AWS¶
The minidcos aws CLI allows you to create and manage open source DC/OS and DC/OS Enterprise clusters on AWS EC2 instances.
A typical CLI workflow for open source DC/OS may look like the following. Install the CLI (see Installation), then create and manage a cluster:
Fix issues shown by minidcos aws doctor
minidcos aws doctor
minidcos aws create https://downloads.dcos.io/dcos/stable/dcos_generate_config.sh --variant oss
default
minidcos aws wait
minidcos aws run --test-env --sync-dir /path/to/dcos/checkout pytest -k test_tls
...
Get onto a node
minidcos aws run bash
[master-0]# exit
minidcos aws destroy
Each of these and more are described in detail below.
Requirements¶
Amazon Web Services¶
An Amazon Web Services account with sufficient funds must be available.
The AWS credentials for the account must be present either in the environment as environment variables or in the default file system location under ~/.aws/credentials
with a AWS profile in the environment referencing those credentials.
The Mesosphere internal AWS tool maws automatically stores account specific temporary AWS credentials in the default file system location and exports the corresponding profile into the environment. After logging in with maws clusters can be launched using the AWS backend.
For CI deployments long lived credentials are preferred. It is recommended to use the environment variables method for AWS credentials in that case.
The environment variables are set as follows:
export AWS_ACCESS_KEY_ID=<aws_access_key_id>
export AWS_SECRET_ACCESS_KEY=<aws_secret_access_key>
The EC2 instances launched by the AWS backend will bring about costs in the order of 24 ct per instance, assuming the fixed cluster lifetime of two hours and m4.large
EC2 instances.
Operating System¶
The AWS backend has been tested on macOS and on Linux.
It is not expected that it will work out of the box with Windows, see issue QUALITY-1771.
If your operating system is not supported, it may be possible to use Vagrant, or another Linux virtual machine.
doctor
command¶
minidcos aws comes with the doctor command. Run this command to check your system for common causes of problems.
Creating a Cluster¶
To create a cluster you first need the link to a DC/OS installer.
These can be found on the releases page.
DC/OS Enterprise is also supported. Ask your sales representative for installers.
Creating a cluster is possible with the create command. This command allows you to customize the cluster in many ways.
The command returns when the DC/OS installation process has started. To wait until DC/OS has finished installing, use the wait command.
To use this cluster, it is useful to find details using the inspect command.
DC/OS Enterprise¶
There are multiple DC/OS Enterprise-only features available in create.
The only extra requirement is to give a valid license key, for DC/OS 1.11+. See create for details on how to provide a license key.
Ask your sales representative for DC/OS Enterprise installers.
For, example, run the following to create a DC/OS Enterprise cluster in strict mode:
minidcos aws create $DCOS_ENTERPRISE_URL \
--variant enterprise \
--license-key /path/to/license.txt \
--security-mode strict
The command returns when the DC/OS installation process has started. To wait until DC/OS has finished installing, use the wait command.
See create for details on this command and its options.
Cluster IDs¶
Clusters have unique IDs.
Multiple commands take --cluster-id
options.
Specify a cluster ID in create, and then use it in other commands.
Any command which takes a --cluster-id
option defaults to using “default” if no cluster ID is given.
Running commands on Cluster Nodes¶
It is possible to run commands on a cluster node in multiple ways.
These include using run and ssh
.
Running commands on a cluster node using run¶
It is possible to run the following to run a command on an arbitrary master node.
minidcos aws run systemctl list-units
See run for more information on this command.
Running commands on a cluster node using ssh
¶
One SSH key allows access to all nodes in the cluster. See this SSH key’s path and the IP addresses of nodes using inspect.
Getting on to a Cluster Node¶
Sometimes it is useful to get onto a cluster node. To do this, you can use any of the ways of Running commands on Cluster Nodes.
For example, to use run to run bash
to get on to an arbitrary master node:
minidcos aws run bash
Destroying Clusters¶
There are two commands which can be used to destroy clusters. These are destroy and destroy-list.
