github.com/technosophos/deis@v1.7.1-0.20150915173815-f9005256004b/docs/installing_deis/aws.rst (about)
1 :title: Installing Deis on AWS
2 :description: How to provision a multi-node Deis cluster on Amazon AWS
3
4 .. _deis_on_aws:
5
6 Amazon AWS
7 ==========
8
9 In this tutorial, we will show you how to set up your own 3-node cluster on Amazon Web Services.
10
11 Please :ref:`get the source <get_the_source>` and refer to the scripts in `contrib/aws`_
12 while following this documentation. You will also need to :ref:`install_deisctl` since the
13 ``deisctl`` command-line utility is used by the provisioning script.
14
15 .. include:: ../_includes/_deis-pro.rst
16
17 Install the AWS Command Line Interface
18 --------------------------------------
19
20 In order to start working with Amazon's API, let's install `awscli`_:
21
22 .. code-block:: console
23
24 $ pip install awscli
25
26 We'll also need `PyYAML`_ for the Deis AWS provision script to run:
27
28 .. code-block:: console
29
30 $ pip install pyyaml
31
32
33 Configure aws-cli
34 -----------------
35
36 Run ``aws configure`` to set your AWS credentials:
37
38 .. code-block:: console
39
40 $ aws configure
41 AWS Access Key ID [None]: ***************
42 AWS Secret Access Key [None]: ************************
43 Default region name [None]: us-west-1
44 Default output format [None]:
45
46
47 Upload keys
48 -----------
49
50 Generate and upload a new keypair to AWS, ensuring that the name of the keypair is set to "deis".
51
52 .. code-block:: console
53
54 $ ssh-keygen -q -t rsa -f ~/.ssh/deis -N '' -C deis
55 $ aws ec2 import-key-pair --key-name deis --public-key-material file://~/.ssh/deis.pub
56
57
58 During installation, ``deisctl`` will make an SSH connection to the cluster.
59 It will need to be able to use this key to connect.
60
61 Most users use SSH agent (``ssh-agent``). If this is the case, run
62 ``ssh-add ~/.ssh/deis`` to add the key. Otherwise, you may prefer to
63 modify ``~/.ssh/config`` to add the key to the IPs in AWS.
64
65 Choose Number of Instances
66 --------------------------
67
68 By default, the script will provision 3 servers. You can override this by setting
69 ``DEIS_NUM_INSTANCES``:
70
71 .. code-block:: console
72
73 $ export DEIS_NUM_INSTANCES=5
74
75 A Deis cluster must have 3 or more nodes. See :ref:`cluster-size` for more details.
76
77
78 Generate a New Discovery URL
79 ----------------------------
80
81 .. include:: ../_includes/_generate-discovery-url.rst
82
83
84 Customize cloudformation.json
85 -----------------------------
86
87 The configuration files and templates for AWS are located in the directory
88 ``contrib/aws/`` in the Deis repository.
89
90 Any of the parameter defaults defined in ``deis.template.json`` can be
91 overridden by setting the value in `cloudformation.json`_. For example, to
92 configure all of the options to non-default values:
93
94 .. code-block:: console
95
96 {
97 "ParameterKey": "InstanceType",
98 "ParameterValue": "m3.xlarge"
99 },
100 {
101 "ParameterKey": "KeyPair",
102 "ParameterValue": "jsmith"
103 },
104 {
105 "ParameterKey": "EC2VirtualizationType",
106 "ParameterValue": "PV"
107 },
108 {
109 "ParameterKey": "AssociatePublicIP",
110 "ParameterValue": "false"
111 },
112 {
113 "ParameterKey": "ELBScheme",
114 "ParameterValue": "internal"
115 },
116 {
117 "ParameterKey": "RootVolumeSize",
118 "ParameterValue": "100"
119 },
120 {
121 "ParameterKey": "DockerVolumeSize",
122 "ParameterValue": "1000"
123 },
124 {
125 "ParameterKey": "EtcdVolumeSize",
126 "ParameterValue": "5"
127 }
128
129
130 The only entry in cloudformation.json required to launch your cluster is `KeyPair`, which is
131 already filled out. The defaults will be applied for the other settings. The default values are
132 defined in ``deis.template.json``.
133
134 If updated with ``update-aws-cluster.sh``, the InstanceType will only impact newly deployed instances
135 (`#1758`_).
136
137 NOTE: The smallest recommended instance size is ``large``. Having not enough CPU or RAM will result
138 in numerous issues when using the cluster.
139
140
141 Launch into an existing VPC
142 ---------------------------
143
144 By default, the provided CloudFormation script will create a new VPC for Deis. However, the script
145 supports provisioning into an existing VPC instead. You'll need to have a VPC configured with an
146 internet gateway and a sane routing table (the default VPC in a region should be ready to go).
147
148 To launch your cluster into an existing VPC, export three additional environment variables:
149
150 - ``VPC_ID``
151 - ``VPC_SUBNETS``
152 - ``VPC_ZONES``
153
154 ``VPC_ZONES`` must list the availability zones of the subnets in order.
