AWS

The minidcos aws CLI allows you to create and manage open source DC/OS and DC/OS Enterprise clusters on AWS EC2 instances.

A typical CLI workflow for open source DC/OS may look like the following. Install the CLI (see Installation), then create and manage a cluster:

Fix issues shown by minidcos aws doctor
minidcos aws doctor
minidcos aws create https://downloads.dcos.io/dcos/stable/dcos_generate_config.sh --variant oss
default
minidcos aws wait
minidcos aws run --test-env --sync-dir /path/to/dcos/checkout pytest -k test_tls
...
Get onto a node
minidcos aws run bash
[master-0]# exit
minidcos aws destroy

Each of these and more are described in detail below.

Requirements

Amazon Web Services

An Amazon Web Services account with sufficient funds must be available.

The AWS credentials for the account must be present either in the environment as environment variables or in the default file system location under ~/.aws/credentials with a AWS profile in the environment referencing those credentials.

The Mesosphere internal AWS tool maws automatically stores account specific temporary AWS credentials in the default file system location and exports the corresponding profile into the environment. After logging in with maws clusters can be launched using the AWS backend.

For CI deployments long lived credentials are preferred. It is recommended to use the environment variables method for AWS credentials in that case.

The environment variables are set as follows:

export AWS_ACCESS_KEY_ID=<aws_access_key_id>
export AWS_SECRET_ACCESS_KEY=<aws_secret_access_key>

The EC2 instances launched by the AWS backend will bring about costs in the order of 24 ct per instance, assuming the fixed cluster lifetime of two hours and m4.large EC2 instances.

ssh

The ssh command must be available.

Operating System

The AWS backend has been tested on macOS and on Linux.

It is not expected that it will work out of the box with Windows, see issue QUALITY-1771.

If your operating system is not supported, it may be possible to use Vagrant, or another Linux virtual machine.

doctor command

minidcos aws comes with the doctor command. Run this command to check your system for common causes of problems.

Creating a Cluster

To create a cluster you first need the link to a DC/OS installer.

These can be found on the releases page.

DC/OS Enterprise is also supported. Ask your sales representative for installers.

Creating a cluster is possible with the create command. This command allows you to customize the cluster in many ways.

The command returns when the DC/OS installation process has started. To wait until DC/OS has finished installing, use the wait command.

To use this cluster, it is useful to find details using the inspect command.

DC/OS Enterprise

There are multiple DC/OS Enterprise-only features available in create.

The only extra requirement is to give a valid license key, for DC/OS 1.11+. See create for details on how to provide a license key.

Ask your sales representative for DC/OS Enterprise installers.

For, example, run the following to create a DC/OS Enterprise cluster in strict mode:

minidcos aws create $DCOS_ENTERPRISE_URL \
     --variant enterprise \
     --license-key /path/to/license.txt \
     --security-mode strict

The command returns when the DC/OS installation process has started. To wait until DC/OS has finished installing, use the wait command.

See create for details on this command and its options.

Cluster IDs

Clusters have unique IDs. Multiple commands take --cluster-id options. Specify a cluster ID in create, and then use it in other commands. Any command which takes a --cluster-id option defaults to using “default” if no cluster ID is given.

Running commands on Cluster Nodes

It is possible to run commands on a cluster node in multiple ways. These include using run and ssh.

Running commands on a cluster node using run

It is possible to run the following to run a command on an arbitrary master node.

minidcos aws run systemctl list-units

See run for more information on this command.

Running commands on a cluster node using ssh

One SSH key allows access to all nodes in the cluster. See this SSH key’s path and the IP addresses of nodes using inspect.

Getting on to a Cluster Node

Sometimes it is useful to get onto a cluster node. To do this, you can use any of the ways of Running commands on Cluster Nodes.

For example, to use run to run bash to get on to an arbitrary master node:

minidcos aws run bash

Destroying Clusters

There are two commands which can be used to destroy clusters. These are destroy and destroy-list.

Either destroy a cluster with destroy:

minidcos aws destroy
default
minidcos aws destroy --cluster-id pr_4033_strict
pr_4033_strict

or use destroy-list to destroy multiple clusters:

minidcos aws destroy-list pr_4033_strict pr_4019_permissive
pr_4033_strict
pr_4019_permissive

To destroy all clusters, run the following command:

minidcos aws destroy-list $(dcos-aws list)
pr_4033_strict
pr_4019_permissive

Running Integration Tests

The run command is useful for running integration tests.