Either destroy a cluster with destroy:
minidcos aws destroy
default
minidcos aws destroy --cluster-id pr_4033_strict
pr_4033_strict
or use destroy-list to destroy multiple clusters:
minidcos aws destroy-list pr_4033_strict pr_4019_permissive
pr_4033_strict
pr_4019_permissive
To destroy all clusters, run the following command:
minidcos aws destroy-list $(dcos-aws list)
pr_4033_strict
pr_4019_permissive
Running Integration Tests¶
The run command is useful for running integration tests.
To run integration tests which are developed in the a DC/OS checkout at /path/to/dcos
, you can use the following workflow:
minidcos aws create \
--variant oss \
https://downloads.dcos.io/dcos/stable/dcos_generate_config.sh
minidcos aws wait
minidcos aws run --test-env --sync-dir /path/to/dcos/checkout pytest -k test_tls.py
There are multiple options and shortcuts for using these commands. See run for more information on this command.
Viewing the Web UI¶
To view the web UI of your cluster, use the web command. To see the web UI URL of your cluster, use the inspect command.
Before viewing the UI, you may first need to configure your browser to trust your DC/OS CA, or choose to override the browser protection.
Using a Custom CA Certificate¶
On DC/OS Enterprise clusters, it is possible to use a custom CA certificate. See the Custom CA certificate documentation for details. It is possible to use create to create a cluster with a custom CA certificate.
Create or obtain the necessary files:
dcos-ca-certificate.crt
,dcos-ca-certificate-key.key
, anddcos-ca-certificate-chain.crt
.Put the above-mentioned files into a directory, e.g.
/path/to/genconf/
.Create a file containing the “extra” configuration.
create takes an
--extra-config
option. This adds the contents of the specified YAML file to a minimal DC/OS configuration.Create a file with the following contents:
ca_certificate_path: genconf/dcos-ca-certificate.crt ca_certificate_key_path: genconf/dcos-ca-certificate-key.key ca_certificate_chain_path: genconf/dcos-ca-certificate-chain.crt
Create a cluster.
minidcos aws create \ $DCOS_ENTERPRISE_URL \ --variant enterprise \ --genconf-dir /path/to/genconf/ \ --copy-to-master /path/to/genconf/dcos-ca-certificate-key.key:/var/lib/dcos/pki/tls/CA/private/custom_ca.key \ --license-key /path/to/license.txt \ --extra-config config.yml
Verify that everything has worked.
See Verify installation for steps to verify that the DC/OS Enterprise cluster was installed properly with the custom CA certificate.
CLI Reference¶
minidcos aws¶
Manage DC/OS clusters on AWS.
minidcos aws [OPTIONS] COMMAND [ARGS]...
create¶
Create a DC/OS cluster.
DC/OS Enterprise
DC/OS Enterprise clusters require different configuration variables to DC/OS OSS. For example, enterprise clusters require the following configuration parameters:
superuser_username
,superuser_password_hash
,fault_domain_enabled
,license_key_contents
These can all be set in
--extra-config
. However, some defaults are provided for all but the license key.The default superuser username is
bootstrapuser
. The default superuser password isdeleteme
. The defaultfault_domain_enabled
isfalse
.
license_key_contents
must be set for DC/OS Enterprise 1.11 and above. This is set to one of the following, in order:* The
license_key_contents
set in--extra-config
. * The contents of the path given with--license-key
. * The contents of the path set in theDCOS_LICENSE_KEY_PATH
environment variable.If none of these are set,
license_key_contents
is not given.
minidcos aws create [OPTIONS] INSTALLER_URL
Options
-
--custom-tag
<custom_tag>
¶ Add tags to EC2 instances in the format “<TAG_KEY>:<TAG_VALUE>”.
