Skip to content

itlinux/avi_controller

Repository files navigation

For deployment of the Avi Controller using Avi’s SDK

Overall Deployment:

  • Install docker with yum install

  • Download the SDK from Avi’s Docker Hub

  • Download the run.sh file

  • Git clone

  • Setup variables

  • Download Avi’s Controller from Avi Portal

  • Run the playbook

Start to Finish Process and Optional configuration:

  1. Install 3 Controllers or single one, keep in mind to use the skip tag if you only deploy one controller.

  2. Config Controllers

  3. DNS, NTP, Email, Banner, etc

  4. Create the VMware Cloud.

  5. Config VMware Cloud with IPs and subnet and Pool of IPs for SEs.

  6. Config SEG and sets the backup passphrase.

  7. If you do not have a backend to use like an Apache Server etc, use the deploy-avi-perf-img playbook.
    This deploys a web server that you can use.

  8. If you use 3 Controllers then you will want to use the cluster_create playbook to set a VIP.

  9. Create the new VS and connect the backend pool.

  10. Optional if create a new SSL Cert

  11. Optional configure Horizon VDI

Video talking about the playbook

https://itlinux.rocks/avictl

Installing docker

sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker

Start Docker

sudo systemctl enable --now docker

Get the run script

curl -O https://raw.githubusercontent.com/avinetworks/avitools/master/run.sh

Run the script

We will create the docker folder. From a Linux Box /opt/docker will be mapped to /opt/avi therefore when you docker exec it takes you right inside the folder.

mkdir /opt/docker
chmod +x run.sh
./run.sh -v 18.2.7 -c bash -d /opt/docker -b
docker exec -it avitools bash

FOR SE LAB

If you are using this playbook in the SE lab please use vmware_lab.yml instead of 5_config_se_groups.yml. It turns off CPU and Memory reservation that’s the only diff.

Git down the playbook

Once installed and have the sdk container from Avi running you will need to pull down this repo.

git clone https://github.com/itlinux/avi_controller.git

Setup your environment

Note
You can edit the files from the host or from within the docker container.

Steps:

# cd avi_controller/inventory/

Copy the home dir as your base template, you can use any names you want. Example datacenter1 or DC1 or remomatteidclab1forfun etc.

# cp -R home datacenter1

Once you are in the avi_controller git repo you can edit all files from here using the path to your inventory location. Remove the vault.yml file since you will create a new one with your password.

# rm datacenter1/group_vars/all/vault.yml

Create vault file in the <yournewenv>/group_vars/all with the following command.

# ansible-vault create vault.yml

Once you enter your password you need to add the following variables: (those are used in the playbook).

vmware_pass: 'Password1'
avi_password: 'Password2'
oldpassword: 'this password is on avi portal'
Note
The oldpassword is the default password set on the Avi Controller.
You need to get it from the Avi Portal

Once that is completed you need to adjust the variables for your env.

vi datacenter1/group_vars/all/vars

Software

You need to download the controller ova from Avi Networks and place it into the software folder. Make sure the variable has the same name before you run the playbook.

Run the playbook

TIPS: If you do not want to run the -i for the inventory every time you can change the ansible.cfg and set the default env there. Then you would just type the main task. example:

ansible-playbook main.yml --ask-vault-pass

However, I like to have this so I know where which env I am using :).

You can run one playbook using the following:

ansible-playbook -i inventory/datacenter1/hosts main.yml --ask-vault-pass

or

ansible-playbook -i inventory/datacenter1/hosts --ask-vault-pass main.yml

Multiple Datacenter

ansible-playbook -i inventory/datacenter1/hosts -i inventory/datacenter2/hosts  --ask-vault-pass main.yml

Once completed you will see something like this:

