Advanced Deployment
This article describes some more advanced deployment scenarios for Exasol 8 on AWS.
The advanced features and functions described in this section are only available with deployments that are created using an AWS CloudFormation template (c4 aws play -T).
We recommend that you read Exasol Deployment Tool (c4) and Create AWS Deployment to understand the basic steps for using c4 to create and manage Exasol deployments on AWS before continuing.
Deploy with more than 10 nodes
AWS restricts the size of a deployed CloudFormation template. If you want to deploy with more than 10 nodes (including the access node), you must instead upload a CloudFormation template to an existing s3 bucket and then create the deployment using the uploaded template.
The AWS account where you are deploying Exasol must have write permissions to the s3 bucket (s3:PutObject).
The location of the template can be defined in the CCC_AWS_TEMPLATE_URL parameter in the configuration file or as an environment variable on the command line.
Example:
CCC_AWS_TEMPLATE_URL='s3://x-u/ib4290/custom-tmpl' c4 aws -T -N 11 @exasol-8.30.0
✓ branchr-ccc+30bb67da-075236ed-64r
INFO[2024-08-06 16:19:34] Running with c4 4.20.0 from branchr-ccc+30bb67da-075236ed-64r
INFO[2024-08-06 16:19:34] Creating new awscf deployment...
INFO[2024-08-06 16:19:34] Generating awscf template...
INFO[2024-08-06 16:19:36] Template size (51KB) is greater than the maximum template size (50KB), uploading to s3://x-u/ib4290/custom-tmpl (CCC_AWS_TEMPLATE_URL)
INFO[2024-08-06 16:19:37] Done
N PLAY_ID NODE MEDIUM INSTANCE DB_VERSION EXTERNAL_IP INTERNAL_IP STAGE STATE UPTIME TTL
1 079a0ffc - awscf - - - - a creating 00:00:00 +∞
...Deploy with existing VPC
By default, c4 aws play -T creates a new Amazon Virtual Private Cloud (VPC) with the deployment. If you already have an Amazon VPC, you can create a deployment using the existing VPC instead. The subnet, internet gateway, routes, and endpoints of the existing VPC will then be used.
To deploy using an existing VPC you must add the following parameters to your c4 configuration file or set the parameters on the command line when you create the deployment. For more information about how to specify parameters in different locations, see Configuration parameters.
| Parameter name | Value | Description |
|---|---|---|
CCC_AWS_NEW_VPC
|
true (default) | A new VPC will be automatically created with the deployment. |
| false | A VPC must be specified with the CCC_AWS_SUBNET_ID and CCC_PLAY_NETWORK_CIDR parameters. |
|
CCC_AWS_SUBNET_ID
|
<subnet ID of the VPC> |
Identifier of the network to be used for the deployment. The subnet ID is found in the AWS Console. |
CCC_PLAY_NETWORK_CIDR
|
<IPv4 CIDR Block of the VPC> |
The IP address range that will be used for the nodes. The CIDR is determined in the AWS Console. This address range does not always equal the range set on the network and should therefore be explicitly set. Default: |
Instances role
The deployment instances can be assigned an existing Amazon Identity and Access Management (IAM) role that is specified in the c4 configuration, or a new IAM profile can be created with the deployment. To use an existing IAM profile, add the following parameters to the c4 configuration:
| Parameter name | Value | Description |
|---|---|---|
CCC_AWS_CREATE_IAM_PROFILE
|
true (default) |
A new AWS IAM profile will be created with the deployment. |
| false |
The IAM profile specified in |
|
CCC_AWS_IAM_PROFILE
|
(string) | Name of the AWS IAM role to use. |
Existing security group
To use an existing security group within an existing VPC, add the following parameters to the c4 configuration:
| Parameter name | Value | Description |
|---|---|---|
CCC_AWS_SECURITY_GROUP_ID
|
<security group ID> |
The security group ID is found in the AWS Console. If set to If |
CCC_AWS_SECURITY_GROUP_NAME
|
<security group name> |
The security group name is found in the AWS Console. If |
Disable Elastic IP
Elastic IP addresses are used by default for the nodes in Exasol AWS deployments. To disable the use of Elastic IP addresses, set the following parameter in the c4 configuration:
| Parameter name | Value | Description |
|---|---|---|
CCC_AWS_USE_EIP
|
true (default) |
Each node automatically gets an elastic IP address that can be used to access the node directly from the internet. The node has full outgoing communication, without any limitations, and ingoing communication to the allowed ports (by default, to SSH, HTTPS and EXASOL). |
| false |
The nodes will not get elastic IP addresses. By default, no direct outgoing or incoming communication with the node from the internet is possible. If the node will need internet access, this must be provided by special network configuration via a NAT gateway or a proxy server (not configured by default). |
When using an existing Amazon VPC with Elastic IP addresses disabled (CCC_AWS_USE_EIP=false), the following VPC endpoints must be defined:
- CloudFormation
- S3
- KMS
- EC2
- SSM
- SSM Messages
For more information about Amazon VPC endpoints, see What are VPC endpoints?.
