Overall Deployment:
-
Install docker with yum install
-
Download the SDK from Avi’s Docker Hub
-
Download the run.sh file
-
Git clone
-
Setup variables
-
Download Avi’s Controller from Avi Portal
-
Run the playbook
-
Install 3 Controllers or single one, keep in mind to use the skip tag if you only deploy one controller.
-
Config Controllers
-
DNS, NTP, Email, Banner, etc
-
Create the VMware Cloud.
-
Config VMware Cloud with IPs and subnet and Pool of IPs for SEs.
-
Config SEG and sets the backup passphrase.
-
If you do not have a backend to use like an Apache Server etc, use the deploy-avi-perf-img playbook.
This deploys a web server that you can use. -
If you use 3 Controllers then you will want to use the cluster_create playbook to set a VIP.
-
Create the new VS and connect the backend pool.
-
Optional if create a new SSL Cert
-
Optional configure Horizon VDI
sudo yum install -y yum-utils device-mapper-persistent-data lvm2 sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo sudo yum install docker
curl -O https://raw.githubusercontent.com/avinetworks/avitools/master/run.sh
Run the script
We will create the docker folder. From a Linux Box /opt/docker will be mapped to /opt/avi therefore when you docker exec it takes you right inside the folder.
mkdir /opt/docker chmod +x run.sh ./run.sh -v 18.2.7 -c bash -d /opt/docker -b docker exec -it avitools bash
If you are using this playbook in the SE lab please use vmware_lab.yml instead of 5_config_se_groups.yml. It turns off CPU and Memory reservation that’s the only diff.
Once installed and have the sdk container from Avi running you will need to pull down this repo.
git clone https://github.com/itlinux/avi_controller.git
|
Note
|
You can edit the files from the host or from within the docker container. |
Steps:
# cd avi_controller/inventory/
Copy the home dir as your base template, you can use any names you want. Example datacenter1 or DC1 or remomatteidclab1forfun etc.
# cp -R home datacenter1
Once you are in the avi_controller git repo you can edit all files from here using the path to your inventory location. Remove the vault.yml file since you will create a new one with your password.
# rm datacenter1/group_vars/all/vault.yml
Create vault file in the <yournewenv>/group_vars/all with the following command.
# ansible-vault create vault.yml
Once you enter your password you need to add the following variables: (those are used in the playbook).
vmware_pass: 'Password1' avi_password: 'Password2' oldpassword: 'this password is on avi portal'
|
Note
|
The oldpassword is the default password set on the Avi Controller. You need to get it from the Avi Portal |
Once that is completed you need to adjust the variables for your env.
vi datacenter1/group_vars/all/vars
You need to download the controller ova from Avi Networks and place it into the software folder. Make sure the variable has the same name before you run the playbook.
TIPS: If you do not want to run the -i for the inventory every time you can change the ansible.cfg and set the default env there. Then you would just type the main task. example:
ansible-playbook main.yml --ask-vault-pass
However, I like to have this so I know where which env I am using :).
You can run one playbook using the following:
ansible-playbook -i inventory/datacenter1/hosts main.yml --ask-vault-pass
or
ansible-playbook -i inventory/datacenter1/hosts --ask-vault-pass main.yml
ansible-playbook -i inventory/datacenter1/hosts -i inventory/datacenter2/hosts --ask-vault-pass main.yml
Once completed you will see something like this:
Thursday 06 February 2020 19:39:03 +0000 (0:00:01.836) 0:01:18.582 *****
===============================================================================
pause ------------------------------------------------------------------ 60.04s
avinetworks.aviconfig --------------------------------------------------- 6.97s
uri --------------------------------------------------------------------- 3.40s
avi_useraccount --------------------------------------------------------- 3.06s
avi_systemconfiguration ------------------------------------------------- 1.84s
deploy_controller ------------------------------------------------------- 1.83s
avinetworks.avisdk ------------------------------------------------------ 0.80s
avinetworks.avicontroller_vmware ---------------------------------------- 0.41s
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
total ------------------------------------------------------------------ 78.34s
Thursday 06 February 2020 19:39:03 +0000 (0:00:01.836) 0:01:18.580 *****
===============================================================================
Wait to all services be ready ------------------------------------------------------------------------------------------------------------------------------------------------------------- 60.04s
Set admin password ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 3.06s
Check Cluster Status ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- 2.17s
Basic Controller Config -------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.84s
Deploy Avi Controllers --------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.83s
Wait for Controller be ready --------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.23s
avinetworks.aviconfig : Build Avi module includes ------------------------------------------------------------------------------------------------------------------------------------------ 1.17s
avinetworks.aviconfig : Avi Config | Create no access cloud -------------------------------------------------------------------------------------------------------------------------------- 0.42s
