3.1. Installation#

Overview#

Mission Control consists of a Java backend server accessed via a web front end. Data is stored in a PostgreSQL database. Mission Control has to run on the same cluster and infrastructure used for the SEP installation it controls.

Installation on AWS#

We provide an Amazon Machine Image (AMI) for Mission Control. You can get the latest release from Starburst.

With the AMI available to you, launch your EC2 instance and ensure you keep the following requirements in mind:

  • Select your region and other account parameters as desired for the deployment of Mission Control, as well as the overall Presto deployment with coordinator and workers running in one or more clusters.
  • Instance type of t2.small is sufficient.

Alternatively you can use our CloudFormation template file Mission-Control-<release-version>.yml and create the stack in the web interface or from the command line:

aws cloudformation create-stack \
--stack-name "mission-control" \
--template-body "file://Mission-Control-<release-version>.yml" \
--parameters \
    ParameterKey=Vpc,ParameterValue="vpc-123" \
    ParameterKey=Subnet,ParameterValue="subnet-456" \
    ParameterKey=SecurityGroups,ParameterValue="sg-xyz" \
    ParameterKey=KeyName,ParameterValue="MyMCKey" \
    ParameterKey=AppInstanceType,ParameterValue=t2.small \
    ParameterKey=DBInstanceClass,ParameterValue=db.t2.micro \
    ParameterKey=EphemeralDatabase,ParameterValue=yes \
    ParameterKey=AuthenticationTypes,ParameterValue=INTERNAL \
--capabilities CAPABILITY_IAM

CloudFormation Parameters#

The network configuration parameters for the Mission Control EC2 instance are necessary to determine location and access:

Network Configuration Parameters#
Parameter key Description Example
Vpc VPC ID vpc-12345
Subnet Subnet for the Mission Control instance subnet-45678
SecurityGroups Security groups for Mission Control sg-xyz
KeyName Name of an EC2 KeyPair to enable SSH access to the instance MyMCKey
AppInstanceType EC2 instance type to use for the Mission Control server t2.small

To enable TLS/SSL for the Mission Control server, use the HTTPS Configuration parameters:

HTTPS Configuration Parameters#
Parameter key Description Default Example
HttpsEnabled Enable HTTPS for Mission Control no yes
HttpsPort Port to use for HTTPS to access Mission Control 5043 5044
HttpsCertificateUrl S3 URL of the TLS certificate for HTTPS.   s3:://bucket_name/key_name/mc.crt
HttpsCertificatePassword The password for the TLS certificate.   9308kja=nasdfjba-23f%

Mission Control supports three types of authentication mechanisms, with can be configured with the following authentication parameters. More information can be found in the security section.

Authentication Parameters#
Parameter key Description Default Example
AuthenticationTypes Comma delimited list of authentication types in the App. Allowed values are LDAP, INTERNAL, and GOOGLE. INTERNAL LDAP
LdapServerHost IP of the LDAP Server. Required only for LDAP authentication. This must be a valid IP address of the form x.x.x.x   172.8.9.10
LdapServerPort The port of the LDAP Server. Required only for LDAP authentication 636 389
LdapsEnabled Enable if the LDAP Server is secured (ldaps). Required only for LDAP authentication. yes no
LdapUserBindPattern Custom user bind pattern   ${USER}@example.com
GoogleClientId Client ID from Google API console. Required only for GOOGLE authentication.   1234567890
GoogleClientSecret Client secret from Google API console. Required only for GOOGLE authentication.   mygooglesecret
GoogleHostedDomain Organization domain name hosted by Google. Required only for GOOGLE authentication.   example.com

The configuration for a PostgreSQL database as Amazon RDS instance used by Mission Control is required:

Database Configuration Parameters#
Parameter key Description Default Example
DatabaseSubnetGroup The DB Subnet Group for Mission Control’s RDS database. See documentation on DB Subnet Group for more information. default default
DBInstanceClass The DB Instance Class for Mission Control’s RDS database. See documentation on DB Instance Class for information about possible values. db.m5.large db.m1.medium
DBSnapshotIdentifier Optional parameter for the name or Amazon Resource Name (ARN) of the DB snapshot that will be used to restore the App’s backing RDS database instance.   my-snapshot-id
EphemeralDatabase When enabled Mission Control will use an embedded database on local storage instead of an RDS instance. Strongly discouraged for production use. no yes

Once your Mission Control instance is up and running, note down the fully qualified domain name (host name) and navigate to it in a browser at port 5042, or 5043 if using HTTPS - http://hostname:5042. Now you are ready to proceed to log in and get started.

