Setup script for BDC with AD integration

Author: uc-msft

samples/features/sql-big-data-cluster/deployment/kubeadm/ubuntu-single-node-vm-ad/README.md

@@ -0,0 +1,57 @@
+
+# Deploy a SQL Server big data cluster on single node Kubernetes cluster (kubeadm)
+
+Using this sample bash script, you will deploy a single node Kubernetes cluster using kubeadm and a SQL Server big data cluster that is integrated with Active Directory domain. The script must be run from the VM you are planning to use for your kubeadm deployment.
+
+## Pre-requisites
+
+1. A vanilla Ubuntu 16.04 or 18.04 virtual or physical machine on your corporate network. All dependencies will be setup by the script. Using Azure Linux VMs is not yet supported.
+1. Machine should have at least 8 CPUs, 64GB RAM and 100GB disk space. After installing the images you will be left with 50GB for data/logs across all components.
+1. Update existing packages using commands below to ensure that the OS image is up to date
+
+``` bash
+sudo apt update&&apt upgrade -y
+sudo systemctl reboot
+```
+
+## Recommended Virtual Machine settings
+
+1. Use static memory configuration for the virtual machine. For example, in hyper-v installations do not use dynamic memory allocation but instead allocate the recommended 64 GB or higher.
+
+1. Use checkpoint or snapshot capability in your hyper visor so that you can rollback the virtual machine to a clean state.
+
+## Instructions to deploy SQL Server big data cluster
+
+1. Download the script on the VM you are planning to use for the deployment
+
+``` bash
+curl --output setup-bdc.sh https://raw.githubusercontent.com/microsoft/sql-server-samples/master/samples/features/sql-big-data-cluster/deployment/kubeadm/ubuntu-single-node-vm-ad/setup-bdc.sh
+curl --output endpoint-patch.json https://raw.githubusercontent.com/microsoft/sql-server-samples/master/samples/features/sql-big-data-cluster/deployment/kubeadm/ubuntu-single-node-vm-ad/endpoint-patch.json
+curl --output security-patch.json https://raw.githubusercontent.com/microsoft/sql-server-samples/master/samples/features/sql-big-data-cluster/deployment/kubeadm/ubuntu-single-node-vm-ad/security-patch.json
+```
+
+1. Edit and modify the endpoint-patch.json & security-patch.json files to supply the values specific to your Active Directory environment
+
+1. Make the script executable
+
+``` bash
+chmod +x setup-bdc-ad.sh
+```
+
+1. Run the script (make sure you are running with sudo)
+
+``` bash
+sudo ./setup-bdc-ad.sh
+```
+
+1. Refresh alias setup for azdata
+
+``` bash
+source ~/.bashrc
+```
+
+When prompted, provide your input for the password that will be used for all external endpoints: controller, SQL Server master and gateway. The password should be sufficiently complex based on existing rules for SQL Server password. The controller username is defaulted to *admin*.
+
+## Cleanup
+
+1. The [cleanup-bdc.sh](cleanup-bdc.sh/) script is provided as convenience to reset the environment in case of errors. However, we recommend that you use a virtual machine for testing purposes and use the snapshot capabiility in your hyper-visor to rollback the virtual machine to a clean state.

samples/features/sql-big-data-cluster/deployment/kubeadm/ubuntu-single-node-vm-ad/cleanup-bdc.sh