-
--variant
<variant>
¶ Choose the DC/OS variant. If the variant does not match the variant of the given installer URL, an error will occur. [required]
- Options
oss|enterprise
-
--wait-for-dcos
¶
Wait for DC/OS after creating the cluster. This is equivalent to using “minidcos aws wait” after this command. “minidcos aws wait” has various options available and so may be more appropriate for your use case.
-
--masters
<masters>
¶ The number of master nodes. [default: 1]
-
--agents
<agents>
¶ The number of agent nodes. [default: 1]
-
--extra-config
<extra_config>
¶ The path to a file including DC/OS configuration YAML. The contents of this file will be added to add to a default configuration.
-
--public-agents
<public_agents>
¶ The number of public agent nodes. [default: 1]
-
--aws-instance-type
<aws_instance_type>
¶ The AWS instance type to use. [default: m4.large]
-
--aws-region
<aws_region>
¶ The AWS region to use. [default: us-west-2]
-
--linux-distribution
<linux_distribution>
¶ The Linux distribution to use on the nodes. [default: centos-7]
- Options
centos-7|coreos
-
--workspace-dir
<workspace_dir>
¶ Creating a cluster can use approximately 2 GB of temporary storage. Set this option to use a custom “workspace” for this temporary storage. See https://docs.python.org/3/library/tempfile.html#tempfile.gettempdir for details on the temporary directory location if this option is not set.
-
--license-key
<license_key>
¶ This is ignored if using open source DC/OS. If using DC/OS Enterprise, this defaults to the value of the DCOS_LICENSE_KEY_PATH environment variable.
-
--genconf-dir
<files_to_copy_to_genconf_dir>
¶ Path to a directory that contains additional files for the DC/OS installer. All files from this directory will be copied to the “genconf” directory before running the DC/OS installer.
-
--security-mode
<security_mode>
¶ The security mode to use for a DC/OS Enterprise cluster. This overrides any security mode set in
--extra-config
.- Options
disabled|permissive|strict
-
--copy-to-master
<copy_to_master>
¶ Files to copy to master nodes before installing DC/OS. This option can be given multiple times. Each option should be in the format /absolute/local/path:/remote/path.
-
-v
,
--verbose
¶
Use verbose output. Use this option multiple times for more verbose output.
-
-c
,
--cluster-id
<cluster_id>
¶ A unique identifier for the cluster. Use the value “default” to use this cluster for other commands without specifying –cluster-id.
-
--enable-selinux-enforcing
¶
With this flag set, SELinux is set to enforcing before DC/OS is installed on the cluster.
-
--enable-spinner
,
--no-enable-spinner
¶
Whether to show a spinner animation. This defaults to true if stdout is a TTY.
Arguments
-
INSTALLER_URL
¶
Required argument
Environment variables
-
DCOS_LICENSE_KEY_PATH
Provide a default for
--license-key
destroy¶
Destroy a cluster.
minidcos aws destroy [OPTIONS]
Options
-
--enable-spinner
,
--no-enable-spinner
¶
Whether to show a spinner animation. This defaults to true if stdout is a TTY.
-
--aws-region
<aws_region>
¶ The AWS region to use. [default: us-west-2]
-
-v
,
--verbose
¶
Use verbose output. Use this option multiple times for more verbose output.
-
-c
,
--cluster-id
<cluster_id>
¶ The ID of the cluster to use. [default: default]
destroy-list¶
Destroy clusters.
To destroy all clusters, run
minidcos aws destroy $(minidcos aws list)
.
minidcos aws destroy-list [OPTIONS] [CLUSTER_IDS]...
Options
-
--aws-region
<aws_region>
¶ The AWS region to use. [default: us-west-2]
-
--enable-spinner
,
--no-enable-spinner
¶
Whether to show a spinner animation. This defaults to true if stdout is a TTY.
-
-v
,
--verbose
¶
Use verbose output. Use this option multiple times for more verbose output.