To run integration tests which are developed in the a DC/OS checkout at /path/to/dcos, you can use the following workflow:

minidcos aws create \
     --variant oss \
     https://downloads.dcos.io/dcos/stable/dcos_generate_config.sh
minidcos aws wait
minidcos aws run --test-env --sync-dir /path/to/dcos/checkout pytest -k test_tls.py

There are multiple options and shortcuts for using these commands. See run for more information on this command.

Viewing the Web UI

To view the web UI of your cluster, use the web command. To see the web UI URL of your cluster, use the inspect command.

Before viewing the UI, you may first need to configure your browser to trust your DC/OS CA, or choose to override the browser protection.

Using a Custom CA Certificate

On DC/OS Enterprise clusters, it is possible to use a custom CA certificate. See the Custom CA certificate documentation for details. It is possible to use create to create a cluster with a custom CA certificate.

1. Create or obtain the necessary files:

   dcos-ca-certificate.crt, dcos-ca-certificate-key.key, and dcos-ca-certificate-chain.crt.

2. Put the above-mentioned files into a directory, e.g. /path/to/genconf/.

3. Create a file containing the “extra” configuration.

   create takes an --extra-config option. This adds the contents of the specified YAML file to a minimal DC/OS configuration.

   Create a file with the following contents:

   ca_certificate_path: genconf/dcos-ca-certificate.crt
   ca_certificate_key_path: genconf/dcos-ca-certificate-key.key
   ca_certificate_chain_path: genconf/dcos-ca-certificate-chain.crt
   

4. Create a cluster.

   minidcos aws create \
       $DCOS_ENTERPRISE_URL \
       --variant enterprise \
       --genconf-dir /path/to/genconf/ \
       --copy-to-master /path/to/genconf/dcos-ca-certificate-key.key:/var/lib/dcos/pki/tls/CA/private/custom_ca.key \
       --license-key /path/to/license.txt \
       --extra-config config.yml
   

5. Verify that everything has worked.

   See Verify installation for steps to verify that the DC/OS Enterprise cluster was installed properly with the custom CA certificate.

CLI Reference

minidcos aws

Manage DC/OS clusters on AWS.

minidcos aws [OPTIONS] COMMAND [ARGS]...

create

Create a DC/OS cluster.

DC/OS Enterprise

 DC/OS Enterprise clusters require different configuration variables to DC/OS OSS. For example, enterprise clusters require the following configuration parameters:

superuser_username, superuser_password_hash, fault_domain_enabled, license_key_contents

 These can all be set in --extra-config. However, some defaults are provided for all but the license key.

 The default superuser username is bootstrapuser. The default superuser password is deleteme. The default fault_domain_enabled is false.

 license_key_contents must be set for DC/OS Enterprise 1.11 and above. This is set to one of the following, in order:

 * The license_key_contents set in --extra-config. * The contents of the path given with --license-key. * The contents of the path set in the DCOS_LICENSE_KEY_PATH environment variable.

 If none of these are set, license_key_contents is not given.

minidcos aws create [OPTIONS] INSTALLER_URL

Options

--custom-tag <custom_tag>

Add tags to EC2 instances in the format “<TAG_KEY>:<TAG_VALUE>”.

--variant <variant>

Choose the DC/OS variant. If the variant does not match the variant of the given installer URL, an error will occur. [required]

Options

oss|enterprise

--wait-for-dcos

Wait for DC/OS after creating the cluster. This is equivalent to using “minidcos aws wait” after this command. “minidcos aws wait” has various options available and so may be more appropriate for your use case.

--masters <masters>

The number of master nodes. [default: 1]

--agents <agents>

The number of agent nodes. [default: 1]

--extra-config <extra_config>

The path to a file including DC/OS configuration YAML. The contents of this file will be added to add to a default configuration.

--public-agents <public_agents>

The number of public agent nodes. [default: 1]

--aws-instance-type <aws_instance_type>

The AWS instance type to use. [default: m4.large]

--aws-region <aws_region>

The AWS region to use. [default: us-west-2]

--linux-distribution <linux_distribution>

The Linux distribution to use on the nodes. [default: centos-7]

Options

centos-7|coreos

--workspace-dir <workspace_dir>

Creating a cluster can use approximately 2 GB of temporary storage. Set this option to use a custom “workspace” for this temporary storage. See https://docs.python.org/3/library/tempfile.html#tempfile.gettempdir for details on the temporary directory location if this option is not set.

