These are instructions on how to deploy AdminUI for Cloud Foundry when you have cloud foundry deployed on AWS.
For deploying Cloud Foundry on AWS please use instruction on another gist.
###1. Bring up a new Ubuntu Instance on EC2 Fire up a new Ubuntu instance on EC2. Few things to keep in mind:
- The instance should be in the same VPC as the rest of the CF deploy.
- Make sure the instance has a public IP (if you are not using a load balancer)
- Once created go into route table associated with the Subnet of this new instance and add an additional route allowing traffic from the internet to be able to access this machine:
Destination Target Status Propogated
==========================================================
0.0.0.0/0 <Internet-gateway> Active No
The is the internet gateway for this VPC. You can check it up by going to VPC AWS service and then selecting Internet gateways.
###2. Ubuntu Prerequisite Libraries Installation
# Update your package listing
sudo apt-get update
sudo apt-get install -f -y --no-install-recommends git-core build-essential libssl-dev libsqlite3-dev openssl libpq-dev libmysqlclient-dev
###3. Ruby Installation
Ruby is required to run the Administration UI. This has been tested with Ruby 1.9.3-p484. Here is a sample installation of ruby using rbenv:
git clone https://github.com/sstephenson/rbenv.git ~/.rbenv
git clone https://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.profile
echo 'eval "$(rbenv init -)"' >> ~/.profile
. ~/.profile
rbenv install 1.9.3-p484
rbenv global 1.9.3-p484
###4. Ruby Bundler Gem Installation The bundler gem is required to install prerequisite gems for the Administration UI.
gem install bundler --no-rdoc --no-ri
Refresh the rbenv shims:
rbenv rehash
###5. Clone the Admin-UI code base.
git clone https://github.com/owaism/admin-ui.git
###6. Install Administration UI
cd admin-ui
bundle install
###7. Change Default Configurations
Default configurations are in config/default.yml. Make a copy before you change this file.
- Change
ccdb_urito reflect the CC DB that has been brought up in Amazon RDS. This CC DB would be generally be a MySql DB. Theccdb_uriwould be of format:
{protocol}://{db-user}:{db-user-password}@{host}:{port}/{db-name}
Example:
mysql2://u9fd93sdafc1a6:p3bb3f0fsdf234cccc7057ce4f@ccdb.c3z1rksdfafe.us-east-1.rds.amazonaws.com:3306/ccdb
Always use mysql2 and not mysql.
- Similarly change
uaadb_uri - Change
cloud_controller_urito point to your cloud controller which would be likehttp://api.<subdomain>.<domain>.com - Set
cloud_controller_ssl_verify_noneto true if you are using http or https with self signed cert. - Point
db_urito file location on the newly created instance which exists. For example by default it would be:sqlite:///data/store.db. Make sure that there is a directory/dataon your instance and the user with which you will start adminui later on has write access on this directory. - Change
mbusto point to the nat_zx machine. The format isnats://{nats_user}:{nats_password}@{private_ip_of_nats_machine}:4222{nats_user}: This is the user you specified in the CF deployment manifest.{nats_password}: This is the password that you specified for the nats user in the cf deployment manifest.{private_ip_of_nats_machine}: You can get this from AWS console. - Change the admin_ui_client_secret to a password that you would like
###8. Starting Admin UI
Start Admin UI as a background process. For this do the following:
# starts a new shell session with name adminui
$screen -S adminui
# In the new shell start the admin ui
$ruby bin/admin
The output will be similar to below:
$ ruby bin/admin
AdminUI files...
data: data/data.json
log: admin_ui.log
stats: sqlite:///data/store.db
Once started you can detach the screen session without stopping the foreground process by hitting CTRL-A and CTRL-B in quick succession.
You can always reattach to the same session by executing the below command:
$screen -r adminui
###9. Add route from port 80 to port 8070 This is required to access admin ui without providing a port. On Ubuntu you can do this by executing:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 8070
###10. Create UAA group and user
You need to create a group for admin ui and you need to add this group to a user so that the user can access the admin ui. You can execute the below set of commands from any machine that has uaac gem installed. Its better if you do it from your local machine.
# Target your bosh-lite UAA and get the 'admin' token
uaac target http://uaa.{subdomain}.{domain}.com
uaac token client get admin -s admin-secret
# Add 'scim.write' if not already there and re-get token
uaac client update admin --authorities "`uaac client get admin | \
awk '/:/{e=0}/authorities:/{e=1;if(e==1){$1="";print}}'` scim.write"
uaac token client get admin -s admin-secret
# Create a new group and add the 'admin' user to it
uaac group add admin_ui.admin
uaac member add admin_ui.admin admin
# Create the new UAA admin_ui_client
uaac client add admin_ui_client \
--authorities cloud_controller.admin,cloud_controller.read,cloud_controller.write,openid,scim.read \
--authorized_grant_types authorization_code,client_credentials,refresh_token \
--autoapprove true \
--scope admin_ui.admin,admin_ui.user,openid \
-s {admin_ui_secret}
###11. Access the Admin UI
- Go the following url to access the Admin UI:
http://{public-IP}/. - Use the user that you created above to access the UI.