github.com/greenboxal/deis@v1.12.1/docs/installing_deis/digitalocean.rst (about) 1 :title: Installing Deis on DigitalOcean 2 :description: How to provision a multi-node Deis cluster on DigitalOcean 3 4 .. _deis_on_digitalocean: 5 6 DigitalOcean 7 ============ 8 9 In this tutorial, we will show you how to set up your own 3-node cluster on DigitalOcean. 10 11 Please :ref:`get the source <get_the_source>` and refer to the scripts in `contrib/digitalocean`_ 12 while following this documentation. 13 14 15 Prerequisites 16 ------------- 17 18 To complete this guide, you must have the following: 19 20 - A domain to point to the cluster 21 - The ability to provision at least 3 DigitalOcean Droplets that are 4GB or greater 22 23 Additionally, we'll need to install `Terraform`_ to do the heavy lifting for us. 24 25 26 Check System Requirements 27 ------------------------- 28 29 Please refer to :ref:`system-requirements` for resource considerations when choosing a droplet 30 size to run Deis. 31 32 33 Generate SSH Key 34 ---------------- 35 36 .. include:: ../_includes/_generate-ssh-key.rst 37 38 Upload this key to DigitalOcean so we can use it for the rest of the provisioning 39 process. 40 41 Generate a New Discovery URL 42 ---------------------------- 43 44 .. include:: ../_includes/_generate-discovery-url.rst 45 46 47 Create CoreOS Droplets 48 ---------------------- 49 50 The only other pieces of information we'll need are your DigitalOcean API token 51 and the fingerprint of your SSH key, both of which can be obtained from the 52 DigitalOcean interface. 53 54 From the source code root directory, invoke Terraform: 55 56 .. code-block:: console 57 58 $ terraform apply -var 'token=a1b2c3d3e4f5' \ 59 -var 'ssh_keys=c1:d3:a2:b4:e4:f5' \ 60 -var 'region=nyc3' \ 61 -var 'prefix=deis' \ 62 -var 'instances=3' \ 63 -var 'size=8GB' \ 64 contrib/digitalocean 65 66 67 Note that only ``token`` and ``ssh_keys`` are required - if unset, the other variables 68 will default to 3 hosts in the ``sfo1`` region with a size of 8GB and a prefix 69 of ``deis``. Additionally, ``ssh_keys`` can be just one key, or a comma-separated 70 list of keys to be added to the hosts for the ``core`` user. 71 72 The ``region`` option must specify a region with private networking. 73 74 Configure DNS 75 ------------- 76 77 .. note:: 78 79 If you're using your own third-party DNS registrar, please refer to their documentation on this 80 setup, along with the :ref:`dns_records` required. 81 82 .. note:: 83 84 If you don't have an available domain for testing, you can refer to the :ref:`xip_io` 85 documentation on setting up a wildcard DNS for Deis. 86 87 Deis requires a wildcard DNS record to function properly. If the top-level domain (TLD) that you 88 are using is ``example.com``, your applications will exist at the ``*.example.com`` level. For example, an 89 application called ``app`` would be accessible via ``app.example.com``. 90 91 One way to configure this on DigitalOcean is to setup round-robin DNS via the `DNS control panel`_. 92 To do this, add the following records to your domain: 93 94 - A wildcard CNAME record at your top-level domain, i.e. a CNAME record with * as the name, and @ 95 as the canonical hostname 96 - For each CoreOS machine created, an A-record that points to the TLD, i.e. an A-record named @, 97 with the droplet's public IP address 98 99 The zone file will now have the following entries in it: (your IP addresses will be different) 100 101 .. code-block:: console 102 103 * CNAME @ 104 @ IN A 104.131.93.162 105 @ IN A 104.131.47.125 106 @ IN A 104.131.113.138 107 108 For convenience, you can also set up DNS records for each node: 109 110 .. code-block:: console 111 112 deis-1 IN A 104.131.93.162 113 deis-2 IN A 104.131.47.125 114 deis-3 IN A 104.131.113.138 115 116 If you need help using the DNS control panel, check out `this tutorial`_ on DigitalOcean's 117 community site. 118 119 Apply Security Group Settings 120 ----------------------------- 121 122 Because DigitalOcean does not have a security group feature, we'll need to add some custom 123 ``iptables`` rules so our components are not accessible from the outside world. To do this, there 124 is a script in ``contrib/`` which will help us with that. To run it, use: 125 126 .. code-block:: console 127 128 $ for i in 1 2 3; do ssh core@deis-$i.example.com 'bash -s' < contrib/util/custom-firewall.sh; done 129 130 Our components should now be locked down from external sources. 131 132 Install Deis Platform 133 --------------------- 134 135 Now that you've finished provisioning a cluster, please refer to :ref:`install_deis_platform` to 136 start installing the platform. 137 138 139 .. _`contrib/digitalocean`: https://github.com/deis/deis/tree/master/contrib/digitalocean 140 .. _`docl`: https://github.com/nathansamson/docl#readme 141 .. _`Deis Control Utility`: https://github.com/deis/deis/tree/master/deisctl#readme 142 .. _`DNS control panel`: https://cloud.digitalocean.com/domains 143 .. _`this tutorial`: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-host-name-with-digitalocean 144 .. _`Terraform`: https://terraform.io/