Arguments
-
CLUSTER_IDS
¶
Optional argument(s)
doctor¶
Diagnose common issues which stop this CLI from working correctly.
minidcos aws doctor [OPTIONS]
Options
-
-v
,
--verbose
¶
Use verbose output. Use this option multiple times for more verbose output.
inspect¶
Show cluster details.
minidcos aws inspect [OPTIONS]
Options
-
-c
,
--cluster-id
<cluster_id>
¶ The ID of the cluster to use. [default: default]
-
--aws-region
<aws_region>
¶ The AWS region to use. [default: us-west-2]
-
-v
,
--verbose
¶
Use verbose output. Use this option multiple times for more verbose output.
install¶
Install DC/OS on a provisioned AWS cluster.
minidcos aws install [OPTIONS] INSTALLER_URL
Options
-
--variant
<variant>
¶ Choose the DC/OS variant. If the variant does not match the variant of the given installer URL, an error will occur. [required]
- Options
oss|enterprise
-
--wait-for-dcos
¶
Wait for DC/OS after creating the cluster. This is equivalent to using “minidcos aws wait” after this command. “minidcos aws wait” has various options available and so may be more appropriate for your use case.
-
--extra-config
<extra_config>
¶ The path to a file including DC/OS configuration YAML. The contents of this file will be added to add to a default configuration.
-
--aws-region
<aws_region>
¶ The AWS region to use. [default: us-west-2]
-
--workspace-dir
<workspace_dir>
¶ Creating a cluster can use approximately 2 GB of temporary storage. Set this option to use a custom “workspace” for this temporary storage. See https://docs.python.org/3/library/tempfile.html#tempfile.gettempdir for details on the temporary directory location if this option is not set.
-
--license-key
<license_key>
¶ This is ignored if using open source DC/OS. If using DC/OS Enterprise, this defaults to the value of the DCOS_LICENSE_KEY_PATH environment variable.
-
--genconf-dir
<files_to_copy_to_genconf_dir>
¶ Path to a directory that contains additional files for the DC/OS installer. All files from this directory will be copied to the “genconf” directory before running the DC/OS installer.
-
--security-mode
<security_mode>
¶ The security mode to use for a DC/OS Enterprise cluster. This overrides any security mode set in
--extra-config
.- Options
disabled|permissive|strict
-
-v
,
--verbose
¶
Use verbose output. Use this option multiple times for more verbose output.
-
-c
,
--cluster-id
<cluster_id>
¶ A unique identifier for the cluster. Use the value “default” to use this cluster for other commands without specifying –cluster-id.
-
--enable-spinner
,
--no-enable-spinner
¶
Whether to show a spinner animation. This defaults to true if stdout is a TTY.
Arguments
-
INSTALLER_URL
¶
Required argument
Environment variables
-
DCOS_LICENSE_KEY_PATH
Provide a default for
--license-key
list¶
List all clusters.
minidcos aws list [OPTIONS]
Options
-
--aws-region
<aws_region>
¶ The AWS region to use. [default: us-west-2]
provision¶
Provision an AWS cluster to install DC/OS.
minidcos aws provision [OPTIONS]
Options
-
--custom-tag
<custom_tag>
¶ Add tags to EC2 instances in the format “<TAG_KEY>:<TAG_VALUE>”.
-
--masters
<masters>
¶ The number of master nodes. [default: 1]
-
--agents
<agents>
¶ The number of agent nodes. [default: 1]
-
--public-agents
<public_agents>
¶ The number of public agent nodes. [default: 1]
-
--aws-instance-type
<aws_instance_type>
¶ The AWS instance type to use. [default: m4.large]
-
--aws-region
<aws_region>
¶ The AWS region to use. [default: us-west-2]
-
--linux-distribution
<linux_distribution>
¶ The Linux distribution to use on the nodes. [default: centos-7]
- Options
centos-7|coreos
-
--workspace-dir
<workspace_dir>
¶ Creating a cluster can use approximately 2 GB of temporary storage. Set this option to use a custom “workspace” for this temporary storage. See https://docs.python.org/3/library/tempfile.html#tempfile.gettempdir for details on the temporary directory location if this option is not set.
