Guide to deploying a 3-node DSX Local Cluster on AWS
Part 1: Deploying AWS Cluster
On your EC2 dashboard click on launch instance.
Step 1: Choose an Amazon Machine Image (AMI)
Select AWS Marketplace and search for Centos -> Chose the Centos version you need (I chose CentOS 7 (x86_64) - with Updates HVM)
Step 2: Choose an Instance Type.
Select m4.4xlarge or m4.2xlarge
Step 3: Configure Instance Details
Set Number of Instances as 3
Step 4: Add Storage
You need to add Root storage minimum 50GB and additional EBS storage of around 500GB( if you deploying for just test purpose 300GB is fine). DSX usually require high IOPS so provisioned SSD are preferred. But be advised that provisioned SSD are expensive due to high IOPS.
Step 5: Add Tags Optional
Step 6: Configure Security Group
You need to set up a custom security group, which should include -
Custom TCP rule, port 6443 and range 172.31.0.0/16 -> used for internal connection
Allow all connection between nodes
Allow restricted connection from outside.
Step 7: Review and Instance Launch
You would be required to create a key-pair that will allow you to access the cluster over SSH.
Part 2: Prepare nodes to Install DSX.
After the nodes have been launched successfully, set one node as a master node. Follow the steps below to prepare the nodes for installation
Step 1. Invoking root login on each node .
ssh into each of the three nodes. Use the following commands -
sudo sed -i '/^#PermitRootLogin.*/s/^#//' /etc/ssh/sshd_config
cat /etc/ssh/sshd_config | grep PermitRootLogin
Now, edit the ~/.ssh/authorized_keys to get rid of "no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"centos\" rather than the user \"root\".';echo;sleep 10"
Step 2. Configure password-less ssh between all the nodes
Creating a ssh key
copy content from ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys of all nodes.
Test ssh connection between all the nodes including self, Note: Use the private ip of each node to ssh.
Step 3. Create two partitions for install and data.
Step 3: Register Targets register nodes in your cluster
Review and launch the load balancer. Once the ELB has been provisioned, get the IP address attached to the ELB from the DNS name - ping DNS_Name 2. Also, make sure that the target nodes has been attached to the ELB. Note: You might get warning the nodes are not healthy but its fine.
2. External Load Balancer to access cluster over HTTPS
Step 1: Configure Load Balancer
Note that here we are using port 443.
Step 2: Configure Security Settings
You can either choose your own ACM certificate or you can upload a certificate to ACM. Note: This step will work only once you have kicked off the installation. In this scenario you are creating this load balancer after the installation has been kicked off. This is good too. One way to create a ACM certificate is -
For private key use apiserver-key.pem
For certificate body use apiserver.pem
For certificate chain use ca.pem
Step 3: Configure Security Groups
Now you can configure your security group, make sure you are using same security group you earlier used to spin your instances.
Step 4: Configure Routing
Make sure to use HTTPS and set path for health check as /auth/login/login.html
Step 5: Register Targets
Review and Create the Load Balancer.
Part 4: Running DSX Installer
Step 1: Run pre-installation check
Before running installation you want to make sure that the nodes pass some basic tests. You can get the script here. Run the script, see if there are any errors while the script ran. Note: It might complain about the number of cores but you can ignore it.
Step 2: Get installer on /install folder
Download the DSX installer(optional), not needed if you have it locally. Change its permission to execute.
Step 3: Create Config file for DSX Installation
Before running the installer we would like to create a config file called as wdp.conf. This file can be created as -
your_installer --get-conf-key --three-nodes
This will create wdp.conf file. Now edit this file by replacing "load_balancer_ip_address" for "virtual_ip_address" and add the ip address of TCP load balancer. Also you would need to add 2 options to this file - Suppress Warning, No Path check. These options will suppress any warnings that you get during installation. Any errors can be later referred in the error logs.
load_balancer_ip_address=IP addr of TCP lb
node_1=internal ip address of master node
node_2=internal ip address of node2
node_3=internal ip address of node3
Step 4: Kick in the installation
Set off the installer. Note: We recommend using screen option as installation takes ~2 hr so you can restore the session if it gets disconnected from local machine.
Part 5: Launch DSX and check the setup
After the installation has completed launch the DSX on your web browser. The ip address listed on your installer screen will not works. You will need to get the IP address of the external load balancer by ping DNS Name.