Mesosphere DCOS, Azure, Docker, VMware & Everything Between – Part 2

In part 2 of this series, we will start dive into DC/OS 1.9 installation on top of vSphere. Mesosphere offers few ways to deploy a fully working cluster and since I wanted to see how everything is really connected, I have chosen the advanced installation method. We will start with some Linux related adjustments and the docker engine deployment.

I really like how the DC/OS team organized their online installation guides. It’s clean, pretty comprehensive and well understood. You basically have 3 local installation methods for “production scale” deployment – GUI, CLI & the Advanced way which was the one I went with.

You also have a very cool Vagrant based deployment that can easily be used for PoCs.

Although the installation guide is very good, it misses some stuff which is mostly Linux related. In this series, I will try to demystify those so everything will be “silky smooth” (as the Zohan would say).

Throughout the deployment process, you will notice that I put VMware snapshots interrupts which will warn you when I’m recommending taking a snapshot on all the VMs so you will be able to maintain consistency.

Bill of Materials

For this deployment, I used the following:

  • 7 CentOS 7.3 virtual machines deployed on top of vSphere 6.5 (latest). There are some recommended HW prerequisites but since this is a lab environment, I couldn’t afford to provision all this resource so here are my specs:
    • xLab-DCOS-Bootstrap –
    • xLab-DCOS-Master-01 –
    • xLab-DCOS-Master-02 –
    • xLab-DCOS-Master-03 –
    • xLab-DCOS-Private-Agent-01 –
    • xLab-DCOS-Private-Agent-02 –
    • xLab-DCOS-Private-Agent-03 –
  • All the VMs are provisioned with a single vNIC and a 60GB drive

  • The latest DC/OS 1.9 will be downloaded and installed throughout the deployment process, nothing you need to do at the moment.
  • Latest Docker engine will also be deployed throughout the process so nothing do here now either.

Security Configurations

In a real production environment you will probably want to further investigate those configurations according to your organization security needs but since I don’t want to get stuck on firewall configuration, I decided to stop and disable the firewall service on all nodes.

A couple of other prerequisites related to OS security is to disable SELinux and create the “nogroup” on all nodes. In order to quickly disable the SELinux, I wrote a one-liner you can run.

Create the “nogroup” group by simply run 

DC/OS DNS Forwarder, AKA Spartan is using port 53 Its job is to dual-dispatch DNS to multiple upstream resolvers, and to route DNS to the upstreams or Mesos DNS, depending on some rules. So you won’t get stuck during the installation, remove dnsmasq (DNS server) if you have it installed on your OS for some reason.

This is the part when I tell you to capture your VM template and deploy all your nodes using it. Although you can do this after the docker engine installation later on, I didn’t do it (no real reason).

Preparing the Bootstrap Node

The bootstrap node role is to, well, bootstrapping. This means that it will have the role of holding the DC/OS installation files and configuration script which all the other nodes, Masters and Agents will be using to install the application. We will get there so don’t you worry.

You want to start fresh – it’s snapshot time!

After taking a VM snapshot, the first thing we have to do is to install the Docker Engine on all of our nodes (bootstrap incl.). Since I am also using CentOS, I also need to change my storage driver to OverlayFS. You can read more about it here:

Initiate a reboot and continue with the docker engine installation.

We need to make sure the engine will run on system startup

We now have docker engine installed.

Docker Engine Installed – it’s snapshot time!

In the next part, we will configure the SSH authorized_keys and will establish a secure connection between for all our cluster nodes.   

1 Trackback / Pingback

  1. Mesosphere DCOS, Azure, Docker, VMware and everything between – Security & Docker Engine Installation – Cloud Data Architect

Leave a Reply