Install Portworx on DC/OS EE with Strict Mode Enabled

sanjay.naikwadi · August 22, 2019, 5:29am

If you have DC/OS installed in Strict mode then you need to follow the below steps to deploy portworx

All steps needs to be performed where you have your dcos cli is installed

Portworx:

Install dcos enterprise cli, if not already installed

dcos package install --cli dcos-enterprise-cli

Grant the following permission

Permissions

Create a Service Account which will be used to install portworx

dcos security org service-accounts keypair temp-priv.pem temp-pub.pem
dcos security org service-accounts create -p temp-pub.pem -d “Portwrox service account” portworx-principal
dcos security secrets create-sa-secret --strict temp-priv.pem portworx-principal portworx/mesos-auth-secret

Grant required permission for portworx

dcos security org users grant dcos_marathon dcos:mesos:master:task:user:root create
dcos security org users grant portworx-principal dcos:mesos:master:framework:role:slave_public/portworx-role create
dcos security org users grant portworx-principal dcos:mesos:master:framework:role:slave_public/portworx-role delete
dcos security org users grant portworx-principal dcos:mesos:master:framework:role:portworx-role create
dcos security org users grant portworx-principal dcos:mesos:master:framework:role:portworx-role delete

dcos security org users grant portworx-principal dcos:mesos:master:task:user:root create
dcos security org users grant portworx-principal dcos:mesos:master:task:user:nobody create

dcos security org users grant portworx-principal dcos:mesos:master:volume:role:portworx-role create
dcos security org users grant portworx-principal dcos:mesos:master:volume:role:portworx-role delete
dcos security org users grant portworx-principal dcos:mesos:master:volume:role:slave_public/portworx-role create
dcos security org users grant portworx-principal dcos:mesos:master:volume:role:slave_public/portworx-role delete
dcos security org users grant portworx-principal dcos:mesos:master:volume:principal:portworx-principal create
dcos security org users grant portworx-principal dcos:mesos:master:volume:principal:portworx-principal delete

dcos security org users grant portworx-principal dcos:mesos:master:reservation:role:portworx-role create
dcos security org users grant portworx-principal dcos:mesos:master:reservation:role:portworx-role delete
dcos security org users grant portworx-principal dcos:mesos:master:reservation:role:slave_public/portworx-role create
dcos security org users grant portworx-principal dcos:mesos:master:reservation:role:slave_public/portworx-role delete
dcos security org users grant portworx-principal dcos:mesos:master:reservation:principal:portworx-principal create
dcos security org users grant portworx-principal dcos:mesos:master:reservation:principal:portworx-principal delete

dcos security org users grant portworx-principal dcos:secrets:default:/portworx/* full
dcos security org users grant portworx-principal dcos:secrets:list:default:/portworx read

Open the Catlog and search for Portworx, select and proceed, copy the below sample json content and modify as per you requirement

You need to modify Cluster name and -d -m parameter (You have to chose your ifcae)

sample.json

{
  "service": {
    "name": "portworx",
    "user": "root",
    "principal": "portworx-principal",
    "pre_reserved_role": "",
    "secret_name": "portworx/mesos-auth-secret",
    "mesos_api_version": "V1",
    "task_failure_timeout_minutes": 5
  },
  "node": {
    "portworx_cluster": "sam-6-portworx-dcos",
    "portworx_image": "portworx/px-enterprise:2.0.3",
    "portworx_port_range_start": 9001,
    "portworx_options": "-a -x mesos -d ens3 -m ens3",
    "internal_kvdb": true,
    "kvdb_servers": "",
    "container_parameters": "",
    "count": 3,
    "placement_constraint": "hostname:UNIQUE"
  },
  "secrets": {
    "enabled": false,
    "base_path": "",
    "dcos_username_secret": "portworx/dcos_username",
    "dcos_password_secret": "portworx/dcos_password"
  },
  "etcd": {
    "enabled": false,
    "proxy_enabled": false,
    "placement_constraint": "hostname:UNIQUE",
    "image": "mesosphere/etcd-mesos:latest",
    "cpus": 0.3,
    "mem": 1024,
    "disk_type": "ROOT",
    "disk_size": 5120,
    "node_advertise_port": 1026,
    "node_peer_port": 1027,
    "proxy_advertise_port": 2379
  },
  "lighthouse": {
    "enabled": true,
    "placement_constraint": "",
    "public_agent": true,
    "cpus": 0.3,
    "mem": 1024,
    "image": "portworx/px-lighthouse:2.0.1",
    "webui_port": 8085,
    "company_name": "Portworx",
    "admin_username": "admin"
  }
}

Review and Run

Once your done with changes, go hit Review & Run and wait for all Portworx nodes to come up. You can verify the status with pxctl status command from one of your private node.

Topic		Replies	Views
Portworx & Portworx-Elastic install on DC/OS in Strict Mode Portworx Install	1	1020	August 22, 2019
Install Portworx Elastic in DC/OS EE with Strict Mode Enabled Portworx Install	0	539	August 22, 2019
Portworx Essentials FAQ Portworx Essentials	0	5552	April 3, 2020
Portworx Install Portworx Install	1	767	March 11, 2019
About the Portworx on Kubernetes category Portworx on Kubernetes	1	950	March 25, 2021