About DominoArchitecture
Installation
Keycloak Authentication Service
Troubleshooting
About Domino
Domino Data LabKnowledge BaseData Science BlogTraining

Deploy Domino

This topic describes how to deploy Domino components on Amazon Elastic Kubernetes Service (EKS). EKS is hosted on Amazon Web Services (AWS)

Configure the cluster

Amazon Web Services Command Line Interface (AWS CLI) doesn’t support SOCKS5 proxies, so you must run the commands directly from a machine that has network access to the Kubernetes cluster.

  1. Get a public bastion IP so you can connect to EKS:

    aws cloudformation describe-stacks --stack-name $DEPLOY_NAME --region $AWS_REGION --query "Stacks[0].Outputs[?OutputKey=='bastionpublicip']".OutputValue --output text

  2. To connect to the bastion host, run ssh -i <your ssh key path> ec2-user@<bastion public ip>.

  3. Install Docker and exit the terminal. When you login again, the modifications that you just made will become active:

    sudo yum install docker
sudo systemctl start docker
sudo usermod -a -G docker ec2-user
exit

  4. Install kubectl:

    curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
sudo mv kubectl /usr/local/bin/

  5. Use environment variables to set the values of IDs, names, and labels. This simplifies the commands you’ll run while installing Domino components:

    export DOMINO_VER=<The Domino version to deploy>
export DEPLOY_NAME=<Name of deployment>
export AWS_REGION=<The region to deploy the resources>
export AWS_ACCESS_KEY_ID=<Your AWS access key ID>
export AWS_SECRET_ACCESS_KEY=<Your AWS secret key>
export QUAY_USERNAME=<`quay.io` username provided by Domino>
export QUAY_PASSWORD=<`quay.io` password provided by Domino>

  6. Update the kubeconfig:

    aws cloudformation describe-stacks --stack-name $DEPLOY_NAME \
 --region $AWS_REGION \
 --query "Stacks[0].Outputs[?OutputKey=='ekskubeconfigcmd']".OutputValue \
 --output text | bash -

Prepare the installation template and run the installer

CloudFormation is an AWS cloud provisioning tool. At the end of the Cloud Development Kit (CDK) deployment process, CloudFormation outputs a template file. You must have this template for Domino deployment.

Create the template file

  1. Generate the CloudFormation template output as a YAML file:

    aws cloudformation describe-stacks --stack-name $DEPLOY_NAME \
 --region  $AWS_REGION \
 --query "Stacks[0].Outputs[?OutputKey=='agentconfig']".OutputValue \
 --output text > domino.yml.template

  2. If you aren’t already logged into quay.io, run docker login -u $QUAY_USERNAME -p $QUAY_PASSWORD quay.io.

  3. Generate a template configuration file named domino.yml in your working directory:

    Caution
    docker run --rm -it \
-v $(pwd):/install \
quay.io/domino/fleetcommand-agent:{fleetcommand-agent-version} \
init --file /install/domino.yml --full --version $DOMINO_VER \
--template /install/domino.yml.template
    Important
Install Domino with fleetcommand-agent

Domino components are installed and configured with a component called fleetcommand-agent. The agent runs as a container. It uses the installation template to gather the required parameters for the environment and sets them when installing Domino components.

To install Domino on the infrastructure you prepared, run the following:

curl -o fleetcommand-agent-install.sh https://docs.dominodatalab.com/attachments/fleetcommand-agent-install.sh
bash fleetcommand-agent-install.sh
Tip
Set up DNS

Run kubectl -n domino-platform get svc nginx-ingress-controller to get the external IP to access your instance’s Domino management plane. You can use this to update your DNS records accordingly.

Important

Validate your installation

  1. Go to https://<YOUR DOMAIN>/auth/

  2. Login with the username keycloak and the password from the keycloak-http secret in the domino-platform namespace. Use the following command to get the password: echo -e "\nyour password is: $(kubectl get secret keycloak-http -n domino-platform --template={{.data.password}} | base64 -d)\n"

  3. Go to Users in the navigation pane, and click Add User.

  4. Enter the username, first name, last name, and email address, and then click Save

  5. Go to the Credentials tab and add a password.

  6. Optional: Disable Temporary.

  7. Go to Role Mappings > Client Roles, and select domino-play.

  8. Select the User role and add it to your user.

  9. Go to the main page for your Domino deployment (for example, https://\<YOUR DOMAIN\>) and sign in with your new Domino user.

  10. Go to Environments > Domino Standard Environment Py3.8 R4.1 > Revisions and make sure the revision is active. If not, use Build Logs to try to solve the problem.

  11. Go to Projects > Quick-start > Workspaces and launch a new workspace using Jupyter (this can take a while).

  12. When the new workspace is created open main.ipynb and confirm that you can execute the script without errors.

Enable user registration

Use Keycloak to enable user registration, so users can access your fresh Domino install. Keycloak is a user authentication service that runs on a pod in your cluster.

  1. Sign in to Keycloak on your Domino instance.

  2. In the Keycloak sidebar menu, select Realm Settings.

  3. Select the Login tab, and toggle User registration to On.

  4. Click Save to confirm your changes.

Domino Data LabKnowledge BaseData Science BlogTraining
Copyright © 2022 Domino Data Lab. All rights reserved.