--license-key <license_key>

This is ignored if using open source DC/OS. If using DC/OS Enterprise, this defaults to the value of the DCOS_LICENSE_KEY_PATH environment variable.

--genconf-dir <files_to_copy_to_genconf_dir>

Path to a directory that contains additional files for the DC/OS installer. All files from this directory will be copied to the “genconf” directory before running the DC/OS installer.

--security-mode <security_mode>

The security mode to use for a DC/OS Enterprise cluster. This overrides any security mode set in --extra-config.

Options

disabled|permissive|strict

--copy-to-master <copy_to_master>

Files to copy to master nodes before installing DC/OS. This option can be given multiple times. Each option should be in the format /absolute/local/path:/remote/path.

-v, --verbose

Use verbose output. Use this option multiple times for more verbose output.

-c, --cluster-id <cluster_id>

A unique identifier for the cluster. Use the value “default” to use this cluster for other commands without specifying –cluster-id.

--enable-selinux-enforcing

With this flag set, SELinux is set to enforcing before DC/OS is installed on the cluster.

--enable-spinner, --no-enable-spinner

Whether to show a spinner animation. This defaults to true if stdout is a TTY.

Arguments

INSTALLER_URL

Required argument

Environment variables

DCOS_LICENSE_KEY_PATH

Provide a default for --license-key

destroy

Destroy a cluster.

minidcos aws destroy [OPTIONS]

Options

--enable-spinner, --no-enable-spinner

Whether to show a spinner animation. This defaults to true if stdout is a TTY.

--aws-region <aws_region>

The AWS region to use. [default: us-west-2]

-v, --verbose

Use verbose output. Use this option multiple times for more verbose output.

-c, --cluster-id <cluster_id>

The ID of the cluster to use. [default: default]

destroy-list

Destroy clusters.

To destroy all clusters, run minidcos aws destroy $(minidcos aws list).

minidcos aws destroy-list [OPTIONS] [CLUSTER_IDS]...

Options

--aws-region <aws_region>

The AWS region to use. [default: us-west-2]

--enable-spinner, --no-enable-spinner

Whether to show a spinner animation. This defaults to true if stdout is a TTY.

-v, --verbose

Use verbose output. Use this option multiple times for more verbose output.

Arguments

CLUSTER_IDS

Optional argument(s)

doctor

Diagnose common issues which stop this CLI from working correctly.

minidcos aws doctor [OPTIONS]

Options

-v, --verbose

Use verbose output. Use this option multiple times for more verbose output.

inspect

Show cluster details.

minidcos aws inspect [OPTIONS]

Options

-c, --cluster-id <cluster_id>

The ID of the cluster to use. [default: default]

--aws-region <aws_region>

The AWS region to use. [default: us-west-2]

-v, --verbose

Use verbose output. Use this option multiple times for more verbose output.

install

Install DC/OS on a provisioned AWS cluster.

minidcos aws install [OPTIONS] INSTALLER_URL

Options

--variant <variant>

Choose the DC/OS variant. If the variant does not match the variant of the given installer URL, an error will occur. [required]

Options

oss|enterprise

--wait-for-dcos

Wait for DC/OS after creating the cluster. This is equivalent to using “minidcos aws wait” after this command. “minidcos aws wait” has various options available and so may be more appropriate for your use case.

--extra-config <extra_config>

The path to a file including DC/OS configuration YAML. The contents of this file will be added to add to a default configuration.

--aws-region <aws_region>

The AWS region to use. [default: us-west-2]

--workspace-dir <workspace_dir>

Creating a cluster can use approximately 2 GB of temporary storage. Set this option to use a custom “workspace” for this temporary storage. See https://docs.python.org/3/library/tempfile.html#tempfile.gettempdir for details on the temporary directory location if this option is not set.

--license-key <license_key>

This is ignored if using open source DC/OS. If using DC/OS Enterprise, this defaults to the value of the DCOS_LICENSE_KEY_PATH environment variable.

--genconf-dir <files_to_copy_to_genconf_dir>

Path to a directory that contains additional files for the DC/OS installer. All files from this directory will be copied to the “genconf” directory before running the DC/OS installer.

