5.2.1. Deploying the Cluster

Connect to Azure using its CLI.

1. Most often this can be done from a local computer shell.
2. Use az login to begin the connection.
3. Follow the shell steps to complete the login process.
   

Verify that the expected Azure subscriptions are accessible.

1. Use az account list --refresh to see all available subscriptions, for example as follows.
   

2. Use az account set -s <id> to choose a specific subscription.
   

Run az account show.

1. Record the values of tenantId and id for future use.
   

Create a service principal, which is needed for each cluster using az ad sp create-for-rbac --role Contributor --name <service_principal_name>.

1. Make a note of the values for appId and password from the output for future use.
2. Note: The error, “When using this permission, the backing application of the service principal being created must in the local tenant” seems like a transient bug. Rerun the command until it works.
   

Grant permissions to the created Server Principal using the appId recorded above.

1. az role assignment create --role "User Access Administrator" --assignee-object-id $(az ad sp show --id <service-principal-name> -o tsv --query objectId)
2. az ad app permission add --id <appId> --api 00000002-0000-0000-c000-000000000000 --api-permissions 824c81eb-e3f8-4ee6-8f6d-de7f50d565b7=Role
3. az ad app permission grant --id <appId> --api 00000002-0000-0000-c000-000000000000
   

Choose one of the following YAMLs, TCP YAML or Infiniband YAML, and save it in the same folder as openshift-installer binary and name it install-config.yaml.

Example YAML for TCP-based environments

apiVersion: v1
baseDomain: <your_base_dns>
compute:
- architecture: amd64
  hyperthreading: Enabled
  name: worker
  platform: 
    azure:
      type: Standard_L32s_v2
      osDisk:
        diskSizeGB: 512
      zones:
      - "1"
  replicas: 3
controlPlane:
  architecture: amd64
  hyperthreading: Enabled
  name: master
  platform: {}
  replicas: 3
metadata:
  creationTimestamp: null
  name: <your_desired_cluster_name>
networking:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  machineNetwork:
  - cidr: 10.0.0.0/16
  networkType: OpenShiftSDN
  serviceNetwork:
  - 172.30.0.0/16
platform:
  azure:
    baseDomainResourceGroupName: nvmeshrg
    cloudName: AzurePublicCloud
    outboundType: Loadbalancer
    region: westeurope
publish: External
sshKey: <your_public_ssh_key(not_path)>
pullSecret: '<your_pull_secret(not_path)>'

Example YAML for Infiniband-based environments

apiVersion: v1
baseDomain: <your_base_dns>
compute:
- architecture: amd64
  hyperthreading: Enabled
  name: worker
  platform: 
    azure:
      type: Standard_HB120rs_v3
      osDisk:
        diskSizeGB: 512
      zones:
      - "1"
  replicas: 0
controlPlane:
  architecture: amd64
  hyperthreading: Enabled
  name: master
  platform: {}
  replicas: 3
metadata:
  creationTimestamp: null
  name: <your_desired_cluster_name>
networking:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  machineNetwork:
  - cidr: 10.0.0.0/16
  networkType: OpenShiftSDN
  serviceNetwork:
  - 172.30.0.0/16
platform:
  azure:
    baseDomainResourceGroupName: nvmeshrg
    cloudName: AzurePublicCloud
    outboundType: Loadbalancer
    region: westeurope
publish: External
sshKey: <your_public_ssh_key(not_path)>
pullSecret: '<your_pull_secret(not_path)>'

*No workers are created when working with Infiniband. This is on purpose, as openshift-install does not supported the availability set feature. Workers will be created later oo.

Edit the YAML file filling in the following.

1. your_base_dns – the public base DNS domain as configured in azure, for example excelero.org.
2. Set the number of workers or NVMesh nodes by changing 3 to any number bigger than 3.
3. your_desired_cluster_name.
4. your_public_ssh_key (not_path) – copy and paste a public key that will be installed on all openshift nodes.
5. your_pull_secret (not_path) – keep the quotes and replace the variable with copy-paste of the pull secret you download at the prerequisite stage.
6. region – can be any region from the following list that has enough limits as described in the prerequisite.
   • australiacentral (Australia Central)
   • australiaeast (Australia East)
   • australiasoutheast (Australia South East)
   • brazilsouth (Brazil South)
   • canadacentral (Canada Central)
   • canadaeast (Canada East)
   • centralindia (Central India)
   • centralus (Central US)
   • eastasia (East Asia)
   • eastus (East US)
   • eastus2 (East US 2)
   • francecentral (France Central)
   • germanywestcentral (Germany West Central)
   • japaneast (Japan East)
   • japanwest (Japan West)
   • koreacentral (Korea Central)
   • koreasouth (Korea South)
   • northcentralus (North Central US)
   • northeurope (North Europe)
   • norwayeast (Norway East)
   • southafricanorth (South Africa North)
   • southcentralus (South Central US)
   • southeastasia (Southeast Asia)
   • southindia (South India)
   • switzerlandnorth (Switzerland North)
   • uaenorth (UAE North)
   • uksouth (UK South)
   • ukwest (UK West)
   • westcentralus (West Central US)
   • westeurope (West Europe)
   • westindia (West India)
   • westus (West US)
   • westus2 (West US 2)

Run rm -f ~/.azure/osServicePrincipal.json to delete any previous service principal configuration on the local machine.

Run ./openshift-install create cluster --dir=./ --log-level=debug. The process should take around 50 minutes and will provide an interactive shell.

1. Platform → choose azure
2. subscription id → paste the id recorded above
3. tenant id → paste the tenantId recorded above
4. service principal client id → paste appId recorded above
5. service principal client secret → paste password recorded above
   

Accelerate worker machine NICs once the cluster is up.

1. Go to Microsoft Azure – Resource Groups
2. Click the resource group with the cluster name defined
3. Search for Network Interface resources named: -xxxx-worker-region-xxxxx-nic.
4. Click on the NIC and then click Enabled accelerated networking at the top.
   

!Following are some known errors:
ERROR Error: authorization.RoleAssignmentsClient#Get: Failure responding to request: StatusCode=404 — Original Error: autorest/azure: Service returned an error. Status=404 Code=“RoleAssignmentNotFound” Message=“The role assignment ‘9f6023cc-81c9-7914-5c89-03cc7ea74ea1’ is not found.”
ERROR
ERROR on ../../tmp/openshift-install-935734395/main.tf line 161, in resource “azurerm_role_assignment” “main”:
ERROR 161: resource “azurerm_role_assignment” “main” …. this can randomly after creating the cluster machines role_assignment: fix immediate read after write issue by dlamotte · Pull Request #9698 · terraform-providers/terraform-provider-azurerm due to a TF provider bug which was fixed. If happen destroy the cluster and rerun:

If there are errors, run ./openshift-install destroy cluster and revert to the create cluster step.