Versions Compared

Version Old Version 2 New Version 3
Changes made by

Rakesh Chandran

Rakesh Chandran

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
mkdir /var/tmp/Roost/certs;

cd /var/tmp/Roost/certs
# Copy your organisation SSL certs here 
# OR generate SSL certs

Steps - Install SSL Certs

  1. Get the SSL_certs.key and SSL_certs.crt file for your organisation domain and put it under a folder that will be accessible to the current user. Preferred to be kept under /var/tmp/Roost/certs

  2. It is possible to use a self generated certificate (not recommended though)

  3. You can generate a self-signed certificate using command given below

  4. The “root.cer” will have to be installed to the certificate authority on all Roost user systems as a trusted certificate. Article with steps for all OS is mentioned here Install the Certificate Authority

  5. Instructions for generating the self-signed certs is given below.

    Code Block
    cd /var/tmp/Roost/certs
curl -L https://remote-roostprod.s3.us-west-1.amazonaws.com/get-cert.sh -o get-cert.sh
chmod +x get-cert.sh
# Follow the instructions displayed after executing this script
./get-cert.sh

  6. Update the root.cnf and server.cnf to reflect your organisation name and the DNS entries

  7. Run the open_ssl commands displayed in the output of get-certs.sh

4.4 Roost Installation

  1. Download Roost Installation Script

    Code Block
    cd /var/tmp/Roost
curl -L https://remote-roostprod.s3.us-west-1.amazonaws.com/roost-enterprise.sh -o roost-enterprise.sh
chmod +x roost-enterprise.sh

  2. Download config.json

    Code Block
    curl -L https://remote-roostprod.s3.us-west-1.amazonaws.com/main-config.json -o config.json

    Sample Config looks like the below

    1. Replace the values to reflect for your organisation

    2. Keep values empty of the client_id/secrets for the 3rd party that is not needed

    3. Keep ENV_DATABASE detail unchanged if database is not external

    4. Add JWT_SECRET

    5. Recommend value of remote_console_proxy is same as enterprise_dns unless you want to start proxy elsewhere.

    6. If your servers are behind Load Balancer user load_balancer : “true” for different configuration.

    Code Block
    {
  "enterprise_name": "MyCompany",
  "enterprise_logo": "https://mycompany.ai/logos/LOGO-mycompany.png",
  "enterprise_email_domain": "mycompany.io",
  "enterprise_dns": "mycompany.io",
  "remote_console_proxy": "mycompany.io"
  "admin_email": "admin@mycompany.io",
  "email_sender": "noreply@mycompany.io",
  "email_sender_pass": "",
  "load_balancer": "false",

  "enterprise_ssl_certificate_path": "/var/tmp/Roost/certs/server.cer",
  "enterprise_ssl_certificate_key_path": "/var/tmp/Roost/certs/server.key",

  "ENV_SERVER": {
    "DEFAULT_PORT": 3000,
    "JWT_SECRET": "32-character-secure-long-secret",

    "GOOGLE_CLIENT_ID": "",
    "GOOGLE_CLIENT_SECRET": "",
    "AZURE_CLIENT_ID": "",
    "AZURE_CLIENT_SECRET": "",
    "GITHUB_CLIENT_ID": "",
    "GITHUB_CLIENT_SECRET": "",
    "LINKEDIN_CLIENT_ID": "",
    "LINKEDIN_CLIENT_SECRET": ""
  },

  "is_own_sql": "true",
  "ENV_DATABASE": {
    "MYSQL_HOST": "database-1-instance-1.region.rds.amazonaws.com",
    "MYSQL_PORT": 3306,

    "MYSQL_USERNAME": "MyUser",
    "MYSQL_PASSWORD": "MyPassword",
    "MYSQL_ROOT_PASSWORD": "AdminPassword"
  }
}


  3. Start Roost Control Plane Server

    Code Block
    cd /var/tmp/Roost
./roost-enterprise.sh -i all -c config.json

  4. Verifying the Roost.ai components

    1. Connect to the public_ip/login using a browser

    2. Use the 3rd party auth to connect to the control-plane

  5. Next Steps:

    Go to Admin Settings and

    1. Enable cloud vendor of choice and provide default settings

    2. Add the webconsole-proxy EC2 details in the “Configure EC2 Launcher”

    3. Enable JumpHost and refresh the page

    4. Go to JumpHost settings and add the webconsole-proxy EC2 details as 'default' jumpHost

...