avinetworks.aviconfig : Avi Config | Fetch cloud status ------------------------------------------------------------------------------------------------------------------------------------ 0.42s
avinetworks.aviconfig : Avi Config | Load Avi controller creds ----------------------------------------------------------------------------------------------------------------------------- 0.41s
avinetworks.aviconfig : Avi Config | Load configuration file ------------------------------------------------------------------------------------------------------------------------------- 0.41s
avinetworks.aviconfig : Avi Config | Check tenant exists ----------------------------------------------------------------------------------------------------------------------------------- 0.41s
avinetworks.aviconfig : Avi Config | Setting Avi role config to parameter avi_config ------------------------------------------------------------------------------------------------------- 0.41s
avinetworks.avicontroller_vmware : Check ansible version ----------------------------------------------------------------------------------------------------------------------------------- 0.41s
avinetworks.aviconfig : Avi Config | Set Avi Config variable from file contents ------------------------------------------------------------------------------------------------------------ 0.40s
avinetworks.aviconfig : Avi Network | Create or Update Network ----------------------------------------------------------------------------------------------------------------------------- 0.40s
avinetworks.aviconfig : Update Systemconfiguration DNS VS reference ------------------------------------------------------------------------------------------------------------------------ 0.40s
avinetworks.aviconfig : Include Avi Resource Create or Update Tasks ------------------------------------------------------------------------------------------------------------------------ 0.40s
avinetworks.aviconfig : Check ansible version ---------------------------------------------------------------------------------------------------------------------------------------------- 0.40s
avinetworks.aviconfig : Avi Config | Create Tenant ----------------------------------------------------------------------------------------------------------------------------------------- 0.40s
Playbook run took 0 days, 0 hours, 1 minutes, 18 seconds
root@avitools:/opt/avi/ansi-controller-deployment#
|
Note
|
This is an output of a controller that I just deployed using the script. Depending on your network and VMware / vSphere for the speed. I have seen it from few minutes up to 30 minutes, depending if you deploy 3 controllers or single controller. By default it’s set to deploy all 3 controllers, keep that in mind. If you do want to deploy one one controller to test it you need to comment out the vars file under your inventory env. If you do not run all 3 controllers the steps will change a bit, since the step 2 will wait for the controllers to be up. You can do the steps manually and use the skip-tags option to not include the 2nd and 3rd controller. |
example:
ansible-playbook -i inventory/datacenter1/hosts 2_config_controllers.yml --skip-tags second_ctl,third_ctl --ask-vault-pass
To set the cluster run the following playbook
ansible-playbook -i inventory/datacenter1/hosts controller_cluster.yml --ask-vault-pass
Step 5 creates two SEG one in AA mode the other in N+M mode. AA also has metrics set and deletion to 5 min whereas the N+M has no metrics enabled and deletion is at 0 min.
|
Note
|
Your Backend needs to be set. I only configured this with one backend. This is just a demo! |
Edit the section in the vars called POOL
# POOL INFO # The IP of the pool POOL_IP: 192.168.100.235 # VS_IP2 is the IP of the VS created by the playbook VS_IP2: 192.168.101.98 #VS_IP is not in used just copy the playbook if you want another VS VS_IP: 192.168.101.97 # SE Group config VS_SE_Group: Default-Group #Name of the app app_name: app1 #Name of the pool name_pool: test-pool state_set: present enabled: true
I set the VS_IP2 as the VS VIP for now VS_IP is if you want a new VS.
This process is the same as the controller, just diff image. The variables are in the vars file.
Here is the link until the Avi Portal gets update. Once it’s up with the version I built, I will remove it from here.
This machine is now using ubuntu 16, and it has VMware tools installed.
The machine ova default should be perf-server-client.ova same as what you download from the Avi Portal.
The second nic of the Web is DHCP, if it gets an ip address it will be printed to the end of the playbook.
https://tiny.cc/avi_ubuntu
The value to update for the web server backend pool are:
Then name you want for your VM in VMware env.
* machine_name1
The IP you want to use
vm_ip: 10.206.112.90/22
The gateway for this machine
vm_gw: 10.206.112.1
The subnet for this machine
vm_sub: 255.255.252.0
The network for this machine
vm_net: 10.206.112.0
The self sign cert playbook will create a new cert with the variables:
ssl_profile_name: Horizon-Avi-SSL sslkeycert: Horizon-SSL-Cert ciphers_enabled: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA" cert_path: '/opt/avi/ansi-controller/certs' cert_csr: 'horizon.demoavi.us.csr' cert_key: 'horizon.demoavi.key.pem' cert_fullchain: 'horizon.demoavi.fullchain.pem' country: 'US' organization: 'Avi' email: '[email protected]' common_name: 'horizon.demoavi.us'
-
Check a Certificate Signing Request (CSR)
openssl req -text -noout -verify -in yourcertname.csr
-
Check a private key
openssl rsa -check -in yourprivatekey.key.pem
-
Check a cert
openssl x509 -noout -text -in yourcert.fullchain.pem