Infrastructure at your Service

Julia Gugel

Deploy DC/OS using Ansible (Part 1) – Getting Started

To start into this topic I want to shortly explain some basics. Afterwards I show you how to prepare the configuration files.

Ansible

Ansible is a Open Source automation utility. It is used for orchestration and configuration as well as the administration of PCs/Servers. You could say, okay but we have puppet or saltstack or an other framework, why should I use Ansible? Ansible differs! It has no Agent installed on the systems, it just needs a working SSH connection and a python installation. For deploying changes just write a Ansible Playbook, a simple YAML-File. For further information about Ansible just visit the Ansible Homepage.

DC/OS

Mesosphere’s DC/OS is a distributed operating system based on Apache Mesos (read more). It gives you the possibility to manage multiple machines as if they were one. Resource management, process placement scheduling, simplified installations and management of distributed services can be automated using DC/OS. DC/OS comes with a web interface as well as a command-line interface which can be used for monitoring and remote management.
DC/OS can be used as cluster manager, container platform and operating system. A quite mighty tool. To explain all the functionalities would go to far.

For setup the minimal DC/OS Using Ansible you need at least six servers:
– one Ansible
– one Bootstrap
– one Master
– two private Agents
– one public Agent

Bootstrap Node

In general, the bootstrap is the essential one when you spin up a server. It is used as staging location for the software installation, stores the DC/OS configuration and the bootstrap files for the DC/OS.

Master Node

The DC/OS master manages “the rest” of the cluster. It’s possible to run one or more master nodes. They contain most of the DC/OS components and the Mesos master process. It also provides the web interface, which provides a nice graphical view of the DC/OS Cluster

Private Agent Node

The private agents do not allow access from outside the cluster. They provide resources to the cluster.

Public Agent Node

The public agent node is a node on the network, that allows access from the outside of the DC/OS. The public agent is primary used as a kind of load balancer to decrease the surface that could be accessed by attackers.
In a cluster you need less public agent nodes than private agent nodes as they can handle the multiple agent services.

I just described the node components used for the installation. If you want more and deeper insights into DC/OS and it’s architecture, you can find a detailed documentation on the Mesosphere Homepage

Architecture

For the minimal installation of this DC/OS you need six servers:
Each of the server with a public and a private IP expect the ansible server.

servers

To install the DC/OS using Ansible I used the playbooks from GitHub. But as usual there is some specific stuff, when you test it at your environment.

Prepare the ansible server

Install git and get ansible-dcos from git-hub

[root@dcos-ansible ~]# yum install git -y

[root@dcos-ansible ~]# git clone https://github.com/dcos-labs/ansible-dcos
Cloning into 'ansible-dcos'...
remote: Enumerating objects: 69, done.
remote: Counting objects: 100% (69/69), done.
remote: Compressing objects: 100% (48/48), done.
remote: Total 1957 (delta 25), reused 42 (delta 15), pack-reused 1888
Receiving objects: 100% (1957/1957), 312.95 KiB | 0 bytes/s, done.
Resolving deltas: 100% (982/982), done.

[root@dcos-ansible ~]# cd ansible-dcos/
[root@dcos-ansible ansible-dcos]# git tag
v0.1.0-alpha
v0.2.0-alpha
v0.2.1-alpha
v0.3.0-alpha
v0.4.0-alpha
v0.5.0-dcos-1.10
v0.6.0-dcos-1.11
v0.6.1-dcos-1.11
v0.7.0-dcos-1.11
[root@dcos-ansible ansible-dcos]# git checkout v0.7.0-dcos-1.11
Note: checking out 'v0.7.0-dcos-1.11'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b new_branch_name

HEAD is now at 1f2cf7d... Prepare version v0.7.0-dcos-1.11

Install ansible

[root@dcos-ansible ansible-dcos]# yum install ansible

Prepare the hosts.yaml file

[root@dcos-ansible ansible-dcos]# pwd
/root/ansible-dcos
[root@dcos-ansible ansible-dcos]# cp hosts.example.yaml hosts.yaml

[root@dcos-ansible ansible-dcos]# cat hosts.yaml
---
# Example for an ansible inventory file
all:
  children:
    bootstraps:
      hosts:
        # Public IP Address of the Bootstrap Node
        192.168.22.100:
    masters:
      hosts:
        # Public IP Addresses for the Master Nodes
        192.168.22.101:
    agents:
      hosts:
        # Public IP Addresses for the Agent Nodes
        192.168.22.102:
        192.168.22.103:
    agent_publics:
      hosts:
        # Public IP Addresses for the Public Agent Nodes
        192.168.22.104:
  vars:
    # IaaS target for DC/OS deployment
    # options: aws, gcp, azure or onprem
    dcos_iaas_target: 'onprem'

