SSH into a DC/OS created public agent node to deploy a Docker container?
Q: I wish to SSH into a DC/OS public agent to mount my file share with Docker credentials, so I can deploy Docker via Marathon. How can I ssh directly into this agent node? Without going through master?
Backstory: I did a vanilla DC/OS installation on Azure. I got two nodes provisioned (a master and an agent). I installed Marathon on the master.
First, I tried to deploy a container from an image/repo I created on Azure Container Registry, through Marathon. It failed because of CPU resource not being satisfied; that's partly understandable because it seems like Marathon sucks up the entire CPU of the master node. But I couldn't figure out how to make Marathon notice that there was another node around - the public agent node. The public agent node is running nothing.
Second, I figured I can just use the "Service" interface provided on the DC/OS layer itself (which I believe is just a UI layer for marathon or similar).
This time, it accurately recognizes the agent node and that there is compute available on it. But to make it pull from my private registry, I need to put my Docker credentials on this node. Here's where I get stuck. can't SSH to the agent node to mount the shared storage (which is mounted on the master already). Since this node is provisioned through the virtual machine scale set, I really can't figure out the right inbound NAT rules and network security configuration to map to this node and get me a reliable FQDN and port that will allow me to SSH in and run cifs. Honestly, DC/OS should have taken care of this for me, since I am doing the most standard thing.
I tried this, but it isn't sufficient/correct (even though it creates the rule):
az network lb inbound-nat-rule create --resource-group production --lb-name <lb-name> --name NATRule --protocol TCP --frontend-port 2200 --backend-port 22
(All elaborate VMSS videos from Microsoft are for the old interface, and this idea of port range mapping, which I can't seem to figure out from the CLI. Plus, the portal is still in progress when it comes to inbound NAT rules)
I am new to the Azure and DC/OS world (moving resources from AWS), so I'd appreciate the help.
UPDATE: Fwiw, turns out I tried the in-preview DC/OS on Azure service, as opposed to DC/OS on Azure Container Service, which is slightly unstable still. Launch containers through the "Services" interface on main DC/OS instead of on Marathon.
I really can't figure out the right inbound NAT rules and network security configuration to map to this node and get me a reliable FQDN and port that will allow me to SSH in and run cifs.
For now, we can add inbound rule to VMss load balancer via CLI 2.0, but we can't use CLI 2.0 to sepcify target NIC, so we can't use NAT to ssh VMss instances.
If you only one instance in this VMSS, we can add a load balancer rule to ssh it. Add probe of port 22, and add load balancer rule of 22, after that we can ssh the VMSS public IP address with port 22.
Another way, to login the DCOS node, we can via master ssh to other nodes. For example, we can ssh to master then ssh to public agent.
Here a case talk about how to login DCOS agent via master, please refer to it.
After that, we can follow this article to mount Azure file share to your cluster nodes.
By the way, we can create container via DC/OS UI, please refer to it.
- WebJob is stopping due to website shutting down
- Is it possible to change the day returned from startofweek() and endofweek()?
- Handling Audio blobs sent through mediarecorder in JS through python server script for azure service
- Export app registrations with expiring secrets and certificates and send alert in teams
- SQL Azure import slow, hangs, but local import takes 3 minutes
- Issue with Group email address domain when create a new Microsoft 365 Group
- What is the URL for New Page in Azure DevOps Wiki? / How to bookmark New Page?
- Is there a dynamic way to get variables from Variable Group? Even secret ones? and insert in Azure Key Vault
- How do I configure my Bicep scripts to allow a container app to pull an image from an ACR using managed identity across subscriptions
- Azure DevOps. Can't trigger a pipeline in Repo A when a commit is done in repo B
- How to change the default Azure AI Search scoring to be increased when the whole search term is found exactly?
- List and download files in a folder in a blob with blob level SAS token
- How to change the Lease state of Azure Blob to Available
- unable to delete or move first step from logic app?
- Azure Terraform - Encrypt VM OS Disk
- How to temporary stop Azure API Management Service
- Unable to retrieve key vault certificates in azure runbook
- C#: 'A change set cannot include changes to more than '1' source resources' when adding a user To Group using Azure Graph API 2.0
- Set size limt to direct upload to azure blob storage via SAS URL
- Using AddAzureKeyVault makes my application 10 seconds slower
- PostGreSQL pg_dump psql and pg_restore errors with Azure Flexible SQL Server
- How to check signature of a token coming from Azure SSO
- How can I get error details from an if condition activity in Azure Data Factory?
- Getting a 404 for GET /robots933456.txt
- Given an Applications Insight Instrumentation key, get the name of the service in Azure
- How to specify rewrite url for query string parameters in Azure API Management
- Can a normal Azure Function and a Durable Azure Function coexist in the same Function App?
- TenantGuidNotFound when trying to send email using Microsfot GraphAPI
- Can't signin into microsoft account
- Azure Function App Kudu Functions API with empty response