Versions Compared

Old Version 9

changes.mady.by.user Yajing Wang

Saved on

compared with

New Version 10

changes.mady.by.user Yajing Wang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The x-install tool is the newest Exostellar installer designed to simplify the setup process. It offers a variety of subcommands to provision a sandbox environment, install Exostellar products, and verify post-installation readiness.

Prerequisites

Before using the x-install tool, ensure that your environment meets the following requirements:

  • Terraform: Version 1.8+

  • Git: Version 2.34+

  • x-install tool: Version 0.0.10+

  • AWS Account: Ensure the following IAM permissions are in place:

Expand
titleIAM Permissions for the AWS Account
Code Block
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Action": [
				"ssm:ListAssociations",
				"ec2:RunInstances",
				"ec2:DescribeSubnets",
				"ec2:DescribeKeyPairs",
				"ec2:DescribeVpcs",
				"ec2:DescribeSecurityGroups",
				"ec2:DescribeSecurityGroupRules",
				"ec2:AuthorizeSecurityGroupIngress",
				"ec2:CreateTags",
				"ec2:CreateSecurityGroup",
				"sns:ListTopics",
				"s3:CreateBucket",
				"iam:AttachRolePolicy",
				"iam:CreateRole",
				"iam:ListRoles",
				"iam:TagRole",
				"iam:PutRolePolicy",
				"iam:CreateInstanceProfile",
				"iam:AddRoleToInstanceProfile",
				"iam:PassRole",
				"ec2:DescribeInstances",
				"ec2:DescribeInstanceTypes",
				"ec2:RunInstances",
				"ec2:DescribeImages",
				"ec2:DescribeImageAttribute",
				"ec2:DescribeAvailabilityZones",
				"ec2:DescribeAccountAttributes",
				"ec2:DescribeRouteTables",
				"ec2:DescribeNetworkAcls",
				"ec2:DescribeInstanceStatus",
				"ec2:DescribeAddresses",
				"ec2:DescribeDhcpOptions",
				"ec2:DescribeSnapshots",
				"ec2:DescribeVolumes",
				"ec2:DescribeVolumeStatus",
				"ec2:DescribeVolumesModifications",
				"cloudwatch:DescribeAlarms",
				"cloudwatch:ListMetrics",
				"iam:ListUsers",
				"iam:ListAccessKeys",
				"iam:CreateAccessKey",
				"ec2:AuthorizeSecurityGroupEgress",
				"iam:ListPolicyVersions",
				"eks:ListClusters",
				"eks:DescribeCluster",
				"eks:ListNodegroups",
				"eks:DescribeNodegroup",
				"eks:DescribeAddon",
				"eks:ListAddons",
				"eks:DescribeIdentityProviderConfig"
			],
			"Resource": "*"
		},
		{
			"Effect": "Allow",
			"Action": [
				"s3:PutObject",
				"s3:GetObject"
			],
			"Resource": "arn:aws:s3:::cf-template*"
		},
		{
			"Sid": "Statement1",
			"Effect": "Allow",
			"Action": [
				"eks:CreateCluster",
				"eks:DescribeCluster",
				"eks:DeleteCluster",
				"eks:ListClusters",
				"eks:UpdateClusterConfig",
				"eks:UpdateClusterVersion",
				"eks:CreateNodegroup",
				"eks:DescribeNodegroup",
				"eks:ListNodegroups",
				"eks:UpdateNodegroupConfig",
				"eks:UpdateNodegroupVersion",
				"eks:DescribeAddonVersions",
				"eks:CreateAddon",
				"eks:DeleteAddon",
				"eks:DescribeAddon",
				"eks:ListAddons",
				"eks:UpdateAddon",
				"eks:AccessKubernetesApi",
				"eks:ListAccessPolicies",
				"eks:ListAccessEntries",
				"eks:ListIdentityProviderConfigs",
				"eks:DescribeAccessEntry",
				"eks:ListPodIdentityAssociations",
				"eks:ListAssociatedAccessPolicies",
				"eks:CreateAccessEntry",
				"eks:AssociateAccessPolicy"
			],
			"Resource": "*"
		},
		{
			"Effect": "Allow",
			"Action": [
				"iam:DeleteRolePolicy",
				"iam:DeleteRole",
				"iam:GetRole",
				"iam:ListPolicies",
				"iam:ListAttachedRolePolicies",
				"iam:CreateServiceLinkedRole",
				"iam:RemoveRoleFromInstanceProfile",
				"iam:DeleteInstanceProfile",
				"iam:ListEntitiesForPolicy",
				"iam:GetInstanceProfile",
				"iam:ListInstanceProfiles",
				"iam:ListInstanceProfilesForRole",
				"iam:ListOpenIDConnectProviders",
				"iam:GetOpenIDConnectProvider",
				"iam:GetRolePolicy",
				"ec2:RevokeSecurityGroupIngress",
				"ec2:DeleteSecurityGroup",
				"ec2:StopInstances",
				"ec2:TerminateInstances",
				"ec2:DescribeVpcAttribute",
				"ec2:DescribeTags",
				"ec2:DescribeNetworkInterfaces",
				"cloudformation:DeleteStack",
				"ec2:RevokeSecurityGroupEgress",
				"iam:ListRolePolicies",
				"iam:CreatePolicy",
				"iam:GetPolicy",
				"ec2:DescribeInstanceAttribute",
				"iam:GetPolicyVersion"
			],
			"Resource": "*"
		},
		{
			"Sid": "AdditionalPermissions",
			"Effect": "Allow",
			"Action": [
				"iam:DetachRolePolicy",
				"ec2:CreateVpc",
				"ec2:DeleteVpc",
				"ec2:CreateSubnet",
				"ec2:DeleteSubnet",
				"ec2:CreateRouteTable",
				"ec2:CreateRoute",
				"ec2:AssociateRouteTable",
				"ec2:ReplaceRouteTableAssociation",
				"ec2:DeleteRouteTable",
				"ec2:CreateInternetGateway",
				"ec2:AttachInternetGateway",
				"ec2:AllocateAddress",
				"ec2:ReleaseAddress",
				"ec2:CreateNatGateway",
				"ec2:DeleteNatGateway",
				"cloudformation:UpdateStack",
				"cloudformation:DeleteChangeSet",
				"cloudformation:DescribeChangeSet",
				"cloudformation:ExecuteChangeSet",
				"cloudtrail:DescribeTrails",
				"cloudtrail:GetTrailStatus",
				"cloudtrail:GetEventSelectors",
				"logs:DescribeLogGroups",
				"logs:DescribeLogStreams",
				"logs:GetLogEvents",
				"logs:FilterLogEvents",
				"iam:GetUserPolicy",
				"iam:GetGroupPolicy",
				"iam:GetPolicyVersion",
				"ec2:CreateLaunchTemplate",
				"ec2:DescribeLaunchTemplates",
				"ec2:DescribeInternetGateways",
				"ec2:ModifyVpcAttribute",
				"ec2:ModifySubnetAttribute",
				"ec2:DescribeNatGateways",
				"ec2:DescribeInstanceTypeOfferings",
				"ec2:DescribeEgressOnlyInternetGateways",
				"ec2:DescribeLaunchTemplateVersions",
				"ec2:DeleteLaunchTemplate",
				"eks:TagResource",
				"elasticloadbalancing:CreateLoadBalancer",
				"elasticloadbalancing:DescribeLoadBalancers",
				"elasticloadbalancing:DeleteLoadBalancer",
				"elasticloadbalancing:CreateTargetGroup",
				"elasticloadbalancing:DescribeTargetGroups",
				"elasticloadbalancing:RegisterTargets",
				"autoscaling:CreateAutoScalingGroup",
				"autoscaling:UpdateAutoScalingGroup",
				"autoscaling:DeleteAutoScalingGroup",
				"autoscaling:DescribeAutoScalingGroups",
				"autoscaling:DescribeScalingActivities",
				"cloudformation:DescribeChangeSet",
				"cloudformation:ExecuteChangeSet",
				"s3:CreateBucket",
				"s3:DeleteBucket",
				"s3:ListBucket",
				"s3:GetBucketLocation",
				"s3:GetBucketPolicy",
				"s3:PutBucketPolicy"
			],
			"Resource": "*"
		}
	]
}