    # Choose the IP Detect Script
    # options: eth0, eth1, ... (or other device name for existing network interface)
    dcos_ip_detect_interface: 'eth0'

    # (internal/private) IP Address of the Bootstrap Node
    dcos_bootstrap_ip: '10.0.0.1'

    # (internal/private) IP Addresses for the Master Nodes
    dcos_master_list:
      - 10.0.0.2

    # DNS Resolvers
    dcos_resolvers:
      - 8.8.4.4
      - 8.8.8.8

    # DNS Search Domain
    dcos_dns_search: 'None'

    # Internal Loadbalancer DNS for Masters (only needed for exhibitor: aws_s3)
    dcos_exhibitor_address: 'masterlb.internal'

    # External Loadbalancer DNS for Masters or
    # (external/public) Master Node IP Address (only needed for cli setup)
    dcos_master_address: 'masterlb.external'

Create the setup variables for DC/OS

[root@dcos-ansible ansible-dcos]# pwd
/root/ansible-dcos
cp group_vars/all.example group_vars/all

enable SSH access on nodes with Ansible

In case of authentication problem using ansible playbooks, repeat the steps with “exec….” and “sshd-add…”

ssh-keygen -t rsa -b 4096 -C "admin@it.dbi-services.com" -f ~/.ssh/ansible-dcos
[root@dcos-ansible ansible-dcos]# exec /usr/bin/ssh-agent $SHELL
[root@dcos-ansible ansible-dcos]# ssh-add ~/.ssh/ansible-dcos
Enter passphrase for /root/.ssh/ansible-dcos:
Identity added: /root/.ssh/ansible-dcos (/root/.ssh/ansible-dcos)

Enter lines for initial SSH access on all nodes with ansible in group_vars/all

All systems must have the same username/password combination, otherwise ansible runs into failures.
In this step you have to change only the last 4 lines of group_vars/all

[root@dcos-ansible ansible-dcos]# cat group_vars/all
---
# Install latest operating system updates
os_system_updates: False

# DC/OS cluster version
dcos_version: '1.11.4'

# If planning to upgrade a previous deployed DC/OS Cluster,
# uncomment the following variable
#dcos_upgrade_from_version: '1.11.3'

# Download URL for DC/OS
dcos_download: "https://downloads.dcos.io/dcos/stable/{{ dcos_version }}/dcos_generate_config.sh"

# Name of the DC/OS Cluster
dcos_cluster_name: 'demo'

# Deploy Mesosphere Enterprise DC/OS or DC/OS OSS?
dcos_deploy_ee_package: False

# Optional if dcos_iaas_target := aws
#dcos_exhibitor: 'aws_s3'
#dcos_aws_access_key_id: '******'
#dcos_aws_secret_access_key: '******'
#dcos_aws_region: 'us-west-2'
#dcos_s3_bucket: 'bucket-name'

# Optional if dcos_iaas_target := azure
#dcos_exhibitor: 'azure'
#dcos_exhibitor_azure_account_name: 'name'
#dcos_exhibitor_azure_account_key: '******'

# Only required when deploying Mesosphere Enterprise DC/OS
dcos_ee_security: 'permissive'
dcos_ee_license_key_contents: '******'
dcos_ee_superuser_username: admin
# Default password:= admin
dcos_ee_superuser_password_hash: "$6$rounds=656000$8CXbMqwuglDt3Yai$ZkLEj8zS.GmPGWt.dhwAv0.XsjYXwVHuS9aHh3DMcfGaz45OpGxC5oQPXUUpFLMkqlXCfhXMloIzE0Xh8VwHJ."

# Configure rexray to enable support of external volumes (only for Mesosphere Enterprise DC/OS)
# Note: Set rexray_config_method: file and edit ./roles/bootstrap/templates/rexray.yaml.j2 for a custom rexray configuration
# options: empty, file
dcos_ee_rexray_config_method: empty

#For initial SSH access on nodes with Ansible
ansible_password: "password"
ansible_become_pass: "password"
#initial_remote_user: root

Change ansible configuration file

[defaults]
inventory = hosts.yaml
host_key_checking = False
remote_user = ansible
roles_path = ./roles
[all:vars]
ansible_connection=ssh
ansible_user=ansible
ansible_ssh_pass=password

Insert the servers to Ansible hosts file

As most of this file is commented out, I just post the section I added

[root@dcos-ansible ansible-dcos]# cat /etc/ansible/hosts
[dcos_servers]
192.168.22.100
192.168.22.101
192.168.22.102
192.168.22.103
192.168.22.104

Finally we can start with the playbooks – Read part 2 for this

Leave a Reply

Julia Gugel
Julia Gugel

Consultant