Mission Control can now manage your data sources and clusters, which replaces the traditional management with configuration files. Our Presto AWS documentation contains more detailed information about connecting to the Presto dashboard and other aspects.

Installation on Kubernetes#

Mission Control can be run on any Kubernetes cluster, including Azure Kubernetes Service AKS and Google Kubernetes Engine GKE. It can also be run on other Kubernetes deployments run and managed by your infrastructure team or from other public providers.

We provide a Kubernetes operator that includes references to the necessary Docker containers, helm charts and other resources.

Ensure you have the following files from Starburst at hand:

  • postgres.yaml
  • missioncontrol.yaml

To add your custom configuration to Mission Control, you can modify the mission-control-config secret configuration in missioncontrol.yaml. Refer to configuration section for the supported configuration properties.

Now start your Kubernetes cluster, which you want to use for Mission Control and your Presto deployment and connect to it with kubectl.

Deploy and start the PostgreSQL backend database.

kubectl apply -f postgres.yaml

Deploy and start the Mission Control server:

kubectl apply -f missioncontrol.yaml

After a short while everything is up and running. Confirm the details of the service with kubectl.

kubectl get service/mission-control-service

Once the server is up and running, take note of the server URL or IP, and proceed to log in and get started.

Mission Control can now manage your data sources and clusters, which replaces the traditional management with configuration files. Our Presto Kubernetes documentation contains contains more detailed information about connecting to the Presto dashboard and other aspects.

Configuration#

The Mission Control application is automatically configured with reasonable default values, as part of the installation process on AWS and Kubernetes.

The configuration can be updated, and is controlled in two separate files:

  • general server configuration in etc/config.properties
  • Java runtime configuration in etc/jvm.properties

Server Configuration in config.properties#

The installation methods for Mission Control automatically include a suitable configuration file.

If you are using the Mission Control CFT for deployment, the following properties are available as CFT parameters. For Kubernetes deployments, update the mission-control-config secret configuration in missioncontrol.yaml with the required properties.

environment.type:

Determines the environment used for the Presto deployment. Currently needs KUBERNETES for Kubernetes-based systems and can be omitted for AWS deployments.

aws.*

The AWS parameters define the AWS system to use.

aws.workspace = s3://example/app/workspace
aws.default-vpc = vpc-123
aws.default-subnet = subnet-456

storage.jdbc.url, storage.jdbc.username and storage.jdbc.password:

The URL, username and password to the PostgreSQL database used by Mission Control for configuration and other storage.

authentication.type and authorization.type:

The sequence of authentication and authorization systems to use. Possible values are INTERNAL, LDAP and GOOGLE. More information can be found in the security section.

ldap.url, ldap.user-bind-pattern:

Parameters to define the LDAP server connection to use for LDAP authentication and authorization.

authentication.google.client-id, authentication.google.secret and authentication.google.hosted-domain:

Parameters to enable GOOGLE authentication for Mission control.

http-server.https.enabled, http-server.https.keystore.path, http-server.https.keystore.key and http-server.https.port:

Parameters to enable TLS/SSL for Mission Control server.

Java Runtime Configuration in jvm.config#

The default configuration for the Java Virtual Machine running the Mission Control backend is sufficient. If desired it can be adjusted. Changes require a restart of the application.

-server
-Xmx1G
-XX:+HeapDumpOnOutOfMemoryError
-XX:+UseGCOverheadLimit
-XX:+ExitOnOutOfMemoryError
-Djdk.attach.allowAttachSelf=true