Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 12 Next »

This instance will be facing the team members for any Roost activity.

5.1 Launch Control Plane Instance

Create an EC2 instance with the steps mentioned below.

  1. Launch EC2 instance

  2. Choose Ubuntu 20 (ubuntu-focal-20.04) AMI

  3. Instance Type as t3.medium

  4. Security group to allow control-plane traffic from any source IP or just the private VPC/Subnets.

    • SSH (port 22)

    • HTTP (port 80)

    • HTTPS (port 443) and

    • Custom TCP Port 2502 (for Stun)

    • TCP Port 5000 for Docker Host

    • TCP Port 5002 for Docker Insecure Registry

    • TCP Port 60001 for JumpHost RoostApi Server

    • TCP Port 60002 for ClusterLauncher

    • TCP Port 60003 for EaaS API Server

    • TCP Port 60005 for Cypress Video Server

    • TCP Port 60006 for Web-console(gotty) default service - ubuntu user

    • TCP Port 62020-62050 for dynamic gotty ports - mapped to individual users

  5. Root volume storage should be 20 GB or more.

  6. Preferred separate EBS volume of 100GB

  7. Enable Avoid Accidental Termination and disable EBS delete on termination

  8. Add tags and key-pair and launch.

  9. Download key-pair; change permissions to 0400

  10. Review configuration and Launch Instance

  11. Connect to EC2 using SSH once it is running

5.2 Mount EBS volume


Check the 100GB disk NAME

lsblk

Use the EBS disk name that is not mounted

sudo mkfs -t ext4 /dev/nvme1n1
sudo mkdir /var/tmp/Roost
sudo mount /dev/nvme1n1 /var/tmp/Roost
sudo chown `id -u`:`id -g` /var/tmp/Roost/
if [ ! -d /var/tmp/Roost ]; then
  sudo mkdir /var/tmp/Roost
  sudo chown `id -u`:`id -g` /var/tmp/Roost/
fi

5.3 Install SSL Certs

mkdir /var/tmp/Roost/certs;

cd /var/tmp/Roost/certs
# Copy your organisation SSL certs here 
# OR generate SSL certs

Steps - Install SSL Certs

  1. Get the SSL_certs.key and SSL_certs.crt file for your organisation domain and put it under a folder that will be accessible to the current user. Preferred to be kept under /var/tmp/Roost/certs

  2. It is possible to use a self generated certificate (not recommended though)

  3. You can generate a self-signed certificate using command given below

  4. The “root.cer” will have to be installed to the certificate authority on all Roost user systems as a trusted certificate. Article with steps for all OS is mentioned here Install the Certificate Authority

  5. Instructions for generating the self-signed certs is given below.

    cd /var/tmp/Roost/certs
curl -L https://remote-roostprod.s3.us-west-1.amazonaws.com/get-cert.sh -o get-cert.sh
chmod +x get-cert.sh
# Follow the instructions displayed after executing this script
./get-cert.sh

  6. Update the root.cnf and server.cnf to reflect your organisation name and the DNS entries

  7. Run the open_ssl commands displayed in the output of get-certs.sh

5.4 Roost Installation

  1. Download Roost Installation Script

    cd /var/tmp/Roost
curl -L https://remote-roostprod.s3.us-west-1.amazonaws.com/roost-enterprise.sh -o roost-enterprise.sh
chmod +x roost-enterprise.sh

  2. Download config.json

    curl -L https://remote-roostprod.s3.us-west-1.amazonaws.com/main-config.json -o config.json

    Sample Config looks like the below

    1. Replace the values to reflect for your organisation

    2. Keep values empty of the client_id/secrets for the 3rd party that is not needed

    3. Keep ENV_DATABASE detail unchanged if database is not external

    4. Add JWT_SECRET

    5. Recommend value of remote_console_proxy is same as enterprise_dns unless you want to start proxy elsewhere.

    6. If your servers are behind Load Balancer user load_balancer : “true” for different configuration.

    {
  "enterprise_name": "MyCompany",
  "enterprise_logo": "https://roost.ai/hubfs/logos/LOGO-roost.png",
  "enterprise_email_domain": "mycompany.io",
  "enterprise_dns": "mycompany.io",
  "remote_console_proxy": "mycompany.io",
  "admin_email": "admin@mycompany.io",
  "email_sender": "noreply@mycompany.io",
  "email_sender_pass": "",
  "email_smtp_host": "",
  "email_smtp_port" : 465,

  "load_balancer": "false",

  "enterprise_ssl_certificate_path": "/var/tmp/Roost/certs/server.cer",
  "enterprise_ssl_certificate_key_path": "/var/tmp/Roost/certs/server.key",

  "ENV_SERVER": {
    "DEFAULT_PORT": 3000,
    "JWT_SECRET": "32-character-secure-long-secret",

    "GOOGLE_CLIENT_ID": "",
    "GOOGLE_CLIENT_SECRET": "",
    "AZURE_CLIENT_ID": "",
    "AZURE_CLIENT_SECRET": "",
    "GITHUB_CLIENT_ID": "",
    "GITHUB_CLIENT_SECRET": "",
    "LINKEDIN_CLIENT_ID": "",
    "LINKEDIN_CLIENT_SECRET": "",
    "OKTA_CLIENT_ISSUER": "",
    "OKTA_CLIENT_ID": "",
    "OKTA_CLIENT_SECRET": ""
  },

  "is_own_sql": "false",
  "ENV_DATABASE": {
    "MYSQL_HOST": "mysqldb_host_url",
    "MYSQL_PORT": 3306,

    "MYSQL_USERNAME": "Roost",
    "MYSQL_PASSWORD": "Roost#123",
    "MYSQL_ROOT_PASSWORD": "Admin#123"
  }
}


  3. Start Roost Control Plane Server

    cd /var/tmp/Roost
./roost-enterprise.sh -i all -c config.json

  4. Verifying the Roost.ai components

    1. Connect to the <dns-name>/login using a browser

    2. Use the 3rd party auth to connect to the control-plane

  5. Next Steps:

    Go to Admin Settings and

    1. Enable cloud vendor of choice and provide default settings

    2. Add the Roost EAAS Server EC2 details in the “Configure EAAS Server”

    3. Enable JumpHost and refresh the page

    4. Go to JumpHost settings and add the Roost EAAS Server EC2 details as 'default' jumpHost

<< Previous >> Next

  • No labels