Let's use Terraform to easily get a CoreOS cluster up on Digital Ocean. In this example we will get a 5 node CoreOS cluster up and running on the Digital Ocean 8GB size.
Grab a copy of Terraform for your platform from http://www.terraform.io/downloads.html. Follow the instructions at http://www.terraform.io/intro/getting-started/install.html by getting Terraform in your PATH
and testing that it works.
You will need your Digital Ocean API key handy. Head over to https://cloud.digitalocean.com/settings/applications if you do not yet have one. Generate a new Personal Access Token for both read and write. Export the token as an environment variable so we can use it later on:
$ export DO_TOKEN=a7b9f84e6e6b3b6835c48873a8b144c98ae5b7105c05caefd174dc578d21d389
Terraform provisioners currently only work with passwordless private SSH keys. We will need to generate an SSH key without a password:
$ ssh-keygen -q -t rsa -f ~/.ssh/coreos_digitalocean -N '' -C coreos_digitalocean
Generating public/private rsa key pair.
Your identification has been saved in /Users/andy/.ssh/coreos_digitalocean.
Your public key has been saved in /Users/andy/.ssh/coreos_digitalocean.pub.
The key fingerprint is:
82:3d:e4:a1:b7:a4:ac:bc:98:b7:7f:0c:f9:50:a0:c8 coreos_digitalocean
The key's randomart image is:
+--[ RSA 2048]----+
| |
| . |
|.. . .o |
|.E. *.. |
| ooB S |
| .++ + |
| o=. |
| +.. + |
| ¯\_(ツ)_/¯ |
+-----------------+
Add this private SSH key to your agent so we can later SSH to a CoreOS node using it:
$ ssh-add ~/.ssh/coreos_digitalocean
Identity added: /Users/andy/.ssh/coreos_digitalocean (/Users/andy/.ssh/coreos_digitalocean)
Add a new key at https://cloud.digitalocean.com/ssh_keys using the contents from ~/.ssh/coreos_digitalocean.pub
. Then query the Digital Ocean API to get the ID for this new key:
$ curl -X GET "https://api.digitalocean.com/v2/account/keys" -H "Authorization: Bearer $DO_TOKEN"
{
"ssh_keys":[
{
"id":234700,
"fingerprint":"82:3d:e4:a1:b7:a4:ac:bc:98:b7:7f:0c:f9:50:a0:c8",
"public_key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjwXXVkdOaMOf/6LgyR4BnaECs/ChgVbBFQT+wX2jPI57Z59fvWAV5X7XmDYMa6370yfAMMwslOlbuz5EI9xiRE1WxiCkqMQjMI3ottHiM7RYEr5GigKC6Lre9Vs2TIDB6LfGiSgR6PlbVq5zuPn50IK2w5emBXP2HljJLGNGgxE5PyGKPunmFJQfRLgevvgb0dVMrsVIx1b+jLMZtvZ5ziRj4imVdlNtr1WvOBMT7n34AA+B9p/kiOWNbRZ7AcsknliBKNFkJ4kMgF98TyHKayd9oDxZEPgtjHQ3hg4Z6YY3cFYDw63fuGwSpc+ou7XaEYlRqIu9680sBgLnTB+BJ coreos_digitalocean",
"name":"coreos_digitalocean"
}
],
"meta":{
"total":2
}
}
Cool, our SSH key ID is 234700
. We'll need that in a couple steps from now.
Copy the coreos_digitalocean.tf
file from this gist to a new directory.
Time to apply the Terraform plan! Be sure and replace 234700
with the correct ID of your actual SSH key on Digital Ocean:
# $ terraform apply -var do_token=$DO_TOKEN -var size=8gb -var ssh_keys=234700 -var key_file=$HOME/.ssh/coreos_digitalocean
$ terraform apply -var do_token=$TOKEN -var ssh_keys=3305 -var key_file=~/.ssh/id_dsa -var etcd_discovery_token_uri=$(curl -s "https://discovery.etcd.io/new?size=3")
digitalocean_droplet.coreos5: Creating...
image: "" => "ubuntu-14-04-x64"
name: "" => "coreos5"
private_networking: "" => "true"
region: "" => "nyc2"
size: "" => "8gb"
ssh_keys.#: "" => "1"
ssh_keys.0: "" => "234700"
digitalocean_droplet.coreos4: Creating...