-
--copy-to-master
<copy_to_master>
¶ Files to copy to master nodes before installing DC/OS. This option can be given multiple times. Each option should be in the format /absolute/local/path:/remote/path.
-
-v
,
--verbose
¶
Use verbose output. Use this option multiple times for more verbose output.
-
-c
,
--cluster-id
<cluster_id>
¶ A unique identifier for the cluster. Use the value “default” to use this cluster for other commands without specifying –cluster-id.
-
--enable-selinux-enforcing
¶
With this flag set, SELinux is set to enforcing before DC/OS is installed on the cluster.
-
--enable-spinner
,
--no-enable-spinner
¶
Whether to show a spinner animation. This defaults to true if stdout is a TTY.
run¶
Run an arbitrary command on a node or multiple nodes.
To use special characters such as single quotes in your command, wrap the whole command in double quotes.
minidcos aws run [OPTIONS] NODE_ARGS...
Options
-
-c
,
--cluster-id
<cluster_id>
¶ The ID of the cluster to use. [default: default]
-
--dcos-login-uname
<dcos_login_uname>
¶ The username to set the
DCOS_LOGIN_UNAME
environment variable to. [default: bootstrapuser]
-
--dcos-login-pw
<dcos_login_pw>
¶ The password to set the
DCOS_LOGIN_PW
environment variable to. [default: deleteme]
-
--sync-dir
<sync_dir>
¶ The path to a DC/OS checkout. Part of this checkout will be synced to all master nodes before the command is run. The bootstrap directory is synced if the checkout directory variant matches the cluster variant.Integration tests are also synced.Use this option multiple times on a DC/OS Enterprise cluster to sync both DC/OS Enterprise and DC/OS Open Source tests.
-
-te
,
--test-env
¶
With this flag set, environment variables are set and the command is run in the integration test directory. This means that “pytest” will run the integration tests.
-
--env
<env>
¶ Set environment variables in the format “<KEY>=<VALUE>”
-
--aws-region
<aws_region>
¶ The AWS region to use. [default: us-west-2]
-
-v
,
--verbose
¶
Use verbose output. Use this option multiple times for more verbose output.
-
--node
<node>
¶ A reference to a particular node to run the command on. This can be one of: The node’s public IP address, The node’s private IP address, the node’s EC2 instance ID, a reference in the format “<role>_<number>”. These details be seen with
minidcos aws inspect
. [default: master_0]
Arguments
-
NODE_ARGS
¶
Required argument(s)
send-file¶
Send a file to a node or multiple nodes.
minidcos aws send-file [OPTIONS] SOURCE DESTINATION
Options
-
-c
,
--cluster-id
<cluster_id>
¶ The ID of the cluster to use. [default: default]
-
--node
<node>
¶ A reference to a particular node to run the command on. This can be one of: The node’s public IP address, The node’s private IP address, the node’s EC2 instance ID, a reference in the format “<role>_<number>”. These details be seen with
minidcos aws inspect
. [default: master_0]
-
-v
,
--verbose
¶
Use verbose output. Use this option multiple times for more verbose output.
-
--aws-region
<aws_region>
¶ The AWS region to use. [default: us-west-2]
Arguments
-
SOURCE
¶
Required argument
-
DESTINATION
¶
Required argument
sync¶
Sync files from a DC/OS checkout to master nodes.
This syncs integration test files and bootstrap files.
DCOS_CHECKOUT_DIR
should be set to the path of clone of an open source
DC/OS or DC/OS Enterprise repository.
By default the DCOS_CHECKOUT_DIR
argument is set to the value of the
DCOS_CHECKOUT_DIR
environment variable.
If no DCOS_CHECKOUT_DIR
is given, the current working directory is
used.