155
156 For example, if your VPC has ID ``vpc-a26218bf`` and consists of the subnets ``subnet-04d7f942``
157 (which is in ``us-east-1b``) and ``subnet-2b03ab7f`` (which is in ``us-east-1c``) you would export:
158
159 .. code-block:: console
160
161 export VPC_ID=vpc-a26218bf
162 export VPC_SUBNETS=subnet-04d7f942,subnet-2b03ab7f
163 export VPC_ZONES=us-east-1b,us-east-1c
164
165 If you have set up private subnets in which you'd like to run your Deis hosts, and public subnets
166 for the ELB, you should export the following environment variables instead:
167
168 - ``VPC_ID``
169 - ``VPC_SUBNETS``
170 - ``VPC_PRIVATE_SUBNETS``
171 - ``VPC_ZONES``
172
173 For example, if you have a public subnet ``subnet-8cd457b3`` for the ELB and a private subnet
174 ``subnet-8cd457b0`` (both in ``us-east-1a``) you would export:
175
176 .. code-block:: console
177
178 export VPC_ID=vpc-a26218bf
179 export VPC_SUBNETS=subnet-8cd457b3
180 export VPC_PRIVATE_SUBNETS=subnet-8cd457b0
181 export VPC_ZONES=us-east-1a
182
183
184 Run the Provision Script
185 ------------------------
186
187 Run the cloudformation provision script to spawn a new CoreOS cluster:
188
189 .. code-block:: console
190
191 $ cd contrib/aws
192 $ ./provision-aws-cluster.sh
193 Creating CloudFormation stack deis
194 {
195 "StackId": "arn:aws:cloudformation:us-east-1:69326027886:stack/deis/1e9916b0-d7ea-11e4-a0be-50d2020578e0"
196 }
197 Waiting for instances to be created...
198 Waiting for instances to be created... CREATE_IN_PROGRESS
199 Waiting for instances to pass initial health checks...
200 Waiting for instances to pass initial health checks...
201 Waiting for instances to pass initial health checks...
202 Instances are available:
203 i-5c3c91aa 203.0.113.91 m3.large us-east-1a running
204 i-403c91b6 203.0.113.20 m3.large us-east-1a running
205 i-e36fc6ee 203.0.113.31 m3.large us-east-1b running
206 Using ELB deis-DeisWebE-17PGCR3KPJC54 at deis-DeisWebE-17PGCR3KPJC54-1499385382.us-east-1.elb.amazonaws.com
207 �Your Deis cluster has been successfully deployed to AWS CloudFormation and is started.�
208 �Please continue to follow the instructions in the documentation.�
209
210 .. note::
211
212 The default name of the CloudFormation stack will be ``deis``. You can specify a different name
213 with ``./provision-aws-cluster.sh <name>``.
214
215 Remote IPs behind your ELB
216 --------------------------
217
218 The ELB you just created is load-balancing raw TCP connections, which is required for custom domain SSL
219 and WebSockets. As remote IPs are by default not visible behind a TCP-Proxy, the ELB and your cluster routers
220 were created with `Proxy Protocol`_ enabled.
221
222
223 Configure DNS
224 -------------
225
226 You will need a DNS entry that points to the ELB instance created above. Find
227 the ELB name in the AWS web console or by running ``aws elb describe-load-balancers``
228 and finding the Deis ELB.
229
230 See :ref:`configure-dns` for more information on properly setting up your DNS records with Deis.
231
232
233 Install Deis Platform
234 ---------------------
235
236 Now that you've finished provisioning a cluster, please refer to :ref:`install_deis_platform` to
237 start installing the platform.
238
239 CloudFormation Updates
240 ----------------------
241
242 To use CloudFormation to perform update operations to your stack, there is another script:
243 `update-aws-cluster.sh`_. Depending on the parameters that you have changed, CloudFormation
244 may replace the EC2 instances in your stack.
245
246 The following parameters can be changed without replacing all instances in a stack:
247
248 - ``ClusterSize`` - Number of nodes in the cluster. This may launch new instances or terminate
249 existing instances. If you are scaling down, this may interrupt service. If a container
250 was running on an instance that was terminated, it will have to be rebalanced onto another
251 node which will cause some downtime.
252 - ``SSHFrom`` - Locks down SSH access to the Deis hosts. This will update the security
253 group for the Deis hosts.
254
255 Please reference the AWS documentation for `more information about CloudFormation stack updates`_.
256
257 .. _`#1758`: https://github.com/deis/deis/issues/1758
258 .. _`awscli`: https://github.com/aws/aws-cli
259 .. _`contrib/aws`: https://github.com/deis/deis/tree/master/contrib/aws
260 .. _`cloudformation.json`: https://github.com/deis/deis/blob/master/contrib/aws/cloudformation.json
261 .. _`etcd`: https://github.com/coreos/etcd
262 .. _`etcd disaster recovery`: https://github.com/coreos/etcd/blob/master/Documentation/admin_guide.md#disaster-recovery
263 .. _`PyYAML`: http://pyyaml.org/
264 .. _`update-aws-cluster.sh`: https://github.com/deis/deis/blob/master/contrib/aws/update-aws-cluster.sh
265 .. _`More information about CloudFormation stack updates`: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html
266 .. _`Proxy Protocol`: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html