Versions Compared

Version Old Version 16 New Version Current
Changes made by

Harish Agrawal

Harish Agrawal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This instance will be facing the team members for any Roost activity.

5.1 Get Roost Installer

...

  1. Connect to the previously created EC2 using SSH once it is running (if EC2 is private then you will need another instance to act as jump)

  2. Mount EBS volume and fetch RoostInstaller (this step is taken care by the below command, provided you mention the DISK like DISK=nvme1n1)

    Code Block
    # the below command will show the disks available
lsblk
Code Block
breakoutModewide
cd /var/tmp/Roost/
curl -Ls https://remoteroost-roostprodstable.s3.us-west-12.amazonaws.com/RoostInstaller -o RoostInstaller
chmod +x RoostInstaller

# Replace roost.customer.io with 
/var/tmp/Roost/RoostInstaller -command setup -entServer "roost.customer.io" -desiredVersion v1.0.1

5.2 Create Roost Schema

Code Block
breakoutModewide
sudo mysql -h <RDS URL> -u <> -P 3306 -p 
# CREATE USER 'roost'@'localhost' identified WITH mysql_native_password by 'zbioRoost#123';
# GRANT ALL on *.* to 'roost'@'localhost';
\. /var/tmp/Roost/db/roost.sql

5.3 Install SSL Certs

  1. Get the SSL_certs.key and SSL_certs.crt file for your organisation domain and put it under a folder that will be accessible to the current user. Preferred to be kept under /var/tmp/Roost/certs

Code Block
breakoutModewide
cd /var/tmp/Roost/certs
# Copy your organisation SSL certs here (like server.cer and server.key)

# OR generate SSL certs

Steps - Generate Self SSL Certs

  1. It is possible to use a self generated certificate (not recommended though)

  2. You can generate a self-signed certificate using command given below

  3. The “root.cer” will have to be installed to the certificate authority on all Roost user systems as a trusted certificate. Article with steps for all OS is mentioned here Install the Certificate Authority

  4. Instructions for generating the self-signed certs is given below.

    Code Block
    cd /var/tmp/Roost/certs

# Follow the instructions displayed after executing this script
./get-cert.sh

  5. Update the root.cnf and server.cnf to reflect your organisation name and the DNS entries

  6. Run the open_ssl commands displayed in the output of get-certs.sh

5.4 Configure Roost JSON

Code Block
breakoutModewide
cdenterprise/roost.sh | SETUP=1 DISK=nvme1n1 CUSTOMER=Lacework bash -

This instance will be facing the team members for any Roost activity.

5.1 Configure Roost JSON

Code Block
vi /var/tmp/Roost
vi /config.json

Sample Config looks like the below

  1. Replace the values to reflect for your organisationKeep values empty of the , especially DNS, admin_email

  2. Provide at least one set of oAuth client_id/secrets for the 3rd party that is not neededKeep provider

  3. Update ENV_DATABASE detail unchanged if database is not external

  4. Add JWT_SECRET

  5. Recommend value of remote_console_proxy is same as enterprise_dns unless you want to start proxy elsewhere.

  6. If your servers are behind Load Balancer, set load_balancer : “true” for different configuration.to reflect RDS Host, User and Password

Sample config.json
Code Block
{
  "enterprise_name": "MyCompany",
  "enterprise_logo": "https://roost.ai/hubfs/logos/LOGO-roost.png",
  "enterprise_email_domain": "mycompany.io",
  "enterprise_dns": "mycompany.io",
  "remote_console_proxy": "mycompany.io",
  "admin_email": "admin@mycompany.io",
  "email_sender": "noreply@mycompany.io",
  "email_sender_pass": "",
  "email_smtp_host": "",
  "email_smtp_port" : 465,

  "load_balancer": "falsetrue",

  "enterprise_ssl_certificate_path": "/var/tmp/Roost/certs/server.cer",
  "enterprise_ssl_certificate_key_path": "/var/tmp/Roost/certs/server.key",

  "ENV_SERVER": {
    "DEFAULT_PORT": 3000,
    "JWT_SECRET": "32-character-secure-long-secret",

    "GOOGLE_CLIENT_ID": "",
    "GOOGLE_CLIENT_SECRET": "",
    "AZURE_CLIENT_ID": "",
    "AZURE_CLIENT_SECRET": "",
    "GITHUB_CLIENT_ID": "",
    "GITHUB_CLIENT_SECRET": "",
    "LINKEDIN_CLIENT_ID": "",
    "LINKEDIN_CLIENT_SECRET": "",
    "OKTA_CLIENT_ISSUER": "",
    "OKTA_CLIENT_ID": "",
    "OKTA_CLIENT_SECRET": ""
  },

  "is_own_sql": "falsetrue",
  "ENV_DATABASE": {
    "MYSQL_HOST": "mysqldb_host_url",
    "MYSQL_PORT": 3306,

    "MYSQL_USERNAME": "Roost",
    "MYSQL_PASSWORD": "Roost#123",
    "MYSQL_ROOT_PASSWORD": "Admin#123",
  } }

Start Roost Control Plane Server

Code Block
cd /var/tmp/Roost
./roost-enterprise.sh -i all -c config.json

...

Verifying the Roost.ai components

  1. Connect to the <dns-name>/login using a browser

  2. Use the 3rd party auth to connect to the control-plane

...

Next Steps:

Go to Admin Settings and

  1. Enable cloud vendor of choice and provide default settings

  2. Add the Roost EAAS Server EC2 details in the “Configure EAAS Server”

  3. Enable JumpHost and refresh the page

  4. Go to JumpHost settings and add the Roost EAAS Server EC2 details as 'default' jumpHost

...

 "MYSQL_DB_NAME": "roostio"
  }
}

<< AWS Route 53, ALB, ACM Setup Start Control Plane >>