Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 3 Next »

This instance will also act as the default jumpHost for user managed clusters. Optionally, it can host a Docker Host and Docker Insecure Registry

5.1 Launch Web Console Proxy Instance

  1. Launch EC2 instance

  2. Choose Ubuntu 20 (ubuntu-focal-20.04) AMI

  3. Instance Type as t3.medium

  4. Security group for web-console proxy to allow TCP traffic from VPC or any source IP

    1. TCP Port 5000 for Docker Host

    2. TCP Port 5002 for Docker Insecure Registry

    3. TCP Port 60001 for JumpHost RoostApi Server

    4. TCP Port 60002 for ClusterLauncher

    5. TCP Port 60003 for EaaS API Server

    6. TCP Port 60005 for Cypress Video Server

    7. TCP Port 60006 for Web-console(gotty) default service - ubuntu user

    8. TCP Port 62020-62050 for dynamic gotty ports - mapped to individual users

  5. Root volume storage should be 20 GB or more

  6. Preferred separate EBS volume of 100GB

  7. Enable Avoid Accidental Termination and disable EBS delete on termination

  8. Add tags and key-pair and launch

  9. Download key-pair; change permissions to 0400

  10. Review configuration and Launch Instance

  11. Connect to EC2 using SSH once it is running

5.1 Mount EBS Volume

Check the 100GB disk NAME

lsblk

Use the EBS disk name that is not mounted

sudo mkfs -t ext4 /dev/nvme1n1
sudo mkdir /var/tmp/Roost
sudo mount /dev/nvme1n1 /var/tmp/Roost
sudo chown `id -u`:`id -g` /var/tmp/Roost/
if [ ! -d /var/tmp/Roost ]; then
  sudo mkdir /var/tmp/Roost
  sudo chown `id -u`:`id -g` /var/tmp/Roost/
fi

5.3 Install SSL Certs

mkdir /var/tmp/Roost/certs;

cd /var/tmp/Roost/certs
# Copy your organisation SSL certs here 
# OR generate SSL certs

Steps - Install SSL Certs

  1. Get the SSL_certs.key and SSL_certs.crt file for your organisation domain and put it under a folder that will be accessible to the current user. Preferred to be kept under /var/tmp/Roost/certs

  2. It is possible to use a self generated certificate (not recommended though)

  3. You can generate a self-signed certificate using command given below

  4. The “root.cer” will have to be installed to the certificate authority on all Roost user systems as a trusted certificate. Article with steps for all OS is mentioned here Install the Certificate Authority

  5. Instructions for generating the self-signed certs is given below.

    cd /var/tmp/Roost/certs
curl -L https://remote-roostprod.s3.us-west-1.amazonaws.com/get-cert.sh -o get-cert.sh
chmod +x get-cert.sh
# Follow the instructions displayed after executing this script
./get-cert.sh

  6. Update the root.cnf and server.cnf to reflect your organisation name and the DNS entries

  7. Run the open_ssl commands displayed in the output of get-certs.sh

  • No labels