image: "" => "ubuntu-14-04-x64"
name: "" => "coreos4"
private_networking: "" => "true"
region: "" => "nyc2"
size: "" => "8gb"
ssh_keys.#: "" => "1"
ssh_keys.0: "" => "234700"
digitalocean_droplet.coreos3: Creating...
image: "" => "ubuntu-14-04-x64"
name: "" => "coreos3"
private_networking: "" => "true"
region: "" => "nyc2"
size: "" => "8gb"
ssh_keys.#: "" => "1"
ssh_keys.0: "" => "234700"
digitalocean_droplet.coreos2: Creating...
image: "" => "ubuntu-14-04-x64"
name: "" => "coreos2"
private_networking: "" => "true"
region: "" => "nyc2"
size: "" => "8gb"
ssh_keys.#: "" => "1"
ssh_keys.0: "" => "234700"
digitalocean_droplet.coreos1: Creating...
image: "" => "ubuntu-14-04-x64"
name: "" => "coreos1"
private_networking: "" => "true"
region: "" => "nyc2"
size: "" => "8gb"
ssh_keys.#: "" => "1"
ssh_keys.0: "" => "234700"
digitalocean_droplet.coreos1: Provisioning with 'file'...
digitalocean_droplet.coreos2: Provisioning with 'file'...
digitalocean_droplet.coreos4: Provisioning with 'file'...
digitalocean_droplet.coreos5: Provisioning with 'file'...
digitalocean_droplet.coreos3: Provisioning with 'file'...
digitalocean_droplet.coreos1: Provisioning with 'remote-exec'...
digitalocean_droplet.coreos2: Provisioning with 'remote-exec'...
digitalocean_droplet.coreos3: Provisioning with 'remote-exec'...
digitalocean_droplet.coreos4: Provisioning with 'remote-exec'...
digitalocean_droplet.coreos1: Creation complete
digitalocean_droplet.coreos5: Provisioning with 'remote-exec'...
digitalocean_droplet.coreos3: Creation complete
digitalocean_droplet.coreos4: Creation complete
digitalocean_droplet.coreos5: Creation complete
digitalocean_droplet.coreos2: Creation complete
Apply complete! Resources: 5 added, 0 changed, 0 destroyed.
The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.
State path: terraform.tfstate
Outputs:
address_coreos1 = 104.131.194.111
address_coreos2 = 104.131.194.114
address_coreos3 = 104.131.194.32
address_coreos4 = 104.131.194.115
address_coreos5 = 104.131.194.112
Give the provisioning about 5 minutes to complete. The CoreOS bootstrap process will reboot the node twice. You may be prompted for a password when trying to SSH. This usually just means the process has not completed yet. Give it some time!
After your patience has finally run dry, give fleet a try using one of the node IP addresses:
$ export FLEETCTL_TUNNEL=104.131.194.111
$ fleetctl list-machines
MACHINE IP METADATA
b9770473... 104.131.194.113 -
f3cf244b... 104.131.194.32 -
f4d2c4cf... 104.131.194.115 -
f5bcd2a1... 104.131.194.112 -
f61ee1f5... 104.131.194.114 -
Success! Enjoy your CoreOS cluster on Digital Ocean.
Some issues I ran into. You could too!
If you SSH to a node before the bootstrap process is complete you will get the server identity added to your ~/.ssh/known_hosts
file. When you try to SSH to the finished CoreOS node, the SSH host key will have changed and, you will be prompted with an error similar to:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
31:33:fd:0b:92:1e:d0:59:24:f7:c0:e7:34:a1:4b:35.
Please contact your system administrator.
Add correct host key in /Users/andy/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/andy/.ssh/known_hosts:278
RSA host key for 104.131.194.112 has changed and you have requested strict checking.
Host key verification failed.
You will need to edit your ~/.ssh/known_hosts
file to remove the offending line (278
in this case) to fix the issue.
You could get a Terraform error like:
Error applying plan:
1 error(s) occurred:
* Script exited with non-zero exit status: 127
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
This usually means one or more nodes failed to run the provisioning script (curl couldn't download file, cloud-config.yml
didn't get copied properly, etc.). If this happens, you can usually just run the terraform apply
command again to complete the failed nodes.