EventStore on Azure and Ubuntu - it's a piece of cake! #3

In the last but one post of this series we'll try to run a simple cluster of 3 nodes running EventStore instances. What is worth noting here is the fact, that there're three ways to organize and configure instances, so they work with each other:

  • running them on the same machine
  • running them on separate machines using IPs
  • running them on separate machines using DNS

Because the first one is almost self-describing(you have to start three instances on different ports), we'll omit it here and focus on the more complicated examples.

Running on separate machines

We'll start with creating 2 additional machines for our purposes. Just create two additional VM instances in the resource group you're using just like in the very first post of this series and we're good to go. Make sure that you're creating them in the same virtual network, which was created for the first virtual machine.

Once VMs are created, log in to each one and install EventStore instances as described in the previous posts.

Now we have to configure our instances so they're aware of other nodes. Basically what you have to do here is to change configuration on each node so it knows cluster size and other communication partners. Your eventstore.conf file could look like this:

RunProjections: None
ClusterSize: 3
DiscoverViaDns: False

The important thing here is the GossipSeed property, which points to other cluster nodes. I'm using here private IPs so my instances are still secured inside the network. The important thing here is that ES uses internal HTTP port for gossiping so make sure you're using the right value - if anything's wrong, election service won't be able to other machines and you'll see DEAD as other nodes status.

Configure all three nodes with proper gossip seeds and IPs by modifying each one's configuration file. Once you're done, go to the web panel of ES and sign in as admin.

Checking cluster status

If you sign in to the web panel, you'll see Cluster status menu item:

It will show all nodes attached, current state(which one is a master) and many, many more. I strongly recommend you to play a bit with it.

We've managed to create a cluster of 3 different machines running EventStore using VMs from Azure. In the last part of this series we'll try to use DNS instead to ease configuration a bit if anything changes.

Overview | Mesosphere DC/OS on Azure - allowing external access

In the previous post I introduced DC/OS and provided a way to install it. There was a minor caveat related to the accessing your DC/OS instance - you need ssh to connect to it and some way to tunnel port 80 from the VM to your local computer. In fact whole infrastructure is sealed and allows connecting to it only via ssh. What if I would like to allow accessing it with any other possibility? Well, there's a simple way to do it, which I present by allowing access directly via browser on port 80. 

Inbound security rules...

The whole DC/OS isolation comes from the fact, that it resides inside a VPN, which is protected by both its security rules and a load balancer, which directs traffic inside the network. By default it allows connections via ssh on port 2200, which is further forwarded to port 22. To allow accessing it using other service, we have to perform following steps:

  1. Add a new inbound NAT rule to the load balancer to forward traffic on port 80 to port 80 inside our VM
  2. Allow accessing our network with port 80

Note - we're talking about HTTP here, nor problem to change configured port to 443 and access VM only via HTTPS.

How can I do it?

To allow access to our VM via HTTP perform following steps:

  1. Go to Azure Portal and open resource group containing an instance of Mesosphere DC/OS
  2. Find the master load balancer(usually contains something like dcos-master)
  3. Go to Inbound NAT rules and click +Add
  4. Provide a name for the rule, from the Service dropdown select any service you'd like to configure(e.g. HTTP)
  5. In Target field select a VM you're interested in
  6. Then click OK and wait a minute so the load balancer is reconfigured
  7. Now go back to DC/OS resources and find a network security group associated with the master node
  8. Go to Inbound security rules and click +Add
  9. Provide a name and select a service you're interested in
  10. Make sure Allow is selected and click OK

Once configuration is finished you should be able to access DC/OS with your browser by using your VM IP public address.