students realated to courses. Here I am going to provide some interview questions sites...
    jsp interview questions
    c++ interview questions

    ReplyDelete
  15. I really appreciate all the hard work you’ve done to prepare this article. I have learnt so much, and it’s all thanks to you!

    https://goo.gl/pe9U77

    best devops training in Chennai | best devops certification course in Chennai | best devops training institute in Chennai

    ReplyDelete
  16. IOT Training in Bangalore - Live Online & Classroom
    IOT Training course observes iot as the platform for networking of different devices on the internet and their inter related communication.

    ReplyDelete