Versions Compared

Version Old Version 3 New Version Current
Changes made by

Rakesh Chandran

Harish Agrawal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Launch 2 instances with below attributes

You can use the AWS option to launch 3 instances.

  • Public Jump for accessing Private EC2 Instance

  • Private Roost Control Plane

  • Private EaaS Server Or Jump Host Server for Managed/User K8s

1. Public EC2 Instance: For access to private instance

Attribute

Selection

AMI

Choose Ubuntu 20 (ubuntu-focal-20.04) SSD Volume Type

Instance Type

t2.micro

Shutdown behaviour (Stop)

Enable Termination Protection

Storage

Root Volume: 8GB (gp2)

Termination protection

Enable

Security Group Rules

Default Security Group

Inbound Rules with “Source as MyIP or Anywhere”

  1. SSH (port 22)

Tag

Name: RoostAccessJump

Public IP

Enabled

VPC and AZ

Same as the entire setup (suggest that you create a dedicated VPC and other networking components for Roost)

  1. Download key-pair; change permissions to 0400

  2. Review configuration and Launch Instance

2. EC2 Instance: Roost Control Plane

Below configuration is good for 2-3 team size

Attribute

Selection

AMI

Choose Ubuntu 20 (ubuntu-focal-20.04) SSD Volume Type

Instance Type

c5.2xlarge or bigger in CPU & memory

Shutdown behaviour (Stop)

Enable Termination Protection

Storage

Root Volume: 30GB (gp3)
EBS: 100GB (gp3) (Disable Delete on termination)

Termination protection

Enable

Security Group Rules

Inbound Rules with “Source as VPC Default SG”

  1. SSH (port 22)

  2. HTTPS (port 443)

Tag

Name: Roost Control Plane

Public IP

Disabled

  1. Download key-pair; change permissions to 0400

  2. SCP the PEM key to the public instance (created in Part 1)

  3. Review configuration and Launch Instance

3: EC2 Instance: Roost EAAS Server or JumpHost

Similar to EC2 Instance 1 with few changes

Use the tags to give a different “Name” like “Roost EAAS Server” for ease of identification

This instance will also act as the default jumpHost “JumpHost” for user managed clusters. Optionally, it can host a Docker Host and Docker Insecure Registry

5.1 Launch Web Console Proxy Instance

...

.

Attribute

Selection

AMI

Choose Ubuntu 20 (ubuntu-focal-20.04)

...

SSD Volume Type

Instance Type

...

c5.2xlarge or bigger in CPU & memory

Shutdown behaviour (Stop)

Enable Termination Protection

Storage

Root Volume: 30GB (gp3)
EBS: 100GB (gp3) ( Disable Delete on termination)

Termination protection

Enable

Security Group Rules

Please note if Controlplane and EaaS Server are in the same VPC, then we can use just Private IP and configure “All TCP” from security-group of the controlplane

If this instance is in a different region/VPC then we have to enable Public/External IP and open below traffic from anywhere

Inbound Rules with “Source as Roost Control plane SG”

  1. SSH (port 22)

  2. HTTPS (port 443)

  3. TCP Port 5000 for Docker Host

  4. TCP Port 5002 for Docker Insecure Registry

  5. TCP Port 60001 for

...

  1. Jump Host RoostApi Server

  2. TCP Port 60002 for

...

  1. Roost Cluster Launcher

  2. TCP Port 60003 for EaaS API Server

  3. TCP Port 60005 for Cypress Video Server

  4. TCP Port 60006 for Web-console(gotty) default service - ubuntu user

  5. TCP Port 62020-

...

  1. 62120 for dynamic gotty ports - mapped to individual users

...

Root volume storage should be 20 GB or more

...

Preferred separate EBS volume of 100GB

...

Enable Avoid Accidental Termination and disable EBS delete on termination

Tag

Name: Roost EaaS Server

Public IP

Disabled

  1. Download key-pair; change permissions to 0400

  2. SCP the PEM key to the public instance (created in Part 1)

  3. Review configuration and Launch Instance

...

Connect to EC2 using SSH once it is running

5.1 Mount EBS Volume

Check the 100GB disk NAME

Code Block
lsblk

Use the EBS disk name that is not mounted

Code Block
sudo mkfs -t ext4 /dev/nvme1n1
sudo mkdir /var/tmp/Roost
sudo mount /dev/nvme1n1 /var/tmp/Roost
sudo chown `id -u`:`id -g` /var/tmp/Roost/
if [ ! -d /var/tmp/Roost ]; then
  sudo mkdir /var/tmp/Roost
  sudo chown `id -u`:`id -g` /var/tmp/Roost/
fi

5.3 Install SSL Certs

Code Block
mkdir /var/tmp/Roost/certs;

cd /var/tmp/Roost/certs
# Copy your organisation SSL certs here 
# OR generate SSL certs

Steps - Install SSL Certs

...

Get the SSL_certs.key and SSL_certs.crt file for your organisation domain and put it under a folder that will be accessible to the current user. Preferred to be kept under /var/tmp/Roost/certs

...

It is possible to use a self generated certificate (not recommended though)

...

You can generate a self-signed certificate using command given below

...

The “root.cer” will have to be installed to the certificate authority on all Roost user systems as a trusted certificate. Article with steps for all OS is mentioned here Install the Certificate Authority

...

Instructions for generating the self-signed certs is given below.

Code Block
cd /var/tmp/Roost/certs
curl -L https://remote-roostprod.s3.us-west-1.amazonaws.com/get-cert.sh -o get-cert.sh
chmod +x get-cert.sh
# Follow the instructions displayed after executing this script
./get-cert.sh

...

Update the root.cnf and server.cnf to reflect your organisation name and the DNS entries

...

Further configuration of EaaS Server and JumpHost is enabled via the Admin page on Roost Enterprise Control Plane

<< VPC, Subnet & NAT Setup 6. AWS Route 53, ALB, ACM >>