Planning and Configuration for a New Cluster on Azure using Swarm

You need to have full rights in Azure portal to execute the steps such as creating Service Principal and assigning mentioned roles.

Follow the steps below to create a Docker swarm on Azure.
  1. Sign in to Azure. Follow the instructions for signing in. 
    az login
  2. Download the Docker provided containerized helper script from: 
    docker pull docker4x/create-sp-azure:latest
    docker pull docker4x/create-sp-azure:latest
latest: Pulling from docker4x/create-sp-azure
Digest: sha256:08ca27cc5e8791e296e01f687a77f1591ae1e9d6984fc05cd7b884e85fd06c47
Status: Image is up to date for docker4x/create-sp-azure:latest
  3. Run the following example command to create the service principal: 
    docker run -ti docker4x/create-sp-azure spdkrswarm spswarm eastus
    spdkrswarm is the service principal name, spswarm is the resource group name, eastus is the region. 
    info:    Executing command login
\info:    To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code BW49YRF8R to authenticate.
-info:    Added subscription spadaval-MasheryQA-G
info:    Setting subscription "spadaval-MasheryQA-G" as default
+
info:    login command OK
 
The following subscriptions were retrieved from your Azure account
1) 1db82ccd-abfe-46ec-8ad2-7f2d8cf050d5:spadaval-MasheryQA-G
Please select the subscription option number to use for Docker swarm resources: 1
Using subscription 1db82ccd-abfe-46ec-8ad2-7f2d8cf050d5
info:    Executing command account set
info:    Setting subscription to "spadaval-MasheryQA-G" with id "1db82ccd-abfe-46ec-8ad2-7f2d8cf050d5".
info:    Changes saved
info:    account set command OK
Creating AD application vanidkrswarm
Created AD application, APP_ID=e84c4c78-5d0b-4a4a-b0bd-ca256ffb5d4d
Creating AD App ServicePrincipal
Created ServicePrincipal ID=07f2301e-c906-4e69-a5f5-baa3d2e9984b
Create new Azure Resource Group vaniswarm in eastus
info:    Executing command group create
+ Getting resource group vaniswarm                                            
 
+ Creating resource group vaniswarm                                           
 
info:    Created resource group vaniswarm
data:    Id:                  /subscriptions/1db82ccd-abfe-46ec-8ad2-7f2d8cf050d5/resourceGroups/vaniswarm
data:    Name:                vaniswarm
data:    Location:            eastus
data:    Provisioning State:  Succeeded
data:    Tags: null
data:   
info:    group create command OK
Resource Group vaniswarm created
Waiting for account updates to complete before proceeding ...
Creating role assignment for 07f2301e-c906-4e69-a5f5-baa3d2e9984b scoped to vaniswarm
info:    Executing command role assignment create
 
+ Finding role with specified name                                            
 
\data:    RoleAssignmentId     : /subscriptions/1db82ccd-abfe-46ec-8ad2-7f2d8cf050d5/resourcegroups/vaniswarm/providers/Microsoft.Authorization/roleAssignments/1f5ee5de-ce6e-4ce2-8f90-b8acd83ab2bf
data:    RoleDefinitionName   : Contributor
data:    RoleDefinitionId     : b24988ac-6180-42a0-ab88-20f7382dd24c
data:    Scope                : /subscriptions/1db82ccd-abfe-46ec-8ad2-7f2d8cf050d5/resourcegroups/vaniswarm
data:    Display Name         : vanidkrswarm
data:    SignInName           : undefined
data:    ObjectId             : 07f2301e-c906-4e69-a5f5-baa3d2e9984b
data:    ObjectType           : ServicePrincipal
data:   
+
info:    role assignment create command OK
Successfully created role assignment for 07f2301e-c906-4e69-a5f5-baa3d2e9984b
Test login...
Waiting for roles to take effect ...
 
info:    Executing command login
|info:    Added subscription spadaval-MasheryQA-G                             
+
info:    login command OK
 