AWS Systems Manager
AWS Systems Manager (SSM) is supported on deployments that are using a CloudFormation template (c4 aws play -T). Using SSM you can access the host and cos subsystems on an Exasol cluster that has no direct TCP/IP connection.
To set the connection method to SSM, set the following parameter in the c4 configuration:
It is not possible to connect interactively to the database using c4 connect -s db over SSM.
Disallow SSH
Both SSH and SSM are enabled by default in all Exasol AWS deployments. To disable SSH access for a deployment using SSM, specify AWS_SSH_KEY_PAIR=SSM on the command line when creating the deployment:
AWS availability zones
AWS availability zones (AZ) are supported for deployments using a CloudFormation template (c4 aws play -T).
By default, c4 play starts deployment without specifying availability zones. CloudFormation will then automatically assign all instances to a zone. To restrict deployment to specific availability zones, set the following parameters in the configuration file or include them in the c4 play command:
| Parameter (configuration file) | Parameter (command line) | Description |
|---|---|---|
|
|
--enable-availability-zones
|
Contains a list of available availability zones to be used in the deployment. |
|
|
--availability-zone
|
Assigns availability zones to instances. |
IP addresses
If only one availability zone is enabled, it will use IP addresses from the CCC_PLAY_SUBNETWORK_CIDR parameter.
If several availability zones are specified, the CCC_PLAY_SUBNETWORK_CIDR parameter is ignored and the networks of the zones automatically get IP addresses from the range 192.168.0.0/16 sliced by the /26 mask (192.168.0.0/26, 192.168.0.64/26 ...)
Examples
Example 1: Create 3 instances all in same eu-west-1c availability zone.
Example 2: Enable two availability zones and put all instances into one of them, keeping the second zone available for further deployments.
./c4 aws --enabled-availability-zones "eu-west-1b eu-west-1c" \
--availability-zone eu-west-1b play -T -N3 @exasol-8.23.4Example 3: Enable two availability zones and distribute instances between them in a round-robin fashion. In this example nodes 11, 13, and 15 will be in eu-west-1a, and nodes 12 and 14 will be in eu-west-1c.
Example 4: Enable all availability zones in the given region, use the special word all:
Example 5: Assign specific instances to distinct availability zones:
./c4 aws --enable-availability-zones "all" \
--availability-zone-11 eu-west-1c \
--availability-zone-13 eu-west-1a play -T -N5 @exasol-8.23.4This will create 5 instances where nodes 11 and 13 will be assigned to eu-west-1c and eu-west-1a respectively, and the other nodes will be distributed over all the enabled availability zones in a round-robin fashion:
| 11 | -> | eu-west-1c |
| 12 | -> | eu-west-1b |
| 13 | -> | eu-west-1a |
| 14 | -> | eu-west-1a |
| 15 | -> | eu-west-1b |
For more information about Availability Zones, see Regions and Zones.
Modify disk sizes
You can customize the size of the root and home partitions and of the data disks using the following configuration parameters:
| Parameter name | Description |
|---|---|
CCC_AWS_ROOT_DEVICE_SIZE
|
The size in GiB of the root partition on the installation disk. Default: 50 |
CCC_PLAY_OS_DISK_SIZE |
The size in GiB of the home partition on the installation disk. Default: 100 |
CCC_PLAY_DATA_DISK_SIZE
|
The size in GiB of the data disks. Default: 50 |
When you run c4 aws play -T the disks will automatically be created with the specified sizes.
As with other configuration parameters you can specify the values either in a configuration file or on the command line when you create the deployment. For more information, see Configuration parameters.
Example:
CCC_AWS_ROOT_DEVICE_SIZE=110 CCC_PLAY_OS_DISK_SIZE=120 CCC_PLAY_DATA_DISK_SIZE=75 c4 aws play -T @exasol-8.29.1The above deployment command will result in a disk layout such as this (device names are just examples):
$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 24.4M 1 loop /snap/amazon-ssm-agent/6312
loop1 7:1 0 91.9M 1 loop /snap/lxd/24061
loop2 7:2 0 49.8M 1 loop /snap/snapd/17950
loop3 7:3 0 55.6M 1 loop /snap/core18/2679
loop4 7:4 0 63.3M 1 loop /snap/core20/1822
loop5 7:5 0 41.6M 1 loop /snap/amazon-ssm-agent/8871
nvme1n1 259:0 0 120G 0 disk /home
nvme0n1 259:1 0 110G 0 disk
├─nvme0n1p1 259:5 0 109.9G 0 part /
├─nvme0n1p14 259:6 0 4M 0 part
└─nvme0n1p15 259:7 0 106M 0 part /boot/efi
nvme2n1 259:2 0 75G 0 disk
nvme3n1 259:3 0 75G 0 disk
nvme4n1 259:4 0 186.3G 0 diskIn the example, the root partition mounted at / is 110 GiB, the home partition /home is 120 GiB, and the data disks /dev/nvme2n1 and /dev/nvme3n1 are 75 GiB.
