...
5.2 Create Roost Schema
| Code Block |
|---|
5.3 Install SSL Certs
| Code Block |
|---|
mkdir /var/tmp/Roost/certs;
cd /var/tmp/Roost/certs
# Copy your organisation SSL certs here
# OR generate SSL certs |
...
| ||
sudo mysql -h <RDS URL> -u <> -P 3306 -p
# CREATE USER 'roost'@'localhost' identified WITH mysql_native_password by 'zbioRoost#123';
# GRANT ALL on *.* to 'roost'@'localhost';
\. /var/tmp/Roost/db/roost.sql |
5.3 Install SSL Certs
Get the SSL_certs.key and SSL_certs.crt file for your organisation domain and put it under a folder that will be accessible to the current user. Preferred to be kept under /var/tmp/Roost/certs
| Code Block | ||
|---|---|---|
| ||
cd /var/tmp/Roost/certs
# Copy your organisation SSL certs here (like server.cer and server.key)
# OR generate SSL certs |
Steps - Generate Self SSL Certs
It is possible to use a self generated certificate (not recommended though)
You can generate a self-signed certificate using command given below
The “root.cer” will have to be installed to the certificate authority on all Roost user systems as a trusted certificate. Article with steps for all OS is mentioned here Install the Certificate Authority
Instructions for generating the self-signed certs is given below.
Code Block cd /var/tmp/Roost/certs curl -L https://remote-roostprod.s3.us-west-1.amazonaws.com/get-cert.sh -o get-cert.sh chmod +x get-cert.sh # Follow the instructions displayed after executing this script ./get-cert.sh
Update the root.cnf and server.cnf to reflect your organisation name and the DNS entries
Run the open_ssl commands displayed in the output of get-certs.sh
5.4 Configure Roost
...
Download Roost Installation Script
...
JSON
| Code Block | ||
|---|---|---|
| ||
cd /var/tmp/Roost
|
...
Download config.json
...
vi config.json |
Sample Config looks like the below
Replace the values to reflect for your organisation
Keep values empty of the client_id/secrets for the 3rd party that is not needed
Keep ENV_DATABASE detail unchanged if database is not external
Add JWT_SECRET
Recommend value of remote_console_proxy is same as enterprise_dns unless you want to start proxy elsewhere.
If your servers are behind Load Balancer
user, set load_balancer : “true” for different configuration.
| Code Block |
|---|
{
"enterprise_name": "MyCompany",
"enterprise_logo": "https://roost.ai/hubfs/logos/LOGO-roost.png",
"enterprise_email_domain": "mycompany.io",
"enterprise_dns": "mycompany.io",
"remote_console_proxy": "mycompany.io",
"admin_email": "admin@mycompany.io",
"email_sender": "noreply@mycompany.io",
"email_sender_pass": "",
"email_smtp_host": "",
"email_smtp_port" : 465,
"load_balancer": "false",
"enterprise_ssl_certificate_path": "/var/tmp/Roost/certs/server.cer",
"enterprise_ssl_certificate_key_path": "/var/tmp/Roost/certs/server.key",
"ENV_SERVER": {
"DEFAULT_PORT": 3000,
"JWT_SECRET": "32-character-secure-long-secret",
"GOOGLE_CLIENT_ID": "",
"GOOGLE_CLIENT_SECRET": "",
"AZURE_CLIENT_ID": "",
"AZURE_CLIENT_SECRET": "",
"GITHUB_CLIENT_ID": "",
"GITHUB_CLIENT_SECRET": "",
"LINKEDIN_CLIENT_ID": "",
"LINKEDIN_CLIENT_SECRET": "",
"OKTA_CLIENT_ISSUER": "",
"OKTA_CLIENT_ID": "",
"OKTA_CLIENT_SECRET": ""
},
"is_own_sql": "false",
"ENV_DATABASE": {
"MYSQL_HOST": "mysqldb_host_url",
"MYSQL_PORT": 3306,
"MYSQL_USERNAME": "Roost",
"MYSQL_PASSWORD": "Roost#123",
"MYSQL_ROOT_PASSWORD": "Admin#123"
}
} |
Start Roost Control Plane Server
Code Block cd /var/tmp/Roost ./roost-enterprise.sh -i all -c config.json
Verifying the Roost.ai components
Connect to the <dns-name>/login using a browser
Use the 3rd party auth to connect to the control-plane
Next Steps:
Go to Admin Settings and
Enable cloud vendor of choice and provide default settings
Add the Roost EAAS Server EC2 details in the “Configure EAAS Server”
Enable JumpHost and refresh the page
Go to JumpHost settings and add the Roost EAAS Server EC2 details as 'default' jumpHost
...