Getting Started

Get up and running quickly with the service

WARNING: Beta Software This software may contain bugs, incomplete features, incorrect documentation, or other discrepancies. Contact Mesosphere before deploying a beta candidate service. Product support is available to approved participants in the beta test program. Contact support@mesosphere.io for information about participation.

In this section, you will download and install the Beta DC/OS Monitoring service.

Prerequisites

  • DC/OS Enterprise 1.12 or later.
  • DC/OS CLI is installed.
  • You are logged in as a superuser.

Install package registry

Please follow these instructions to install the package registry.

Install Beta DC/OS Monitoring service

Download the package

Download the .dcos package of the Beta DC/OS Monitoring service from the Mesosphere support site.

Install the service

Install the service with the dcos registry add command. Assume that the downloaded package is called dcos-monitoring.dcos in the current working directory.

dcos registry add --dcos-file dcos-monitoring.dcos
dcos package install dcos-monitoring --package-version=<VERSION>

Among other things, this will also install the package CLI.

Verify service deployment

After installing the package CLI, you can monitor the deployment of your service. Run the command:

dcos dcos-monitoring plan show deploy

Access Grafana dashboards

Assuming the service name is dcos-monitoring (default), you should be able to access the Grafana dashboards using the following URL:

https://<CLUSTER_URL>/service/dcos-monitoring/grafana/

See more details in Accessing the Grafana UI.

Running Beta DC/OS Monitoring service on DC/OS clusters securely

The Beta DC/OS Monitoring service may be run on DC/OS clusters in either permissive or strict mode. DC/OS access controls must be used to restrict access to the Beta DC/OS Monitoring service when running on strict mode clusters. Configure the Beta DC/OS Monitoring service to authenticate itself using a certificate and to only grant permissions needed by the service.

Create a service account

The following CLI commands create a service account named dcos-monitoring-principal and store its private certificate in a secret named dcos-monitoring/service-private-key:

dcos security org service-accounts keypair dcos-monitoring-private-key.pem dcos-monitoring-public-key.pem
dcos security org service-accounts create -p dcos-monitoring-public-key.pem -d "dcos-monitoring service account" dcos-monitoring-principal
dcos security secrets create-sa-secret --strict dcos-monitoring-private-key.pem dcos-monitoring-principal dcos-monitoring/service-private-key

Add service permissions

Grant dcos-monitoring-principal the permissions required to run the Beta DC/OS Monitoring service:

dcos security org users grant dcos-monitoring-principal dcos:adminrouter:ops:ca:rw full
dcos security org users grant dcos-monitoring-principal dcos:adminrouter:ops:ca:ro full
dcos security org users grant dcos-monitoring-principal dcos:mesos:agent:framework:role:slave_public read
dcos security org users grant dcos-monitoring-principal dcos:mesos:master:framework:role:dcos-monitoring-role create
dcos security org users grant dcos-monitoring-principal dcos:mesos:master:framework:role:slave_public read
dcos security org users grant dcos-monitoring-principal dcos:mesos:master:framework:role:slave_public/dcos-monitoring-role read
dcos security org users grant dcos-monitoring-principal dcos:mesos:master:framework:role:slave_public/dcos-monitoring-role create
dcos security org users grant dcos-monitoring-principal dcos:mesos:master:reservation:principal:dcos-monitoring-principal delete
dcos security org users grant dcos-monitoring-principal dcos:mesos:master:reservation:role:dcos-monitoring-role create
dcos security org users grant dcos-monitoring-principal dcos:mesos:master:reservation:role:slave_public/dcos-monitoring-role create
dcos security org users grant dcos-monitoring-principal dcos:mesos:master:task:user:nobody create
dcos security org users grant dcos-monitoring-principal dcos:mesos:master:volume:principal:dcos-monitoring-principal delete
dcos security org users grant dcos-monitoring-principal dcos:mesos:master:volume:role:dcos-monitoring-role create
dcos security org users grant dcos-monitoring-principal dcos:mesos:master:volume:role:slave_public/dcos-monitoring-role create
dcos security org users grant dcos-monitoring-principal dcos:secrets:default:/dcos-monitoring/\* full
dcos security org users grant dcos-monitoring-principal dcos:secrets:list:default:/dcos-monitoring read

Install with custom options

You must identify for the Beta DC/OS Monitoring service which service account and certificate it should use for authentication. Do so by installing the service with a custom configuration that sets the service_account field to the principal name and sets the service_account_secret field to the secret where the service certificate is stored.

Create a custom options file (options.json):

{
  "service": {
    "service_account": "dcos-monitoring-principal",
    "service_account_secret": "dcos-monitoring/service-private-key"
  }
}

Then, install the service with custom options:

dcos package install dcos-monitoring --options=options.json