Automate Rancher on OpenStack with Terraform

2017-05-24 - Reading time: 4 minutes #terraform #rancher #openstack

In this post we will automate a Rancher installation. All the networking, security groups and compute instances will be setup using Terraform.

There’s a 3 minute video walkthrough at the bottom of this post.

What is Rancher?

Making Container management easy! Rancher’s goal is to support a range of leading container orchestration tools like Cattle (their own), Swarm, Kubernetes, Mesos and Windows containers (experimental).

Rancher Overview from Rancher Labs on Vimeo.

In this post we will be focusing on Cattle. It is well integrated with Rancher and covers more than the basic needs. It also has a catalog with tons of applications ready to be used,. To name a few; OpenVPN, GitLab, Jenkins, ElasticSearch, Logstash, Kibana.

Requirements

To follow the steps for automating Rancher, you’ll need basic GNU/Linux knowledge. We will be expecting you to run some sorts of terminal software with bash or fish shell. Other than that, make sure you have the following:

All servers will be running Ubuntu 16.04 LTS

Installation

At first, this post was going to have manual steps throughout the entire installation. After doing around 14 screenshots I began to have doubts that anyone would follow it. Also, I got trouble breathing. We live and breath automation at Elastx so it was wrong of me to believe I could keep being alive doing this manually.

Go fetch the repository

$ git clone https://github.com/elastx/openstack-rancher
[...]

A quick explanation of the repository tree:

├── README.md
└── terraform  
    ├── modules    
    ├── rancher-environment    
    ├── terraform-openrc.fish    
    └── terraform-openrc.sh

The terraform folders has two subfolders, modules and rancher-environment. The latter is the one holding the automation specific to this setup and modules is reusable modules for Terraform. Feel free to inspect all files to get a more in-depth understanding.

Prepare OpenStack credentials

Jump into the repository’s folder “terraform” and setup your credentials.

$ cd openstack-rancher/terraform
$ source terraform-openrc.sh
Please enter your username:
[...]

Let’s not forget to upload or create a key pair which the compute instance will use so you can access it via ssh. Make sure to name it id_rsa-rancher. Go to https://ops.elastx.cloud/

Terraform plan and apply

First of all, you need to “download” the terraform modules. After that, do a terraform plan. This will show you all the resources it will create.

$ cd rancher-environment
$ terraform get
Get: file:///Users/tobias/src/github.com/elastx/openstack-rancher/terraform/modules/generic-cluster
Get: file:///Users/tobias/src/github.com/elastx/openstack-rancher/terraform/modules/core net
Get: file:///Users/tobias/src/github.com/elastx/openstack-rancher/terraform/modules/rancher-server
$ terraform plan
[...]

Before we apply. Go through the output in order to see what resources will be created. The network topology will show you 1 external gateway network (globe, default in all tenants), a router, a network connected to that router and also 4 servers connected to that network. 1 rancher server, 3 rancher hosts.

$ terraform apply
[...]
Outputs:

net_id = a96c7f87-dddb-4b47-8125-01e3618640a4
rancher_api_base_url = http://10.16.0.6:8080/
rancher_cattle_hosts_external = 217.61.247.229, 217.61.247.228, 217.61.247.251
rancher_cattle_hosts_internal = 10.16.0.7, 10.16.0.8, 10.16.0.9
rancher_ui = http://217.61.247.226:8080/
ssh_username = ubuntu

You might get empty IP addresses due to a bug in Terraform. If that happens, just run terraform apply again.

While Terraform is done (usually takes 30 seconds up to one minute), we still have alot of things happening in the background. All instances are running security updates, installs Docker and Rancher. So this is the perfect time to get a “damn fine cup of coffee”.

Rancher is ready when the rancher_ui URL is accessible. It takes about 5-10 minutes.

Adding Rancher Hosts

Before adding hosts, you might see an exclamation mark on the “ADMIN” pull down menu. Make sure to configure Access Control! For our use case, using local accounts will suffice.

The first thing you need to do before adding hosts, is to tell Rancher the host registration url (API base url). If you look at Terraform output, this should be shown as rancher_api_base_url. Copy that and paste it into “Something else” form. This makes Rancher work on internal IP addresses instead of the suggested external one.

After hitting Save, the next page will show you the default way to add a host: Custom. Follow the instructions. You should see a command which you can copy and paste to each host.

$ ssh -i .ssh/id_rsa-rancher ubuntu@
[...]
[rancher host $] sudo docker run ......
[...] 

In Rancher’s UI, click on “Hosts” and you should see your hosts getting ready. It should look something like this:

Video walkthrough

I have prepared a video that walks through the entire installation, excluding repository checkout and setup credentials with the terraform-openrc.(sh|fish) files.

Check out video here

Summary

Being able to automate most of the steps of your infrastructure means that if there’s failure, you can rebuild it fast. Staging, test and development environments can be brought up and teared down on a daily basis, not only to save money not using resources on off-hours, but also you get to test that you can actually bring up a new production environment within a short span of time.

Tobias Jakobsson

#terraform #rancher #openstack