4.3 Deploying eDirectory Container on Microsoft Azure Container Instance

eDirectory supports eDirectory container deployment on Microsoft Azure container instance. The deployment process is simple and time-efficient. eDirectory container is pushed into the registry as Docker image that is self-contained and capable of running on its own. This section guides you through the process of deploying eDirectory Docker image on Azure.

4.3.1 Checklist for Deploying the Container

To setup the Azure container for deployment, NetIQ recommends that you complete the steps in the following checklist:

Checklist Items

  1. You must create an Azure container registry to store and manage the eDirectory Docker container image. Sign in to the Azure portal at https://portal.azure.com/ and follow the steps in the Create an Azure Container Registry Using the Azure Portal process to create a container registry.

  1. Next, you must set up an Azure storage account. This account stores all your data which can be accessed from anywhere in the world via HTTP or HTTPS. Sign in to the Azure portal and follow the steps in the Create a Storage Account process to create an Azure storage account.

  1. After you have created the storage account, create an Azure file share. A shared file system is required to allow the containers to access the file system regardless of which instance they run on. For more information on the considerations and process to follow when creating an Azure file share, see Create an Azure file share.

  1. You must create a virtual network. Azure Virtual Network enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other within the Azure Internet and on-premises networks. Follow the steps in the Creating a Virtual Network process.

  1. Then, push the eDirectory Docker image to the container registry. For more information, see Pushing Docker Image to Azure Container Registry.

  1. Edit and save the YAML file bundled with the eDirectory Docker image tarball. For more information, see Editing the YAML Configuration File.

  1. Finally, create an Azure container instance using the YAML file. For more information, see Creating an Azure Container Instance.

Pushing Docker Image to Azure Container Registry

To push the Docker image to the Azure container registry:

  1. Download the eDirectory Docker image tarball from the Software License and Download portal.

  2. Untar the downloaded build, extract the Docker image, and then load it into the local Docker registry using the following commands:

    # tar -xvf eDirectory_92x_Container.tar.gz
# docker load --input eDirectory_92x/eDirectory_92x.tar.gz

    The docker load command loads the Docker image named edirectory:9.2.x from tar archive.

  3. Tag the Docker image with your registry name using the following command

    Docker tag edirectory:<image-id> <registry-name>.azurecr.io/<repository-name-tag>

    Where,

    edirectory:<image-id> is the local Docker image ID.

    <registry-name> is the name of your private registry.

    <repository-name-tag> is the tag you want to assign to the Docker image.

    For example, docker tag edirectory:92x myazureregistry.azurecr.io/edir927

  4. Push the Docker image to the registry using the following command:

    docker push <registry-name>.azurecr.io/<repository-name-tag>

    Where,

    <registry-name> is the name of your private registry.

    <repository-name-tag> is the tag that you assigned to the Docker image.

    For example, docker push myazureregistry.azurecr.io/edir92x

Editing the YAML Configuration File

A YAML file is a quick and easy way to create or update a container group. The az container create command in the Azure command-line interface reads the group configurations from a YAML file. You must edit and upload the YAML file bundled with the eDirectory Docker image tarball before creating an Azure container instance.

The following section shows the schema for a YAML file, including comments (indicated with a # symbol) that highlights key properties. For a description of properties in this schema, see the Property Values section.

name:  # Provide the name of the container group
apiVersion: '2019-12-01'
properties: # Properties of container group
  containers: # The containers within the container group
  - name: test-edir92 # Provide a name of container instance
    properties: # Properties of a container instance
      image: myazureregistry.azurecr.io/edir926 # Provide the name of the container image used to create the container instance
      command:
      - /start.sh #Not optional
      - 'new -t 926edir1 -n novell -a admin.novell -w xx -S server1 -i -B @1524 -o 1028 -O 1030 -L 1389 -l 1636 --configure-eba-now no' #Sample command 
      ports: # External-facing ports exposed on the instance, must also be set in group ipAddress property 
      - protocol: tcp
        port: 1030 #HTTPS port. Depends on the parameter provided in command for -O
      - protocol: tcp
        port: 1389 #LDAP port. Depends on the parameter provided in command for -L
      environmentVariables:
      - name: YAML_MODE #Mandatory variable. Required if yaml file is used for configuring edirectory
        value: '1'
      resources: # Minimum resource requirements of the instance
        requests:
          memoryInGB: 2
          cpu: 1.5
      volumeMounts: # Array of volume mounts for the instance
      - name: configvolume
        mountPath: /config #Mandatory. Do not change this path.
  imageRegistryCredentials: # Credentials to pull a private image
  - server: myazureregistry.azurecr.io #Provide the image registry server name
    username: myazureregistry #Provide the image registry username    password: xxxx #Provide the image registry password
  #restartPolicy: Never #Optional  
  ipAddress: # IP address configuration of container group
    ports:
    - protocol: tcp
      port: 1030 #HTTPS port. Depends on the parameter provided in command for -O
    - protocol: tcp
      port: 1389 #LDAP port. Depends on the parameter provided in command for -L
    type: Private
  networkProfile: # Virtual network profile for container group
    id: subscriptions/xxx-xxx-xxx/resourceGroups/myresourcegroup/providers/Microsoft.Network/networkProfiles/aci-network-profile-VirtualNetmy-containersubnet   
#Can be found by running the command, az network profile list --resource-group myResourceGroup --query [0].id --output tsv, if no output then run the first time using azure cloud shell 
  osType: Linux
  volumes: # Array of volumes available to the instances
  - name: configvolume
    azureFile:
      shareName: testshare  #Provide the name of the Azure File share to be mounted as a volume
      storageAccountName: myfileshare  #Provide name of the storage account
      storageAccountKey: xxx_xxx #Provide storage account access key

Property Values

The following tables describe the values you need to set in the schema.

