Overview | Mesosphere DC/OS on Azure - allowing external access

In the previous post I introduced DC/OS and provided a way to install it. There was a minor caveat related to the accessing your DC/OS instance - you need ssh to connect to it and some way to tunnel port 80 from the VM to your local computer. In fact whole infrastructure is sealed and allows connecting to it only via ssh. What if I would like to allow accessing it with any other possibility? Well, there's a simple way to do it, which I present by allowing access directly via browser on port 80. 

Inbound security rules...

The whole DC/OS isolation comes from the fact, that it resides inside a VPN, which is protected by both its security rules and a load balancer, which directs traffic inside the network. By default it allows connections via ssh on port 2200, which is further forwarded to port 22. To allow accessing it using other service, we have to perform following steps:

  1. Add a new inbound NAT rule to the load balancer to forward traffic on port 80 to port 80 inside our VM
  2. Allow accessing our network with port 80

Note - we're talking about HTTP here, nor problem to change configured port to 443 and access VM only via HTTPS.

How can I do it?

To allow access to our VM via HTTP perform following steps:

  1. Go to Azure Portal and open resource group containing an instance of Mesosphere DC/OS
  2. Find the master load balancer(usually contains something like dcos-master)
  3. Go to Inbound NAT rules and click +Add
  4. Provide a name for the rule, from the Service dropdown select any service you'd like to configure(e.g. HTTP)
  5. In Target field select a VM you're interested in
  6. Then click OK and wait a minute so the load balancer is reconfigured
  7. Now go back to DC/OS resources and find a network security group associated with the master node
  8. Go to Inbound security rules and click +Add
  9. Provide a name and select a service you're interested in
  10. Make sure Allow is selected and click OK

Once configuration is finished you should be able to access DC/OS with your browser by using your VM IP public address.

Overview | Mesosphere DC/OS on Azure - introduction and installation

The main problem of managing cloud solutions is the amount of resources you have under your control. Even simple solutions, when you're trying to achieve scalability, high availability and high load, tend to grow rapidly and become difficult to manage. If you're building a big data solution, which requires multiple working clusters and is highly automated, additional tools to control your environment become really helpful.

One dashboard to control them all...

Microsoft Azure has introduced an impressive collection of OSS images and ARM templates, which can be used to deploy and provision the whole environment for tools like MongoDB, Jenkins or Wordpress. If you need one, just go and pick it from Marketplace. After few minutes you'll get all your resources configured and ready to work. One of those OSS tools is Mesosphere DC/OS - service & resource manager powered by Apache Mesos to abstract your datacenter and present all your resources as a one system, which is accessible from one place.

But I already have Azure Portal!

Indeed. What DC/OS gives you is not only a nicer dashboard. It combines all your resources into a one giant unit, presents workloads and helps in optimizing resources utilization. Running two DBs on two VMs while utilizing only 40% of each? Merge them into one machine, disable the second one and cut your expenses by 50%. You'll be happier and you're boss will be happier even more.

How to install it?

Installation of Mesosphere DC/OS is pretty straightforward and is well described here. It basically requires two things:

  • running an ARM template which is available in Marketplace
  • connecting to the VM using SSH

The tricky part is the latter - you have to connect to your node via SSH and tunnel port 80 to your local machine. It works flawlessly under Mac/Linux, on Windows you cannot just run ssh command because it's not there. However, what you can do is to download PuTTY and perform following steps:

  1. After ARM deployment has finished, go to the resource group which was selected for DC/OS and select Deployment
  2. Go to the last deployment and in Outputs find value of MASTERFQDN key and copy it
  3. Open PuTTY, paste copied value into Host Name (or IP address) field and use 2200 port
  4. Go to Connections/SSH/Tunnels and in Port forwarding section select both checkboxes. 
  5. In the same page find Add new forwarded port section and enter 8000 for Source port and localhost:80 as Destination. Radiobuttons should be selected as Local/Auto
  6. Click Open and login as azureuser

Now when you go to you should see DC/OS dashboard screen.

What's next?

In the next post I will try to present some basic features of this software. We'll install some packages and find the best way to manage them.