Versions Compared

Version Old Version 3 New Version 4
Changes made by

Rakesh Chandran

Rakesh Chandran

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This instance will also act as the default jumpHost for user managed clusters. Optionally, it can host a Docker Host and Docker Insecure Registry

...

4.1 Launch Web Console Proxy Instance

  1. Launch EC2 instance

  2. Choose Ubuntu 20 (ubuntu-focal-20.04) AMI

  3. Instance Type as t3.medium

  4. Security group for web-console proxy to allow TCP traffic from VPC or any source IP

    1. TCP Port 5000 for Docker Host

    2. TCP Port 5002 for Docker Insecure Registry

    3. TCP Port 60001 for JumpHost RoostApi Server

    4. TCP Port 60002 for ClusterLauncher

    5. TCP Port 60003 for EaaS API Server

    6. TCP Port 60005 for Cypress Video Server

    7. TCP Port 60006 for Web-console(gotty) default service - ubuntu user

    8. TCP Port 62020-62050 for dynamic gotty ports - mapped to individual users

  5. Root volume storage should be 20 GB or more

  6. Preferred separate EBS volume of 100GB

  7. Enable Avoid Accidental Termination and disable EBS delete on termination

  8. Add tags and key-pair and launch

  9. Download key-pair; change permissions to 0400

  10. Review configuration and Launch Instance

  11. Connect to EC2 using SSH once it is running

...

4.1 Mount EBS Volume

Check the 100GB disk NAME

...

Code Block
sudo mkfs -t ext4 /dev/nvme1n1
sudo mkdir /var/tmp/Roost
sudo mount /dev/nvme1n1 /var/tmp/Roost
sudo chown `id -u`:`id -g` /var/tmp/Roost/
if [ ! -d /var/tmp/Roost ]; then
  sudo mkdir /var/tmp/Roost
  sudo chown `id -u`:`id -g` /var/tmp/Roost/
fi

5.3 Install SSL Certs

...



mkdir /var/tmp/Roost/certs;

...

Steps - Install SSL Certs

...

Get the SSL_certs.key and SSL_certs.crt file for your organisation domain and put it under a folder that will be accessible to the current user. Preferred to be kept under /var/tmp/Roost/certs

...

It is possible to use a self generated certificate (not recommended though)

...

You can generate a self-signed certificate using command given below

...

The “root.cer” will have to be installed to the certificate authority on all Roost user systems as a trusted certificate. Article with steps for all OS is mentioned here Install the Certificate Authority

...

Instructions for generating the self-signed certs is given below.

Code Block
cd /var/tmp/Roost/certs
curl -L https://remote-roostprod.s3.us-west-1.amazonaws.com/get-cert.sh -o get-cert.sh
chmod +x get-cert.sh
# Follow the instructions displayed after executing this script
./get-cert.sh

...

Update the root.cnf and server.cnf to reflect your organisation name and the DNS entries

...