:title: Installing Deis on AWS :description: How to provision a multi-node Deis cluster on Amazon AWS .. _deis_on_aws: Amazon AWS ========== In this tutorial, we will show you how to set up your own 3-node cluster on Amazon Web Services. Please :ref:`get the source ` and refer to the scripts in `contrib/ec2`_ while following this documentation. Install the AWS Command Line Interface -------------------------------------- In order to start working with Amazon's API, let's install `awscli`_: .. code-block:: console $ pip install awscli We'll also need `PyYAML`_ for the Deis EC2 provision script to run: .. code-block:: console $ pip install pyyaml Configure aws-cli ----------------- Run ``aws configure`` to set your AWS credentials: .. code-block:: console $ aws configure AWS Access Key ID [None]: *************** AWS Secret Access Key [None]: ************************ Default region name [None]: us-west-1 Default output format [None]: Upload keys ----------- Generate and upload a new keypair to AWS, ensuring that the name of the keypair is set to "deis". .. code-block:: console $ ssh-keygen -q -t rsa -f ~/.ssh/deis -N '' -C deis $ aws ec2 import-key-pair --key-name deis --public-key-material file://~/.ssh/deis.pub Choose Number of Instances -------------------------- By default, the script will provision 3 servers. You can override this by setting ``DEIS_NUM_INSTANCES``: .. code-block:: console $ export DEIS_NUM_INSTANCES=5 Note that for scheduling to work properly, clusters must consist of at least 3 nodes and always have an odd number of members. For more information, see `etcd disaster recovery`_. Deis clusters of less than 3 nodes are unsupported. Generate a New Discovery URL ---------------------------- .. include:: ../_includes/_generate-discovery-url.rst Customize cloudformation.json ----------------------------- Any of the parameter defaults defined in deis.template.json can be overridden by setting the value in `cloudformation.json`_. For example, to configure all of the optional settings: .. code-block:: console { "ParameterKey": "InstanceType", "ParameterValue": "m3.xlarge" }, { "ParameterKey": "KeyPair", "ParameterValue": "jsmith" }, { "ParameterKey": "EC2VirtualizationType", "ParameterValue": "PV" }, { "ParameterKey": "AssociatePublicIP", "ParameterValue": "false" }, { "ParameterKey": "ELBScheme", "ParameterValue": "internal" } The only entry in cloudformation.json required to launch your cluster is `KeyPair`, which is already filled out. The defaults will be applied for the other settings. If updated with update-ec2-cluster.sh, the InstanceType will only impact newly deployed instances (`#1758`_). NOTE: The smallest recommended instance size is `large`. Having not enough CPU or RAM will result in numerous issues when using the cluster. Launch into an existing VPC --------------------------- By default, the provided CloudFormation script will create a new VPC for Deis. However, the script supports provisioning into an existing VPC instead. You'll need to have a VPC configured with an internet gateway and a sane routing table (the default VPC in a region should be ready to go). To launch your cluster into an existing VPC, export three additional environment variables: - ``VPC_ID`` - ``VPC_SUBNETS`` - ``VPC_ZONES`` ``VPC_ZONES`` must list the availability zones of the subnets in order. For example, if your VPC has ID ``vpc-a26218bf`` and consists of the subnets ``subnet-04d7f942`` (which is in ``us-east-1b``) and ``subnet-2b03ab7f`` (which is in ``us-east-1c``) you would export: .. code-block:: console export VPC_ID=vpc-a26218bf export VPC_SUBNETS=subnet-04d7f942,subnet-2b03ab7f export VPC_ZONES=us-east-1b,us-east-1c If you have set up private subnets in which you'd like to run your Deis hosts, and public subnets for the ELB, you should export the following environment variables instead: - ``VPC_ID`` - ``VPC_SUBNETS`` - ``VPC_PRIVATE_SUBNETS`` - ``VPC_ZONES`` For example, if you have a public subnet ``subnet-8cd457b3`` for the ELB and a private subnet ``subnet-8cd457b0`` (both in ``us-east-1a``) you would export: .. code-block:: console export VPC_ID=vpc-a26218bf export VPC_SUBNETS=subnet-8cd457b3 export VPC_PRIVATE_SUBNETS=subnet-8cd457b0 export VPC_ZONES=us-east-1a Run the Provision Script ------------------------ Run the cloudformation provision script to spawn a new CoreOS cluster: .. code-block:: console $ cd contrib/ec2 $ ./provision-ec2-cluster.sh Creating CloudFormation stack deis { "StackId": "arn:aws:cloudformation:us-east-1:69326027886:stack/deis/1e9916b0-d7ea-11e4-a0be-50d2020578e0" } Waiting for instances to be created... Waiting for instances to be created... CREATE_IN_PROGRESS Waiting for instances to pass initial health checks... Waiting for instances to pass initial health checks... Waiting for instances to pass initial health checks... Instances are available: i-5c3c91aa 203.0.113.91 m3.large us-east-1a running i-403c91b6 203.0.113.20 m3.large us-east-1a running i-e36fc6ee 203.0.113.31 m3.large us-east-1b running Using ELB deis-DeisWebE-17PGCR3KPJC54 at deis-DeisWebE-17PGCR3KPJC54-1499385382.us-east-1.elb.amazonaws.com Your Deis cluster has been successfully deployed to AWS CloudFormation and is started. Please continue to follow the instructions in the documentation. .. note:: The default name of the CloudFormation stack will be ``deis``. You can specify a different name with ``./provision-ec2-cluster.sh ``. Configure DNS ------------- See :ref:`configure-dns` for more information on properly setting up your DNS records with Deis. Install Deis Platform --------------------- Now that you've finished provisioning a cluster, please refer to :ref:`install_deis_platform` to start installing the platform. CloudFormation Updates ---------------------- To use CloudFormation to perform update operations to your stack, there is another script: `update_ec2_cluster.sh`_. Depending on the parameters that you have changed, CloudFormation may replace the EC2 instances in your stack. The following parameters can be changed without replacing all instances in a stack: - ``ClusterSize`` - Number of nodes in the cluster. This may launch new instances or terminate existing instances. If you are scaling down, this may interrupt service. If a container was running on an instance that was terminated, it will have to be rebalanced onto another node which will cause some downtime. - ``SSHFrom`` - Locks down SSH access to the Deis hosts. This will update the security group for the Deis hosts. Please reference the AWS documentation for `more information about CloudFormation stack updates`_. .. _`#1758`: https://github.com/deis/deis/issues/1758 .. _`awscli`: https://github.com/aws/aws-cli .. _`contrib/ec2`: https://github.com/deis/deis/tree/master/contrib/ec2 .. _`cloudformation.json`: https://github.com/deis/deis/blob/master/contrib/ec2/cloudformation.json .. _`etcd`: https://github.com/coreos/etcd .. _`etcd disaster recovery`: https://github.com/coreos/etcd/blob/master/Documentation/admin_guide.md#disaster-recovery .. _`PyYAML`: http://pyyaml.org/ .. _`update_ec2_cluster.sh`: https://github.com/deis/deis/blob/master/contrib/ec2/update-ec2-cluster.sh .. _`More information about CloudFormation stack updates`: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html