SSR on Azure using Terraform


SSR on Azure


LoginPowerShell

az login  >> use which account??

subscribtionaz vm image      Link
Accept subscription termsaz vm image terms accept --urn 128technology:128t_networking_platform:128t_networking_platform:latest




az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/SUBSCRIPTION_ID"


update the variable terraform.tfvars
terraform.tfvars
  • subscription_id,
  • tenant_id  / client_id + client secret 
  • ssh_key_path

# Azure Subscription Id # run the in powershell "az login" or "az account show"
azure_subscription_id = ""
# Azure Client Id/appId # use existing one or create: az ad sp create-for-rbac
azure_client_id = ""
# Azure Client Secret/password # use existing one or create: az ad sp or create thru Azure console
azure_client_secret = ""
# Azure Tenant Id # run the in powershell "az login" or "az account show" or from the output of "az ad sp create-for-rbac"
azure_tenant_id = ""
# create a key and place the location
azure_ssh_key_path = ""
security rulesssh ingress rules for the management and public interfaces
create an RSA keykey generation: public ( .pub ) and private key (.ppk)

using PuttyGen


"~/.ssh/azure_key.pub

windows"azure_key.pub
SSH clientuse the private key
Deploy 

terraform validate

terraform apply 


>>> type:  "yes"
Public IP address
SSH into the Conductor
SSHinto the SSR
Config Conductor or SSR

certificate

To access yum.128t  and download ISO or update

Skip Username and copy the key  (something like: 128T-0000321.pem ) 

Copy EVERYTHING (wink)

create a GUI passwordaccount:  admin
Conductor IP@only for SSR
Conductor GUIon the Conductor

1- add Conductor IP ( under Authority)

2- add "Assocated Asset ID"  under Conductor Node



SSH to SSR

Link

get the Vmbus id

get vmbus

dpdk-devbind.py --status

VMBus
[root@jnpr-ssr-router-vm azureuser]# dpdk-devbind.py --status

Network devices using kernel driver
===================================
abb0:00:02.0 'MT27710 Family [ConnectX-4 Lx Virtual Function] 1016' if=eth4 drv=mlx5_core unused=igb_uio,vfio-pci
da28:00:02.0 'MT27710 Family [ConnectX-4 Lx Virtual Function] 1016' if=eth3 drv=mlx5_core unused=igb_uio,vfio-pci

VMBus devices
=============
00224841-601f-0022-4841-601f00224841 'Synthetic network adapter' if=eth2 drv=hv_netvsc
00224841-6139-0022-4841-613900224841 'Synthetic network adapter' if=eth1 drv=hv_netvsc
00224841-635d-0022-4841-635d00224841 'Synthetic network adapter' if=eth0 drv=hv_netvsc


management interface

External interface

Internal interface

Add a routerOn the conductor

1- Create a router ( inter-node security= internal ), coordinate , Conductor IP@

2- Create a node Role= combo

3- Add Device interface: mgmt   Vmbus Uuid

4- Add Network interface:  DHCP, Security= internal, Conductor=true, source NAT=true, Mgmt Enabled= true

( 5- neighborhoods )

OTP process
OTP on-boarding processDownload the quick-start file, copy the password and copy to the SSR router
DC SSR config

show config running flat

show config running 

config running
admin@node1.az_SSR# show config running flat


config authority conductor-address  20.68.42.233

config authority router az_SSR name                  az_SSR
config authority router az_SSR location              "Newport DC"
config authority router az_SSR location-coordinates  +51.55502150512316-003.038574489867287/
config authority router az_SSR conductor-address     20.68.42.233

config authority router az_SSR node node1 name              node1
config authority router az_SSR node node1 asset-id          4837c90c-8369-49f3-8eec-7e9d454b3c19

config authority router az_SSR node node1 device-interface mgmt name               mgmt
config authority router az_SSR node node1 device-interface mgmt vmbus-uuid         00224841-635d-0022-4841-635d00224841

config authority router az_SSR node node1 device-interface mgmt network-interface mgmt name                   mgmt
config authority router az_SSR node node1 device-interface mgmt network-interface mgmt global-id              1
config authority router az_SSR node node1 device-interface mgmt network-interface mgmt conductor              true
config authority router az_SSR node node1 device-interface mgmt network-interface mgmt inter-router-security  internal
config authority router az_SSR node node1 device-interface mgmt network-interface mgmt source-nat             true
config authority router az_SSR node node1 device-interface mgmt network-interface mgmt management             true
config authority router az_SSR node node1 device-interface mgmt network-interface mgmt dhcp                   v4

admin@node1.az_SSR#

admin@node1.az_SSR# show config running

config

    authority
        conductor-address  20.68.42.233

        remote-login

        exit

        router             az_SSR
            name                  az_SSR
            location              "Newport DC"
            location-coordinates  +51.55502150512316-003.038574489867287/
            conductor-address     20.68.42.233

            node                  node1
                name              node1
                asset-id          4837c90c-8369-49f3-8eec-7e9d454b3c19

                device-interface  mgmt
                    name               mgmt
                    vmbus-uuid         00224841-635d-0022-4841-635d00224841

                    network-interface  mgmt
                        name                   mgmt
                        global-id              1
                        conductor              true
                        inter-router-security  internal
                        source-nat             true
                        management             true
                        dhcp                   v4
                    exit
                exit
            exit
        exit
    exit
exit

admin@node1.az_SSR