--security-mode <security_mode>

The security mode to use for a DC/OS Enterprise cluster. This overrides any security mode set in --extra-config.

Options

disabled|permissive|strict

-v, --verbose

Use verbose output. Use this option multiple times for more verbose output.

-c, --cluster-id <cluster_id>

A unique identifier for the cluster. Use the value “default” to use this cluster for other commands without specifying –cluster-id.

--enable-spinner, --no-enable-spinner

Whether to show a spinner animation. This defaults to true if stdout is a TTY.

Arguments

INSTALLER_URL

Required argument

Environment variables

DCOS_LICENSE_KEY_PATH

Provide a default for --license-key

list

List all clusters.

minidcos aws list [OPTIONS]

Options

--aws-region <aws_region>

The AWS region to use. [default: us-west-2]

provision

Provision an AWS cluster to install DC/OS.

minidcos aws provision [OPTIONS]

Options

--custom-tag <custom_tag>

Add tags to EC2 instances in the format “<TAG_KEY>:<TAG_VALUE>”.

--masters <masters>

The number of master nodes. [default: 1]

--agents <agents>

The number of agent nodes. [default: 1]

--public-agents <public_agents>

The number of public agent nodes. [default: 1]

--aws-instance-type <aws_instance_type>

The AWS instance type to use. [default: m4.large]

--aws-region <aws_region>

The AWS region to use. [default: us-west-2]

--linux-distribution <linux_distribution>

The Linux distribution to use on the nodes. [default: centos-7]

Options

centos-7|coreos

--workspace-dir <workspace_dir>

Creating a cluster can use approximately 2 GB of temporary storage. Set this option to use a custom “workspace” for this temporary storage. See https://docs.python.org/3/library/tempfile.html#tempfile.gettempdir for details on the temporary directory location if this option is not set.

--copy-to-master <copy_to_master>

Files to copy to master nodes before installing DC/OS. This option can be given multiple times. Each option should be in the format /absolute/local/path:/remote/path.

-v, --verbose

Use verbose output. Use this option multiple times for more verbose output.

-c, --cluster-id <cluster_id>

A unique identifier for the cluster. Use the value “default” to use this cluster for other commands without specifying –cluster-id.

--enable-selinux-enforcing

With this flag set, SELinux is set to enforcing before DC/OS is installed on the cluster.

--enable-spinner, --no-enable-spinner

Whether to show a spinner animation. This defaults to true if stdout is a TTY.

run

Run an arbitrary command on a node or multiple nodes.

To use special characters such as single quotes in your command, wrap the whole command in double quotes.

minidcos aws run [OPTIONS] NODE_ARGS...

Options

-c, --cluster-id <cluster_id>

The ID of the cluster to use. [default: default]

--dcos-login-uname <dcos_login_uname>

The username to set the DCOS_LOGIN_UNAME environment variable to. [default: bootstrapuser]

--dcos-login-pw <dcos_login_pw>

The password to set the DCOS_LOGIN_PW environment variable to. [default: deleteme]

--sync-dir <sync_dir>

The path to a DC/OS checkout. Part of this checkout will be synced to all master nodes before the command is run. The bootstrap directory is synced if the checkout directory variant matches the cluster variant.Integration tests are also synced.Use this option multiple times on a DC/OS Enterprise cluster to sync both DC/OS Enterprise and DC/OS Open Source tests.

-te, --test-env

With this flag set, environment variables are set and the command is run in the integration test directory. This means that “pytest” will run the integration tests.

--env <env>

Set environment variables in the format “<KEY>=<VALUE>”

--aws-region <aws_region>

The AWS region to use. [default: us-west-2]

-v, --verbose

Use verbose output. Use this option multiple times for more verbose output.

--node <node>

A reference to a particular node to run the command on. This can be one of: The node’s public IP address, The node’s private IP address, the node’s EC2 instance ID, a reference in the format “<role>_<number>”. These details be seen with minidcos aws inspect. [default: master_0]

Arguments

NODE_ARGS

Required argument(s)

send-file

Send a file to a node or multiple nodes.

minidcos aws send-file [OPTIONS] SOURCE DESTINATION

Options

-c, --cluster-id <cluster_id>

The ID of the cluster to use. [default: default]

--node <node>

A reference to a particular node to run the command on. This can be one of: The node’s public IP address, The node’s private IP address, the node’s EC2 instance ID, a reference in the format “<role>_<number>”. These details be seen with minidcos aws inspect. [default: master_0]

-v, --verbose

Use verbose output. Use this option multiple times for more verbose output.