Installation Steps

1. Create a Standalone Stack

Use the following command to create a standalone stack:

(Please ensure you modify the stack name, VPC CIDR, SSH key pair, and region to suit your environment.)

Code Block
x-install create-standalone \
  --stack-name=xio-standalone \
  --vpc-cidr=10.0.0.0/16 \
  --ssh-key-pair-name=my-dev-key \
  --region=us-west-1

  • The new VPC and EKS cluster will inherit the stack name.

  • The VPC will be assigned the CIDR block 10.0.0.0/16.

  • The EC2 SSH key pair, my-dev-key, will be used to access the Exostellar Management Server.

2. Verify Post-Installation Readiness

After the standalone stack is successfully created, use the following command to check if the stack is ready:

Code Block
x-install post-install --stack-name=xio-standalone
Info

It might take a few attempts for post-install to pass all system units and containers readiness checks, due to infrastructure readiness latency.

3. Add an X-Compute Node to the Standalone EKS Cluster

To add an X-Compute node to the newly created standalone EKS cluster, first SSH into the Exostellar Management Server:

Code Block
ssh rocky@<management-server-public-ip>

On the server, run the following command to add a new node to the EKS cluster:

Code Block
eks-node-cli add -n node-00 -c 1 -m 4096 -p pool-a -r az1 -k xio-standalone

The new node can be verified using the kubectl command:

Code Block
$ kubectl get node -l eks.amazonaws.com/nodegroup=x-compute

The output should display the new nodes as ready:

Code Block
NAME                                          STATUS   ROLES    AGE     VERSION
ip-10-0-39-220.us-west-1.x-compute.internal   Ready    <none>   4m17s   v1.29.3-eks-ae9a62a

By default, the EKS token used to access the standalone EKS cluster expired after 60 minutes. Following that, all attempts to access the cluster will fail with Unauthorized errors.

To generate a new EKS token and use it with your existing kubeconfig file, run:

Code Block
x-install update-kubeconfig --stack-name=xio-standalone

Once the free trial period is over, the entire standalone stack can be deleted with the destroy command:

Code Block
x-install destroy --stack-name xio-standalone

Sometimes, Terraform might time out during the destroy process. Re-running the destroy command will allow Terraform to reconcile its final state.

Info

At this time, all controllers and workers EC2 instances need to be manually terminated.

For more information on other subcommands, run:

Code Block
x-install help
Info

If you encounter any issues, please take a screenshot of your x-install output and download your ~/.xio/ folder. Then, submit both to Exostellar Customer Support for further assistance.