This makes an assumption that all DC/OS Enterprise and DC/OS OSS
integration tests are in the top level packages/dcos-integration-test
directory.
minidcos aws sync [OPTIONS] [DCOS_CHECKOUT_DIR]
Options
-
-c
,
--cluster-id
<cluster_id>
¶ The ID of the cluster to use. [default: default]
-
--aws-region
<aws_region>
¶ The AWS region to use. [default: us-west-2]
-
-v
,
--verbose
¶
Use verbose output. Use this option multiple times for more verbose output.
Arguments
-
DCOS_CHECKOUT_DIR
¶
Optional argument
Environment variables
-
DCOS_CHECKOUT_DIR
Provide a default for
DCOS_CHECKOUT_DIR
upgrade¶
Upgrade a cluster to a given version of DC/OS.
minidcos aws upgrade [OPTIONS] INSTALLER_URL
Options
-
-c
,
--cluster-id
<cluster_id>
¶ The ID of the cluster to use. [default: default]
-
-v
,
--verbose
¶
Use verbose output. Use this option multiple times for more verbose output.
-
--extra-config
<extra_config>
¶ The path to a file including DC/OS configuration YAML. The contents of this file will be added to add to a default configuration.
-
--variant
<variant>
¶ Choose the DC/OS variant. If the variant does not match the variant of the given installer URL, an error will occur. [required]
- Options
oss|enterprise
-
--aws-region
<aws_region>
¶ The AWS region to use. [default: us-west-2]
-
--workspace-dir
<workspace_dir>
¶ Creating a cluster can use approximately 2 GB of temporary storage. Set this option to use a custom “workspace” for this temporary storage. See https://docs.python.org/3/library/tempfile.html#tempfile.gettempdir for details on the temporary directory location if this option is not set.
-
--security-mode
<security_mode>
¶ The security mode to use for a DC/OS Enterprise cluster. This overrides any security mode set in
--extra-config
.- Options
disabled|permissive|strict
-
--wait-for-dcos
¶
Wait for DC/OS after creating the cluster. This is equivalent to using “minidcos aws wait” after this command. “minidcos aws wait” has various options available and so may be more appropriate for your use case.
-
--license-key
<license_key>
¶ This is ignored if using open source DC/OS. If using DC/OS Enterprise, this defaults to the value of the DCOS_LICENSE_KEY_PATH environment variable.
-
--enable-spinner
,
--no-enable-spinner
¶
Whether to show a spinner animation. This defaults to true if stdout is a TTY.
-
--genconf-dir
<files_to_copy_to_genconf_dir>
¶ Path to a directory that contains additional files for the DC/OS installer. All files from this directory will be copied to the “genconf” directory before running the DC/OS installer.
Arguments
-
INSTALLER_URL
¶
Required argument
Environment variables
-
DCOS_LICENSE_KEY_PATH
Provide a default for
--license-key
wait¶
Wait for DC/OS to start.
minidcos aws wait [OPTIONS]
Options
-
-c
,
--cluster-id
<cluster_id>
¶ The ID of the cluster to use. [default: default]
-
--superuser-username
<superuser_username>
¶ The superuser username is needed only on DC/OS Enterprise clusters. [default: bootstrapuser]
-
--superuser-password
<superuser_password>
¶ The superuser password is needed only on DC/OS Enterprise clusters. [default: deleteme]
-
-v
,
--verbose
¶
Use verbose output. Use this option multiple times for more verbose output.
-
--aws-region
<aws_region>
¶ The AWS region to use. [default: us-west-2]
-
--enable-spinner
,
--no-enable-spinner
¶
Whether to show a spinner animation. This defaults to true if stdout is a TTY.
web¶
Open the browser at the web UI.
Note that the web UI may not be available at first.
Consider using minidcos aws wait
before running this command.
minidcos aws web [OPTIONS]
Options
-
-c
,
--cluster-id
<cluster_id>
¶ The ID of the cluster to use. [default: default]
-
--aws-region
<aws_region>
¶ The AWS region to use. [default: us-west-2]
-
-v
,
--verbose
¶
Use verbose output. Use this option multiple times for more verbose output.