Name

Type

Required

Value

containerGroups object

Name

String

Yes

Name of the container group. You can also provide container name.

apiVersion

enum

Yes

The resource api version. For example, '2019-12-01'.

properties

object

Yes

Properties of a container group. Look for the ContainerGroupProperties object in this table to find values supported for properties.

ContainerGroupProperties object

containers

array

Yes

The containers within the container group. Look for the Container object in this table to find values supported for containers.

imageRegistryCredentials

array

No

The image registry credentials by which the container group is created from. Look for the ImageRegistryCredential object in this table to find values supported for imageRegistryCredentials.

restartPolicy

enum

No

Restart policy for all containers within the container group:

  • - Always: Always restart

  • - OnFailure: Restart on failure

  • - Never: Never restart

ipAddress

object

No

The IP address type of the container group. Look for the IPAddress object in this table to find values supported for ipAddress.

osType

enum

Yes

The operating system type required by the containers in the container group. - Windows or Linux

volumes

array

No

The list of volumes that can be mounted by containers in this container group. Look for the Volume object in this table to find values supported for volumes.

Container object

name

string

Yes

The user-provided name of the container instance. For example, test-edir92.

properties

object

Yes

The properties of the container instance. Look for the ContainerProperties object in this table to find values supported for properties.

ContainerProperties object

image

string

Yes

The name of the image used to create the container instance. For example, myazureregistry.azurecr.io/edir926 (Step 3).

command

array

No

The commands to execute within the container instance in exec form. eDirectory Docker container accepts the parameters of the ndsconfig utility with Docker command. For more information about the ndsconfig utility, see The ndsconfig Utility.

ports

array

No

The exposed ports on the container instance. Look for the ContainerPort object in this table to find values supported for ports.

environmentVariables

array

No

The environment variables to set in the container instance. Look for the EnvironmentVariable object in this table to find values supported for environmentVariables.

resources

object

Yes

The resource requirements of the container instance. Look for the ResourceRequirements object in this table to find values supported for resources.

volumeMounts

array

No

The volume mounts available to the container instance. Look for the VolumeMount object in this table to find values supported for volumeMounts.

ContainerPort object

protocol

enum

No

The protocol associated with the port. - TCP or UDP

port

integer

Yes

The port number.

EnvironmentVariable object

name

string

Yes

The name of the environment variable.

value

string

No

The value of the environment variable.

ResourceRequirements object

requests

object

Yes

The resource requests of this container instance. Look for the ResourceRequests object in this table to find values supported for requests.

ResourceRequests object

memoryInGB

number

Yes

The memory request in GB of this container instance.

cpu

number

Yes

The CPU request of this container instance.

VolumeMount object

name

string

Yes

The name of the volume mount.

mountPath

string

Yes

The path within the container where the volume should be mounted. Must not contain colon (:).

ImageRegistryCredential object

server

string

Yes

The Docker image registry server without a protocol such as "http" and "https". Provide the registry name created in checklist step 1 (see Checklist for Deploying the Container).

username

string

No

The username for the private registry. For more information, see How to Find Username Information.

password

string

No

The password for the private registry. For more information, see How to Find Azure Registry Password.

IPAddress object

ports

array

Yes

The list of ports exposed on the container group. Look for the Port object in this table to find values supported for ports.

type

enum

Yes

Specifies if the IP is exposed to the public internet or private VNET. - Public or Private

Port object

protocol

enum

No

The protocol associated with the port. - TCP or UDP

port

integer

Yes

The port number.

Volume object

name

string

Yes

The name of the volume.

azureFile

object

No

The Azure File volume. Look for the AzureFileVolume object in this table to find values supported for azureFile.

AzureFileVolume object

shareName

string

Yes

The name of the Azure File share to be mounted as a volume. Provide the storage file share name created in checklist step 3 (see Checklist for Deploying the Container).

storageAccountName

string

Yes

The name of the storage account that contains the Azure File share.

storageAccountKey

string

No

The storage account access key used to access the Azure File share. To find storage account key, see View Account Access Keys.

Creating an Azure Container Instance

Run the following command to create a container in a container group using the YAML file you earlier edited:

az container create --resource-group <MyResourceGroup> --name <container-instance-name>  --file <containerGroup.yaml>

Where,

<MyResourceGroup> represents the name of the resource group. Mandatory field.

<container-instance-name> represents the name of the container instance in a container group.

<containerGroup.yaml> represents the path to the input file.

For example, az container create --resource-group MyResourcegroup --name edir92 --file edir-azure-conf.yaml