Your access credentials ==================================================
AD ServicePrincipal App ID:       e84c4c78-5d0b-4a4a-b0bd-ca256ffb5d4d
AD ServicePrincipal App Secret:   uVMnjHajQf6CIBquVTWMfd54P1uSW6Cf
AD ServicePrincipal Tenant ID:    cde6fa59-abb3-4971-be01-2443c417cbda
Resource Group Name:              vaniswarm
Resource Group Location:          eastus
  4. Step 3 generates the following output: 
    Your access credentials ==================================================

AD ServicePrincipal App ID:       fc1e91d4-d602-4d33-b967-23c9a703f905

AD ServicePrincipal App Secret:   bYAX1DcyWeR1htYB19wpDI9jWeu0rTG6

AD ServicePrincipal Tenant ID:    cde6fa59-abb3-4971-be01-2443c417cbda

Resource Group Name:              spswarm

Resource Group Location:          eastus
  5. Create an SSH key without any password.
    CMD: 
    ssh-keygen -f ~/.ssh/azswarm_rsa -t rsa -N ''
  6. Store the SSH private key in the Azure key vault that was created in step 5.
    CMD: 
    az keyvault secret set --vault-name suneelvault --name keysecret --file ~/.ssh/azswarm_rsa
    {
 
  "attributes": {
 
    "created": "2018-11-23T03:38:54+00:00",
 
    "enabled": true,
 
    "expires": null,
 
    "notBefore": null,
 
    "recoveryLevel": "Purgeable",
 
    "updated": "2018-11-23T03:38:54+00:00"
 
  },
 
  "contentType": null,
 
  "id": "https://vanikeyvault.vault.azure.net/secrets/keysecret/4846f522822a476f9f6543e280b044e6",
 
  "kid": null,
 
  "managed": null,
 
  "tags": {
 
    "file-encoding": "utf-8"
 
  },
 
  "value": "}
}

Mashery Local Components Configuration

The following settings can be customized. The tml_image_tag must be updated to match your docker image build.
Variable Prefix Description
tml_cm Mashery Local Cluster Manager Component
tml_tm Mashery Local Traffic Manager Component
tml_cache Mashery Local Cache Component
tml_sql Mashery Local SQL Component
tml_log Mashery Local Log Component
tml_nosql Number of Cassandra Component 
"tml_image_tag": "v5.0.0.1",

"tml_cm_count": 1,
"tml_tm_count": 1,
"tml_cache_count": 1,
"tml_sql_count": 1,
"tml_log_count": 1,
"tml_nosql_count": 1,


"tml_tm_http_enabled": "true",
"tml_tm_http_port": 80,
"tml_tm_https_enabled": "true",
"tml_tm_https_port": 443,
"tml_tm_oauth_enabled": "true",
"tml_tm_oauth_port": 8083
,
"cassandra_max_heap": "512M",
"cassandra_replication_factor": 1

Setting up Mashery Service Configuration Data

Mashery Local offers the option of importing service configuration data offline. A sample data.zip is provided with the TIBCO Mashery Local build that can be loaded into the database during TIBCO Mashery Local cluster creation.

To load the sample data:
  1. Copy the sample data.zip (located at tmlgcdeploy/sample_data/data.zip) into the tmgc-deploy/properties/ folder.
  2. This ensures that the data from the data.zip will be automatically loaded in the database when the TIBCO Mashery Local cluster is created.
Note: Make sure that the apiKey and apiSecret is empty in the tml_sql_properties.json in the tmgc-deploy/properties/ folder if you want to use the offline data loading feature. Default is blank.
TIBCO Mashery Local also offers the capability to sync data from an active MoM host at the time of cluster creation. To load the data using the MoM sync configuration, specify the following three properties in the tml_sql_properties.json: 
"mom-host": "<MOM_HOST>",
"apiKey": "<MOM_API_KEY>",
"apiSecret": "<MOM_API_SECRET>",
The tml_sql_properties.json is located in the tmgc-deploy/properties/ directory.
Note: Do not place the sample data.zip in the tmgc-deploy/properties/ directory if you are loading the data using the MoM sync configuration.

Generating the Deployment Scripts

For single-zone deployment, run the following command and find generated deployment scripts and configuration in the folder manifest-onprem-swarm: 
./compose.sh manifest-azure-swarm.json