This instance will be facing the team members for any Roost activity.
5.1 Get Roost Installer
Replace Enterprise Server URL
...
| breakoutMode | wide |
|---|
...
Connect to the previously created EC2 using SSH once it is running (if EC2 is private then you will need another instance to act as jump)
Mount EBS volume and fetch RoostInstaller (this step is taken care by the below command, provided you mention the DISK like DISK=nvme1n1)
Code Block # the below command will show the disks available lsblk
| Code Block | ||
|---|---|---|
|
...
curl -s https:// |
...
roost-stable. |
...
| Code Block | ||
|---|---|---|
| ||
# Replace zbioroost.link with enterprise server url
/var/tmp/Roost/bin/RoostInstaller -command write -entServer "zbioroost.link" -desiredVersion v1.0.2 |
| Code Block | ||
|---|---|---|
| ||
# Execute below command to get necessary files
/var/tmp/Roost/bin/RoostInstaller -command setup |
5.2 Create Roost Schema (if using RDS)
| Code Block | ||
|---|---|---|
| ||
# supply password at prompt
sudo mysql -h <RDS URL> -u <> -P 3306 -p
\. /var/tmp/Roost/db/roost.sql
# CREATE USER 'roost'@'localhost' identified WITH mysql_native_password by 'zbioRoost#123';
# GRANT ALL on *.* to 'roost'@'localhost'; |
5.3 Install SSL Certs (can skip for the second EC2)
Get the SSL_certs.key and SSL_certs.crt file for your organisation domain and put it under a folder that will be accessible to the current user. Preferred to be kept under /var/tmp/Roost/certs
| Code Block | ||
|---|---|---|
| ||
cd /var/tmp/Roost/certs
# Copy your organisation SSL certs here (like server.cer and server.key)
# OR generate SSL certs |
Steps - Generate Self SSL Certs
5.4 Configure Roost JSON
| Code Block | ||
|---|---|---|
| ||
cds3.us-west-2.amazonaws.com/enterprise/roost.sh | SETUP=1 DISK=nvme1n1 CUSTOMER=Lacework bash - |
This instance will be facing the team members for any Roost activity.
5.1 Configure Roost JSON
| Code Block |
|---|
vi /var/tmp/Roost vi /config.json |
Sample Config looks like the below
Replace the values to reflect for your organisationKeep values empty of the , especially DNS, admin_email
Provide at least one set of oAuth client_id/secrets for the 3rd party that is not needed (one set is needed at least)Keep provider
Update ENV_DATABASE detail unchanged if database is not external
Add JWT_SECRET
Recommend value of remote_console_proxy is same as enterprise_dns unless you want to start proxy elsewhere.
If your servers are behind Load Balancer, set load_balancer : “true” for different configuration.to reflect RDS Host, User and Password
Sample config.json
| Code Block |
|---|
{
"enterprise_name": "MyCompany",
"enterprise_logo": "https://roost.ai/hubfs/logos/LOGO-roost.png",
"enterprise_email_domain": "mycompany.io",
"enterprise_dns": "mycompany.io",
"remote_console_proxy": "mycompany.io",
"admin_email": "admin@mycompany.io",
"email_sender": "noreply@mycompany.io",
"email_sender_pass": "",
"email_smtp_host": "",
"email_smtp_port" : 465,
"load_balancer": "falsetrue",
"enterprise_ssl_certificate_path": "/var/tmp/Roost/certs/server.cer",
"enterprise_ssl_certificate_key_path": "/var/tmp/Roost/certs/server.key",
"ENV_SERVER": {
"DEFAULT_PORT": 3000,
"JWT_SECRET": "32-character-secure-long-secret",
"GOOGLE_CLIENT_ID": "",
"GOOGLE_CLIENT_SECRET": "",
"AZURE_CLIENT_ID": "",
"AZURE_CLIENT_SECRET": "",
"GITHUB_CLIENT_ID": "",
"GITHUB_CLIENT_SECRET": "",
"LINKEDIN_CLIENT_ID": "",
"LINKEDIN_CLIENT_SECRET": "",
"OKTA_CLIENT_ISSUER": "",
"OKTA_CLIENT_ID": "",
"OKTA_CLIENT_SECRET": ""
},
"is_own_sql": "falsetrue",
"ENV_DATABASE": {
"MYSQL_HOST": "mysqldb_host_url",
"MYSQL_PORT": 3306,
"MYSQL_USERNAME": "Roost",
"MYSQL_PASSWORD": "Roost#123",
"MYSQL_ROOT_PASSWORD": "Admin#123",
"MYSQL_DB_NAME": "roostio"
}
} |
Next step is to Start the Roost Control Plane
Start Roost Control Plane Server
...