Skip to content

Instantly share code, notes, and snippets.

@developerinlondon

developerinlondon/gist:adb32d0ef5d7216fc070

Forked from andyshinn/DEISAWS.md
Created June 5, 2014 16:00
Show Gist options
  • Save developerinlondon/adb32d0ef5d7216fc070 to your computer and use it in GitHub Desktop.
Save developerinlondon/adb32d0ef5d7216fc070 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.md

Deploying Deis on AWS

These instructions will get you up and running with Deis and CoreOS in a AWS VPC. There already exists a CloudFormation script to get up and running in AWS. But if you want to get down and dirty, this document will help walk you through the steps. Some of the AWS steps have the equivilent AWS CLI commands to get up and running without need for the AWS web interface.

AWS

Since we will be running CoreOS and Deis inside a VPC we need some AWS setup first. We need a single subnet VPC, some security groups, and instances of CoreOS.

VPC

Use the VPC wizard to create a VPC with single subnet. You can also use the AWS CLI to get a VPC and subnet up (be sure to replace the example VPC ID vpc-a01106c2 with the one output from the previous create-vpc command):

$ aws ec2 create-vpc --cidr-block 172.16.0.0/16
VPC	172.16.0.0/16	dopt-674f8b0e	default	pending	vpc-a01106c2
$ aws ec2 create-subnet --vpc-id vpc-a01106c2 --cidr-block 172.16.48.0/24
SUBNET	us-west-2a	251	172.8.96.0/24	pending	subnet-8e8c97fa	vpc-a01106c2

Security Groups

Create security groups for remote SSH access, etcd, fleet, and Deis remote access

  • Inbound port 22 for your remote SSH management (this can be limited by IP address)
  • Inbound port 2222, 80, and 443 TCP for your remote git push SSH and Deis router
  • Inbound all traffic for the current security group (the default group is fine, this allows each CoreOS instance to talk to each other on all ports)

Instances

You need to start up at least 3 insances of the current alpha CoreOS image.

  • Image: Search for CoreOS-alpha-324.1.0 (shoul be ami-a1c6b791).
  • Instance Type: This should be at least m3.medium so there is enough memory per node.
  • Instance Details:
  • Start an odd number of instances between 3 and 13.
  • Check to automatically assign public IP addresses.
  • Be sure to set the network to your newly created VPN.
  • Expand the Advanced section and fill out the user-data (replacing <token> with your own generated from http://discovery.etcd.io/new):
#cloud-config

coreos:
  etcd:
    discovery: https://discovery.etcd.io/<token>
    addr: $private_ipv4:4001
    peer-addr: $private_ipv4:7001
  units:
    - name: etcd.service
      command: start
    - name: fleet.service
      command: start
  • Storage: Your main EBS root can be default 8 GB. But you will need to mount another EBS volume at /var/lib/docker that gives you plenty of space for image storage (16 GB is a good start).
  • Security Groups: Assign the 3 previously created security groups the the new instances.

We can create these instances using the AWS CLI. First save your cloud config file from above as cloudinit. Then using the AWS CLI (replacing VolumeSize, security-group-ids, subnet-id, and other options with the correct ones for your environment):

$ aws ec2 run-instances --dry-run --image-id ami-a7d1a197 --block-device-mappings '[{"DeviceName": "/dev/sda1","Ebs": {"VolumeSize": 32}}]' --security-group-ids sg-b4d97dd1 sg-d9db7fbc sg-ffdb7f9a --associate-public-ip-address --count 5 --instance-type m3.large --subnet-id subnet-de170faa --key-name deis --user-data file://cloudinit

Load Balancers

Create two load balancers.

Deis Control

This load balancer should be TCP 80 to TCP 8000 and TCP 2222 to TCP 2222 with all instances. This is used for Deis control and git push to the deis-builder. We will later add DNS to this load balancer for the deis.mydomain.com A record.

Deis Applications

This load balancer should be HTTP 80 to HTTP 80 and HTTPS 443 to HTTP 80 with all instances. This is what balances applications running in Deis and will have wilcard DNS *.deis.mydomain.com mapped.

DNS

Create two new DNS records. If you are using AWS Route53, these should be aliases to the load balancer instances instead of CNAMEs.

  • deis.mydomain.com which will point to the Deis Control load balancer
  • *.deis.mydomain.com which will point to the Deis Applications load balancer

Deis

Install

Clone the lastest version of Deis:

git clone https://github.com/deis/deis.git deis`

Then install the CLI:

cd deis/client
sudo python setup.py install
cd ..

Setup

The FLEETCTL_TUNNEL environment variable provides a gateway to use in the datacenter to one of the CoreOS hosts:

export FLEETCTL_TUNNEL=ec2-55-55-55-55.us-west-2.compute.amazonaws.com

Now we can bootstrap the Deis containers. DEIS_NUM_INSTANCES should match the number of EC2 instances launched. DEIS_NUM_ROUTERS should be 3 or more Deis application load balancer routers to run:

DEIS_NUM_INSTANCES=5
DEIS_NUM_ROUTERS=3
make run

Then register the admin user (the first user registered is an admin):

deis register http://deis.mydomain.com

You can now login to Deis:

deis login http://deis.mydomain.com

Create a new cluster named deis to run applications under:

deis clusters:create deis deis.mydomain.com --hosts deis.mydomain.com --auth ~/.ssh/id_rsa

Applications

Creating an application requires that application be housed under git already. Navigate to the application root and then:

deis create myapp --cluster deis
git push deis master

Your application will now be built and run inside the Deis cluster! After the application is pushed it should be running at http://myapp.deis.mydomain.com:

deis apps:info
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment