Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

Assumptions: Setting it on AWS EC2 with Google Auth

Set up any one oAuth for Roost control-plane

Steps - Set up Google Auth Client

Steps - Set up OKTA Auth Client

  • Sign-in to your OKTA account with admin privileges (If you do not have an existing Okta account then sign-up at http://developer.okta.com )

  • From the left navigation menu, go to Applications -> Applications

  • Select Create App Integration → OIDC - OpenID Connect → Web Application, then click Next

  • Fill in the suitable App integration name, upload the logo

  • Add Sign-in redirect URIs

  • Allow Access to users thru Assignments → Controlled Access

    • Select the groups of users or Allow access to everyone

  • Save and Make a note of the Okta Client ID and the Client Secret (It is needed later in the config below)

  • From the left navigation menu, go to Security -> API

  • Make note of Issuer URI for default Authorization Server

    • something like https://{your_domain}.okta.com/oauth2/default

Optional Step - Set up AWS RDS database

  1. Select RDS

  2. Choose Create Database

  3. You can select “Easy Create” for “Amazon Aurora with MYSQL compatibility”

  4. Make a note of the writer instance database end-point, user and password (It is needed later in the config below)

  5. As a good practice, you can create a new user with read-write privileges and avoid using admin login.

Steps - EC2 Instance

  1. Launch EC2 instance

  2. Choose Ubuntu 20 (ubuntu-focal-20.04) AMI

  3. Instance Type as t3.medium

  4. Security group to allow from any source IP

    1. SSH (port 22)

    2. HTTP (port 80)

    3. HTTPS (port 443) and

    4. Custom TCP Port 2502, 5000, 5002, 60001, 60002, 60003, , 60004, 60005, 60006 (for Stun, Docker, Roost)

  5. Root volume storage should be 20 GB or more

  6. Preferred separate EBS volume of 100GB

  7. Enable Avoid Accidental Termination and disable EBS delete on termination

  8. Add tags and key-pair and launch

  9. Download key-pair; change permissions to 0400

  10. Review configuration and Launch Instance

  11. Connect to EC2 using SSH once it is running

Steps - Installing dependencies on EC2 Instance

  1. Mount the EBS volume
    Check the 100GB disk NAME

    lsblk 


    Use the EBS disk name that is not mounted

    sudo mkfs -t ext4 /dev/nvme1n1

    sudo mkdir /var/tmp/Roost

    sudo mount /dev/nvme1n1 /var/tmp/Roost

    sudo chown `id -u`:`id -g` /var/tmp/Roost/

Steps - Install SSL Certs

  1. Get the SSL_certs.key and SSL_certs.crt file for your organisation domain and put it under a folder that will be accessible to the current user. Preferred to be kept under /var/tmp/Roost/certs

  2. It is possible to use a self generated certificate (not recommended though)

  3. You can generate a self-signed certificate using command given below

  4. The “root.cer” will have to be installed to the certificate authority on all Roost user systems as a trusted certificate. Article with steps for all OS is mentioned here Install the Certificate Authority

  5. Instructions for generating the self-signed certs is given below.

    if [ ! -d /var/tmp/Roost ]; then
      sudo mkdir /var/tmp/Roost
      sudo chown `id -u`:`id -g` /var/tmp/Roost/
    fi
    mkdir certs;
    cd /var/tmp/Roost/certs
    curl -L https://remote-roostprod.s3.us-west-1.amazonaws.com/get-cert.sh -o get-cert.sh
    chmod +x get-cert.sh
    # Follow the instructions displayed after executing this script
    ./get-cert.sh

6. Update the root.cnf and server.cnf to reflect your organisation name and the DNS entries

7. Run the open_ssl commands displayed in the output of get-certs.sh

Steps - Configure Roost Environment and Start Docker containers

cd /var/tmp/Roost
curl -L https://remote-roostprod.s3.us-west-1.amazonaws.com/roost-enterprise.sh -o roost-enterprise.sh
chmod +x roost-enterprise.sh

download config.json

curl -L https://remote-roostprod.s3.us-west-1.amazonaws.com/main-config.json -o config.json

Sample Config looks like the below

  1. Replace the values to reflect for your organisation

  2. Remove the client_id/secrets for the 3rd party that is not needed

  3. Remove the ENV_DATABASE detail if database is not external

  4. Add JWT_SECRET

{
  "enterprise_name": "MyCompany",
  "enterprise_logo": "https://mycompany.ai/logos/LOGO-mycompany.png",
  "enterprise_email_domain": "mycompany.io",
  "enterprise_dns": "mycompany.io",
  "admin_email": "admin@mycompany.io",
  "email_sender": "noreply@mycompany.io",
  "email_sender_pass": "",

  "enterprise_ssl_certificate_path": "/var/tmp/Roost/certs/server.cer",
  "enterprise_ssl_certificate_key_path": "/var/tmp/Roost/certs/server.key",

  "ENV_SERVER": {
    "DEFAULT_PORT": 3000,
    "JWT_SECRET": "32-character-secure-long-secret",

    "GOOGLE_CLIENT_ID": "",
    "GOOGLE_CLIENT_SECRET": "",
    "AZURE_CLIENT_ID": "",
    "AZURE_CLIENT_SECRET": "",
    "GITHUB_CLIENT_ID": "",
    "GITHUB_CLIENT_SECRET": "",
    "LINKEDIN_CLIENT_ID": "",
    "LINKEDIN_CLIENT_SECRET": ""
  },

  "is_own_sql": "true",
  "ENV_DATABASE": {
    "MYSQL_HOST": "database-1-instance-1.region.rds.amazonaws.com",
    "MYSQL_PORT": 3306,

    "MYSQL_USERNAME": "MyUser",
    "MYSQL_PASSWORD": "MyPassword",
    "MYSQL_ROOT_PASSWORD": "AdminPassword"
  }
}

Starting the Roost.ai containers for the first time

cd /var/tmp/Roost
./roost-enterprise.sh -i all -c config.json 

Setting up Roost Proxy Server

Setting up Roost Proxy for Web Console

Verifying the Roost.ai components

  1. Connect to the public_ip/login using a browser

  2. Use the 3rd party auth to connect to the control-plane

Update Roost.ai Control-plane, when there is a new Roost release

cd /var/tmp/Roost;
chmod +x roost-enterprise.sh;

# assumption that the update is to a specific version
export WEB_VERSION=$react_app_tag DB_VERSION=$image_tag NESTJS_VERSION=$image_tag;

# skip the above, if idea is to update to latest image version
./roost-enterprise.sh -i upd-roostai -c config.json
  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.