CLI Install
For a straightforward approach to installing MiCADO on remote machines,
especially for those unfamiliar with Ansible, we recommend using
the command-line interface provided by micado-client.
Pre-requisites
Provision or create a virtual machine with the following specification.
Prepare a Linux-based system with
Python, pip and SSH access
to the above virtual machine.
This could be a local device.
Install micado-client
Use the Python package manager to install the latest MiCADO-Client, a Python library and command-line interface (CLI) for building and interacting with a MiCADO cluster.
pip install micado-client
Collect Playbooks and configuration
The CLI will create a new directory, or populate an empty directory with Ansible Playbooks and configuration files for deploying MiCADO. Name this directory as you please.
Tip
If you are a sysadmin responsible for deploying multiple MiCADO clusters, you might name the directory according to the specific user or cloud you are preparing MiCADO for.
By default, you will get the latest version of MiCADO. Ask for a
specific version with the ‑‑version flag.
micado init jay_aws_micado
cd jay_aws_micado
micado init jay_aws_micado --version v0.12.0
cd jay_aws_micado
Specify the configuration
Configure Host List
This command will open Ansible's inventory file in your preferred editor. The Ansible inventory points at the hosts to configure. You must provide SSH authentication details for the MiCADO Control Plane VM.
micado config hosts-
For example, If you normally SSH to the VM with:
ssh ubuntu@123.456.78.90 -i /path/to/keyThen your inventory file should read as below:
all: hosts: micado: ansible_host: 123.456.78.90 ansible_connection: ssh ansible_user: ubuntu ansible_ssh_private_key_file: /path/to/key
Tip
If your SSH private key is at a standard location on your Ansible Control
Node (e.g. ~/.ssh/id_rsa) you may omit ansible_ssh_private_key_file.
Configure Cloud Credentials
- This command will open MiCADO's cloud credential file in your preferred editor.
- Most of our clouds are supported with username/password or key authentication.
micado config cloud-
Provide credentials for one or more clouds, as required. Unused clouds can be left blank.
resource: - type: ec2 auth_data: accesskey: ABC123DEF secretkey: 456XYZ789 - type: cloudsigma auth_data: email: password: - type: cloudbroker auth_data: email: user@example.com password: s3cur3_p4ssw0rdTip
These can be updated on an existing cluster.
The following clouds may require some additional explanation:
Warning
This file will be stored as a Kubernetes secret on the MiCADO Control Plane.
To keep it secure on your Ansible Control Node, we recommend you encrypt it
with Ansible-Vault.
We support only a single vault password. Remember to pass ‑‑vault to micado deploy.
Configure Proxy and TLS
MiCADO proxies a dashboard for inspecting the cluster and the submitter endpoint for running application. This command configures basic auth and the x509 keypair used for TLS encryption of the dashboard and submitter.
micado config web-
See below for examples of this file. The username // password login for the MiCADO Dashboard will, in both cases, be
admin//admin_Passtls: provision_method: self-signed authentication: username: admin email: user@example.com password: admin_PassInfo
The self-signed option generates a new keypair with the specified hostname as the subject/CN.
This ismicado-masterby default, but can be configured withmicado config settings.Two Subject Alternative Name (SAN) entries are also added:
- DNS: specified hostname
- IP: specified IP
tls: provision_method: user-supplied cert: | -----BEGIN CERTIFICATE----- MIID0DCCArigAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJGUjET ... key: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAvpnaPKLIKdvx98KW68lz8pGaRRcYersNGqPjpifMVjjE8LuC ... authentication: username: admin email: user@example.com password: admin_Pass
Warning
This file will be stored as a Kubernetes secret on the MiCADO Control Plane.
To keep it secure on your Ansible Control Node, we recommend you encrypt it
with Ansible-Vault.
We support only a single vault password. Remember to pass ‑‑vault to micado deploy.
Configure Container Registries
Container registry logins and mirrors are configured via the
K3s registries.yaml file, which is very well documented at
this link. The
following command will open that file for editing.
micado config registry-
This simple example provides username and password for the Docker private registry, but much more is possible.
configs: registry-1.docker.io: auth: username: USERNAME password: PASSWORDTip
These can be updated on an existing cluster.
Warning
This file will be stored as a Kubernetes secret on the MiCADO Control Plane.
To keep it secure on your Ansible Control Node, we recommend you encrypt it
with Ansible-Vault.
We support only a single vault password. Remember to pass ‑‑vault to micado deploy.
Configure Additional Settings
Several additional options can be configured. The command below will open the additional settings file in your preferred editor.
micado config settings
web_listening_port-
integer. Port number of the dasboard on MiCADO Control Plane. Defaults to 443.
enable_occopus-
boolean. Install and enable Occopus for cloud orchestration. Defaults to False.
enable_terraform-
boolean. Install and enable Terraform for cloud orchestration. Defaults to True.
enable_optimizer-
boolean. Setting this parameter to True enables the deployment of the Optimizer module, to perform more advanced scaling. Note this component is still in beta. Defaults to False.
disable_worker_updates-
boolean. Setting this parameter to False enables periodic software updates of the worker nodes. Note this may have an adverse effect on worker node start times. Defaults to True.
grafana_admin_pwd-
string. Configure the password for the Grafana administrator. Required for confiuring Grafana dashboards.
web_session_timeout-
integer. Timeout value in seconds for the Dashboard. Defaults to 600.
Deploy MiCADO
After everything has been configured, you can install MiCADO to the remote instance, which will launch the cluster.
micado up