--aws-region <aws_region>

The AWS region to use. [default: us-west-2]

Arguments

SOURCE

Required argument

DESTINATION

Required argument

sync

Sync files from a DC/OS checkout to master nodes.

This syncs integration test files and bootstrap files.

DCOS_CHECKOUT_DIR should be set to the path of clone of an open source DC/OS or DC/OS Enterprise repository.

By default the DCOS_CHECKOUT_DIR argument is set to the value of the DCOS_CHECKOUT_DIR environment variable.

If no DCOS_CHECKOUT_DIR is given, the current working directory is used.

This makes an assumption that all DC/OS Enterprise and DC/OS OSS integration tests are in the top level packages/dcos-integration-test directory.

minidcos aws sync [OPTIONS] [DCOS_CHECKOUT_DIR]

Options

-c, --cluster-id <cluster_id>

The ID of the cluster to use. [default: default]

--aws-region <aws_region>

The AWS region to use. [default: us-west-2]

-v, --verbose

Use verbose output. Use this option multiple times for more verbose output.

Arguments

DCOS_CHECKOUT_DIR

Optional argument

Environment variables

DCOS_CHECKOUT_DIR

Provide a default for DCOS_CHECKOUT_DIR

upgrade

Upgrade a cluster to a given version of DC/OS.

minidcos aws upgrade [OPTIONS] INSTALLER_URL

Options

-c, --cluster-id <cluster_id>

The ID of the cluster to use. [default: default]

-v, --verbose

Use verbose output. Use this option multiple times for more verbose output.

--extra-config <extra_config>

The path to a file including DC/OS configuration YAML. The contents of this file will be added to add to a default configuration.

--variant <variant>

Choose the DC/OS variant. If the variant does not match the variant of the given installer URL, an error will occur. [required]

Options

oss|enterprise

--aws-region <aws_region>

The AWS region to use. [default: us-west-2]

--workspace-dir <workspace_dir>

Creating a cluster can use approximately 2 GB of temporary storage. Set this option to use a custom “workspace” for this temporary storage. See https://docs.python.org/3/library/tempfile.html#tempfile.gettempdir for details on the temporary directory location if this option is not set.

--security-mode <security_mode>

The security mode to use for a DC/OS Enterprise cluster. This overrides any security mode set in --extra-config.

Options

disabled|permissive|strict

--wait-for-dcos

Wait for DC/OS after creating the cluster. This is equivalent to using “minidcos aws wait” after this command. “minidcos aws wait” has various options available and so may be more appropriate for your use case.

--license-key <license_key>

This is ignored if using open source DC/OS. If using DC/OS Enterprise, this defaults to the value of the DCOS_LICENSE_KEY_PATH environment variable.

--enable-spinner, --no-enable-spinner

Whether to show a spinner animation. This defaults to true if stdout is a TTY.

--genconf-dir <files_to_copy_to_genconf_dir>

Path to a directory that contains additional files for the DC/OS installer. All files from this directory will be copied to the “genconf” directory before running the DC/OS installer.

Arguments

INSTALLER_URL

Required argument

Environment variables

DCOS_LICENSE_KEY_PATH

Provide a default for --license-key

wait

Wait for DC/OS to start.

minidcos aws wait [OPTIONS]

Options

-c, --cluster-id <cluster_id>

The ID of the cluster to use. [default: default]

--superuser-username <superuser_username>

The superuser username is needed only on DC/OS Enterprise clusters. [default: bootstrapuser]

--superuser-password <superuser_password>

The superuser password is needed only on DC/OS Enterprise clusters. [default: deleteme]

-v, --verbose

Use verbose output. Use this option multiple times for more verbose output.

--aws-region <aws_region>

The AWS region to use. [default: us-west-2]

--enable-spinner, --no-enable-spinner

Whether to show a spinner animation. This defaults to true if stdout is a TTY.

web

Open the browser at the web UI.

Note that the web UI may not be available at first. Consider using minidcos aws wait before running this command.

minidcos aws web [OPTIONS]

Options

-c, --cluster-id <cluster_id>

The ID of the cluster to use. [default: default]

--aws-region <aws_region>

The AWS region to use. [default: us-west-2]

-v, --verbose

Use verbose output. Use this option multiple times for more verbose output.