Versions Compared

Version Old Version 24 New Version 25
Changes made by

Harish Agrawal

Harish Agrawal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Attribute

Selection

AMI

Choose Ubuntu 20 (ubuntu-focal-20.04) SSD Volume Type

Instance Type

t3a.largec5.2xlarge or bigger in CPU & memory

Shutdown behaviour (Stop)

Enable Termination Protection

Storage

Root Volume: 30GB (gp3)
EBS: 100GB (gp3) (Disable Delete on termination)

Termination protection

Enable

Security Group Rules

  1. SSH (port 22)HTTP (port 80)

  2. HTTPS (port 443)

  3. TCP Port 5000 for Docker Host

  4. TCP Port 5002 for Docker Insecure Registry

  5. TCP Port 60001 for Jump Host RoostApi Server

  6. TCP Port 60002 for Roost Cluster Launcher

  7. TCP Port 60003 for EaaS API Server

  8. TCP Port 60005 for Cypress Video Server

  9. TCP Port 60006 for Web-console(gotty) default service - ubuntu user

  10. TCP Port 62020-62120 for dynamic gotty ports - mapped to individual users

Tag

Name: Roost Control Plane

...

  1. Download key-pair; change permissions to 0400

  2. Review configuration and Launch Instance

  3. Connect to EC2 using SSH once it is running

  4. Mount EBS volume and fetch RoostInstaller (this step is taken care by the below command)

Code Block
breakoutModewide
curl -s https://roost-stable.s3.us-west-2.amazonaws.com/enterprise/roost.sh | SETUP=1 DISK=<> CUSTOMER=Lacework<> bash -

2: EC2 Instance: Roost EAAS Server

Similar to EC2 Instance 1 with few changes

Use the tags to give a different “Name” like “Roost EAAS Server” for ease of identification

This instance will also act as the default jumpHost “JumpHost” for user managed clusters. Optionally, it can host a Docker Host and Docker Insecure Registry.

Attribute

Selection

AMI

Choose Ubuntu 20 (ubuntu-focal-20.04) SSD Volume Type

Instance Type

c5.2xlarge or bigger in CPU & memory

Shutdown behaviour (Stop)

Enable Termination Protection

Storage

Root Volume: 30GB (gp3)
EBS: 100GB (gp3) ( Disable Delete on termination)

Termination protection

Enable

Security Group Rules

Please note if Controlplane and EaaS Server are in the same VPC, then we can use just Private IP and configure “All TCP” from security-group of the controlplane

If this instance is in a different region/VPC then we have to enable Public/External IP and open below traffic from anywhere

  1. SSH (port 22)

  2. HTTPS (port 443)

  3. TCP Port 5000 for Docker Host

  4. TCP Port 5002 for Docker Insecure Registry

  5. TCP Port 60001 for Jump Host RoostApi Server

  6. TCP Port 60002 for Roost Cluster Launcher

  7. TCP Port 60003 for EaaS API Server

  8. TCP Port 60005 for Cypress Video Server

  9. TCP Port 60006 for Web-console(gotty) default service - ubuntu user

  10. TCP Port 62020-62120 for dynamic gotty ports - mapped to individual users

Tag

Name: Roost EaaS Server

  1. Download key-pair; change permissions to 0400

  2. Review configuration and Launch Instance

  3. Connect to EC2 using SSH once it is running

  4. Mount EBS volume and fetch RoostInstaller

...

breakoutModewide

...

Further configuration of EaaS Server and JumpHost is enabled via the Admin page on Roost Enterprise Control Plane

<< Database Setup Roost Controlplane Setup >>