    Thursday 06 February 2020  19:39:03 +0000 (0:00:01.836)       0:01:18.582 *****
    ===============================================================================
    pause ------------------------------------------------------------------ 60.04s
    avinetworks.aviconfig --------------------------------------------------- 6.97s
    uri --------------------------------------------------------------------- 3.40s
    avi_useraccount --------------------------------------------------------- 3.06s
    avi_systemconfiguration ------------------------------------------------- 1.84s
    deploy_controller ------------------------------------------------------- 1.83s
    avinetworks.avisdk ------------------------------------------------------ 0.80s
    avinetworks.avicontroller_vmware ---------------------------------------- 0.41s
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    total ------------------------------------------------------------------ 78.34s
    Thursday 06 February 2020  19:39:03 +0000 (0:00:01.836)       0:01:18.580 *****
    ===============================================================================
    Wait to all services be ready ------------------------------------------------------------------------------------------------------------------------------------------------------------- 60.04s
    Set admin password ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 3.06s
    Check Cluster Status ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- 2.17s
    Basic Controller Config -------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.84s
    Deploy Avi Controllers --------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.83s
    Wait for Controller be ready --------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.23s
    avinetworks.aviconfig : Build Avi module includes ------------------------------------------------------------------------------------------------------------------------------------------ 1.17s
    avinetworks.aviconfig : Avi Config | Create no access cloud -------------------------------------------------------------------------------------------------------------------------------- 0.42s
    avinetworks.aviconfig : Avi Config | Fetch cloud status ------------------------------------------------------------------------------------------------------------------------------------ 0.42s
    avinetworks.aviconfig : Avi Config | Load Avi controller creds ----------------------------------------------------------------------------------------------------------------------------- 0.41s
    avinetworks.aviconfig : Avi Config | Load configuration file ------------------------------------------------------------------------------------------------------------------------------- 0.41s
    avinetworks.aviconfig : Avi Config | Check tenant exists ----------------------------------------------------------------------------------------------------------------------------------- 0.41s
    avinetworks.aviconfig : Avi Config | Setting Avi role config to parameter avi_config ------------------------------------------------------------------------------------------------------- 0.41s
    avinetworks.avicontroller_vmware : Check ansible version ----------------------------------------------------------------------------------------------------------------------------------- 0.41s
    avinetworks.aviconfig : Avi Config | Set Avi Config variable from file contents ------------------------------------------------------------------------------------------------------------ 0.40s
    avinetworks.aviconfig : Avi Network | Create or Update Network ----------------------------------------------------------------------------------------------------------------------------- 0.40s
    avinetworks.aviconfig : Update Systemconfiguration DNS VS reference ------------------------------------------------------------------------------------------------------------------------ 0.40s
    avinetworks.aviconfig : Include Avi Resource Create or Update Tasks ------------------------------------------------------------------------------------------------------------------------ 0.40s
    avinetworks.aviconfig : Check ansible version ---------------------------------------------------------------------------------------------------------------------------------------------- 0.40s
    avinetworks.aviconfig : Avi Config | Create Tenant ----------------------------------------------------------------------------------------------------------------------------------------- 0.40s
    Playbook run took 0 days, 0 hours, 1 minutes, 18 seconds
    root@avitools:/opt/avi/ansi-controller-deployment#
Note
This is an output of a controller that I just deployed using the script. Depending on your network and VMware / vSphere for the speed. I have seen it from few minutes up to 30 minutes, depending if you deploy 3 controllers or single controller. By default it’s set to deploy all 3 controllers, keep that in mind. If you do want to deploy one one controller to test it you need to comment out the vars file under your inventory env. If you do not run all 3 controllers the steps will change a bit, since the step 2 will wait for the controllers to be up. You can do the steps manually and use the skip-tags option to not include the 2nd and 3rd controller.

example:

ansible-playbook -i inventory/datacenter1/hosts 2_config_controllers.yml --skip-tags second_ctl,third_ctl --ask-vault-pass

Config Avi Cluster

To set the cluster run the following playbook

ansible-playbook -i inventory/datacenter1/hosts controller_cluster.yml --ask-vault-pass

SEG

Step 5 creates two SEG one in AA mode the other in N+M mode. AA also has metrics set and deletion to 5 min whereas the N+M has no metrics enabled and deletion is at 0 min.

Create a Virtual Service and Backend Pool

Note
Your Backend needs to be set. I only configured this with one backend. This is just a demo!

Edit the section in the vars called POOL

# POOL INFO
# The IP of the pool
POOL_IP: 192.168.100.235
# VS_IP2 is the IP of the VS created by the playbook
VS_IP2: 192.168.101.98
#VS_IP is not in used just copy the playbook if you want another VS
VS_IP: 192.168.101.97
# SE Group config
VS_SE_Group: Default-Group
#Name of the app
app_name: app1
#Name of the pool
name_pool: test-pool
state_set: present
enabled: true

I set the VS_IP2 as the VS VIP for now VS_IP is if you want a new VS.

Deploy a Web Server

This process is the same as the controller, just diff image. The variables are in the vars file.

Here is the link until the Avi Portal gets update. Once it’s up with the version I built, I will remove it from here.
This machine is now using ubuntu 16, and it has VMware tools installed.
The machine ova default should be perf-server-client.ova same as what you download from the Avi Portal.
The second nic of the Web is DHCP, if it gets an ip address it will be printed to the end of the playbook.

https://tiny.cc/avi_ubuntu

The value to update for the web server backend pool are:

Then name you want for your VM in VMware env.

* machine_name1

The IP you want to use

vm_ip: 10.206.112.90/22

The gateway for this machine

vm_gw: 10.206.112.1

The subnet for this machine

vm_sub: 255.255.252.0

The network for this machine

vm_net: 10.206.112.0

Custom Self Signed Cert

The self sign cert playbook will create a new cert with the variables:

ssl_profile_name: Horizon-Avi-SSL
sslkeycert: Horizon-SSL-Cert
ciphers_enabled: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
cert_path: '/opt/avi/ansi-controller/certs'
cert_csr: 'horizon.demoavi.us.csr'
cert_key: 'horizon.demoavi.key.pem'
cert_fullchain: 'horizon.demoavi.fullchain.pem'
country: 'US'
organization: 'Avi'
email: 'remo@avinetworks.com'
common_name: 'horizon.demoavi.us'

Checking SSL Certs

  • Check a Certificate Signing Request (CSR)

openssl req -text -noout -verify -in yourcertname.csr
  • Check a private key

openssl rsa -check -in yourprivatekey.key.pem
  • Check a cert

openssl x509 -noout -text -in yourcert.fullchain.pem

CREDITS

I want to thank Sergey Marunich from the PS Team and Nick Robbins from PM for adding code snippets for this project.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published