@@ -0,0 +1,87 @@
+#!/bin/bash
+
+if [ "$EUID" -ne 0 ]
+  then echo "Please run as root"
+  exit
+fi
+DIR_PREFIX=$1
+
+kubeadm reset --force
+unalias azdata
+
+systemctl stop kubelet
+rm -rf /var/lib/cni/
+rm -rf /var/lib/etcd/
+rm -rf /run/flannel/
+rm -rf /var/lib/kubelet/*
+rm -rf /etc/cni/
+rm -rf /etc/kubernetes/
+
+ip link set cni0 down
+#brctl delbr cni0
+ip link set flannel.1 down
+#brctl delbr flannel.1
+iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
+
+rm -rf .azdata/
+rm -rf bdcdeploy/
+
+# Remove mounts.
+#
+SERVICE_STOP_FAILED=0
+
+systemctl | grep "/var/lib/kubelet/pods" | while read -r line; do
+
+    # Retrieve the mount path
+    #
+    MOUNT_PATH=`echo "$line"  | grep -v echo | egrep -oh -m 1 "(/var/lib/kubelet/pods).+"`
+
+    if [ -z "$MOUNT_PATH" ]; then
+        continue
+    fi
+
+    if [[ ! -d "$MOUNT_PATH" ]] && [[ ! -f "$MOUNT_PATH" ]]; then
+
+        SERVICE=$(echo $line | cut -f1 -d' ')
+
+        echo "Mount "$MOUNT_PATH" no longer exists."
+        echo "Stopping orphaned mount service: '$SERVICE'"
+
+        systemctl stop $SERVICE
+
+        if [ $? -ne 0 ]; then
+            SERVICE_STOP_FAILED=1
+        fi
+
+        echo ""
+    fi
+done
+
+if [ $SERVICE_STOP_FAILED -ne 0 ]; then
+    echo "Not all services were stopped successfully. Please check the above output for more inforamtion."
+else
+    echo "All orphaned services successfully stopped."
+fi
+
+# Clean the mounted volumes.
+#
+
+for i in $(seq 1 30); do
+
+  vol="vol$i"
+
+  sudo umount /mnt/local-storage/$vol
+
+  sudo rm -rf /mnt/local-storage/$vol
+
+done
+
+# Reset kube
+#
+sudo apt-get purge -y kubeadm --allow-change-held-packages 
+sudo apt-get purge -y kubectl --allow-change-held-packages
+sudo apt-get purge -y kubelet --allow-change-held-packages
+sudo apt-get purge -y kubernetes-cni --allow-change-held-packages
+sudo apt-get purge -y kube* --allow-change-held-packages
+sudo apt -y autoremove
+sudo rm -rf ~/.kube

samples/features/sql-big-data-cluster/deployment/kubeadm/ubuntu-single-node-vm-ad/endpoint-patch.json

@@ -0,0 +1,23 @@
+{
+  "patch": [
+    {
+      "op": "replace",
+      "path": "spec.pools[?(@.spec.type=='Master')].spec",
+      "value": {
+        "type": "Master",
+        "dnsName": "mastersql.contoso.local",
+        "replicas": 1,
+        "endpoints": [
+          {
+            "name": "Master",
+            "serviceType": "NodePort",
+            "port": 31433
+          }
+        ]
+      }
+    }
+  ]
+}
+
+
+

samples/features/sql-big-data-cluster/deployment/kubeadm/ubuntu-single-node-vm-ad/security-patch.json

@@ -0,0 +1,31 @@
+{
+  "patch": [
+    {
+      "op": "add",
+      "path": "security",
+      "value": {
+        "useInternalDomain": false,
+        "ouDistinguishedName":"OU=bdc,DC=contoso,DC=local",
+        "dnsIpAddresses": ["11.11.111.11"],
+        "domainControllerFullyQualifiedDns": ["VM.CONTOSO.LOCAL"],
+        "realm":"CONTOSO.LOCAL",
+        "domainDnsName":"contoso.local",
+        "bdcAdminPrincipals": [
+          "Domain Admins", "Enterprise Admins"
+        ],
+        "bdcUserPrincipals": [
+          "Domain Users"
+        ]
+      }
+    },
+    {
+      "op": "add",
+      "path": "spec.endpoints/0",
+      "value": {
+        "name": "Kerberos",
+        "serviceType": "NodePort",
+        "port": 30088
+      }
+    }
+  ]
+}