Digging Into Mesosphere DC/OS (Part 2)
Learn how to get Mesosphere going on AWS, including configuration details and security provisions.
Join the DZone community and get the full member experience.Join For Free
Now that we have had a brief overview of DC/OS from our first post, it’s time to do a little practical work and put things into context a bit.
The best way for us to take that step is to spin up a quick environment. There is no doubt that this can be quick, especially with the AWS implementation of DC/OS that we are going to use.
Note that you will need an active AWS account, and this will incur some costs to run the instances. The instances are pretty hearty because they are designed to run at a decent scale.
DC/OS on AWS Demo Setup
Log in to AWS to ensure you have access. The instances we need do not qualify for the Free Tier, so this will need a full account with billing enabled.
On the DCOS.io site, there are template links. Follow the install page as you see here:
That takes you to the install documentation and links to the CloudFormation template link (https://downloads.dcos.io/dcos/EarlyAccess/aws.html)
We can decide if we use a single master, or a three master system. To start small, we are going to launch a single master on us-west-2 in Oregon because I have other instances and SSH Keys active there.
Take the defaults and click Next on the Select Template screen:
Choose a name for your DC/OS stack. Choose a Key from your existing SSH key list. Security settings are available to enable OAuth Access (i.e. using GitHub, Google, or Microsoft accounts) which is what we can use for our demo. Choose the number of agent instances you wish to use. Everything else can remain as default:
Tagging is a good idea for anything inside AWS, so choose some tags if you want to identify your DC/OS instances:
Once that step is done, you can save your stack to be able to launch it.
As you check your stack state, it will begin as CREATE_IN_PROGRESS:
The process takes around 10-15 minutes. Once it is completed, the status will be indicated as COMPLETED in your CloudFormation window. This is also where you can get your DNS information to access the DC/OS master console. Click the Output tab in the lower portion of the window:
Now, you can log into your DC/OS instance over the web. That will bring you to this screen:
Now you are ready to start some testing! But before we do that, you need to some very important information.
Securing Your Web Access on AWS
By default, the settings you have chosen will be the default security groups, which are to allow inbound access over HTTP/HTTPS from any IP address.
Since we have OAuth enabled, anyone could just simply find your instance, log in, and start working on it. Not good.
To mitigate this, go to your VPC settings in the AWS console and you can sort by your node names. In my example, we search for DCOS which shows us the different security groups:
As you can see, all IP addresses are open. Click on the Edit button and change the 0.0.0.0/0 to your external IP address from your network (you can get this from http://whatsmyip.org) and make sure to use a /32 as the net mask:
Save the entry, and now you are blocking access to the DC/OS master web interface unless it comes from your network.
Our next post will take a look at how to browse around your DC/OS environment and to spin up some application workloads.
Published at DZone with permission of Eric Wright, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.