Deploying Cloud Foundry AdminUI on AWS

Deploying Cloud Foundry AdminUI on AWS.md

These are instructions on how to deploy AdminUI for Cloud Foundry when you have cloud foundry deployed on AWS.

For deploying Cloud Foundry on AWS please use instruction on another gist.

###1. Bring up a new Ubuntu Instance on EC2 Fire up a new Ubuntu instance on EC2. Few things to keep in mind:

1. The instance should be in the same VPC as the rest of the CF deploy.
2. Make sure the instance has a public IP (if you are not using a load balancer)
3. Once created go into route table associated with the Subnet of this new instance and add an additional route allowing traffic from the internet to be able to access this machine:

Destination   Target                   Status   Propogated
==========================================================
0.0.0.0/0     <Internet-gateway>       Active    No

The is the internet gateway for this VPC. You can check it up by going to VPC AWS service and then selecting Internet gateways.

###2. Ubuntu Prerequisite Libraries Installation

# Update your package listing
sudo apt-get update

sudo apt-get install -f -y --no-install-recommends git-core build-essential libssl-dev libsqlite3-dev openssl libpq-dev libmysqlclient-dev

###3. Ruby Installation

Ruby is required to run the Administration UI. This has been tested with Ruby 1.9.3-p484. Here is a sample installation of ruby using rbenv:

git clone https://github.com/sstephenson/rbenv.git ~/.rbenv
git clone https://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.profile
echo 'eval "$(rbenv init -)"' >> ~/.profile
. ~/.profile
rbenv install 1.9.3-p484
rbenv global 1.9.3-p484

###4. Ruby Bundler Gem Installation The bundler gem is required to install prerequisite gems for the Administration UI.

gem install bundler --no-rdoc --no-ri

Refresh the rbenv shims:

rbenv rehash

###5. Clone the Admin-UI code base.

git clone https://github.com/owaism/admin-ui.git

###6. Install Administration UI

cd admin-ui
bundle install

###7. Change Default Configurations

Default configurations are in config/default.yml. Make a copy before you change this file.

1. Change ccdb_uri to reflect the CC DB that has been brought up in Amazon RDS. This CC DB would be generally be a MySql DB. The ccdb_uri would be of format:

{protocol}://{db-user}:{db-user-password}@{host}:{port}/{db-name}

Example:

mysql2://u9fd93sdafc1a6:p3bb3f0fsdf234cccc7057ce4f@ccdb.c3z1rksdfafe.us-east-1.rds.amazonaws.com:3306/ccdb

Always use mysql2 and not mysql.

2. Similarly change uaadb_uri
3. Change cloud_controller_uri to point to your cloud controller which would be like http://api.<subdomain>.<domain>.com
4. Set cloud_controller_ssl_verify_none to true if you are using http or https with self signed cert.
5. Point db_uri to file location on the newly created instance which exists. For example by default it would be: sqlite:///data/store.db. Make sure that there is a directory /data on your instance and the user with which you will start adminui later on has write access on this directory.
6. Change mbus to point to the nat_zx machine. The format is nats://{nats_user}:{nats_password}@{private_ip_of_nats_machine}:4222 {nats_user}: This is the user you specified in the CF deployment manifest. {nats_password}: This is the password that you specified for the nats user in the cf deployment manifest. {private_ip_of_nats_machine}: You can get this from AWS console.
7. Change the admin_ui_client_secret to a password that you would like

###8. Starting Admin UI

Start Admin UI as a background process. For this do the following:

# starts a new shell session with name adminui
$screen -S adminui

# In the new shell start the admin ui
$ruby bin/admin

The output will be similar to below:

$ ruby bin/admin


AdminUI files...
  data:  data/data.json
  log:   admin_ui.log
  stats: sqlite:///data/store.db

Once started you can detach the screen session without stopping the foreground process by hitting CTRL-A and CTRL-B in quick succession.

You can always reattach to the same session by executing the below command:

$screen -r adminui

###9. Add route from port 80 to port 8070 This is required to access admin ui without providing a port. On Ubuntu you can do this by executing:

sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 8070

###10. Create UAA group and user

You need to create a group for admin ui and you need to add this group to a user so that the user can access the admin ui. You can execute the below set of commands from any machine that has uaac gem installed. Its better if you do it from your local machine.

# Target your bosh-lite UAA and get the 'admin' token
uaac target http://uaa.{subdomain}.{domain}.com
uaac token client get admin -s admin-secret

# Add 'scim.write' if not already there and re-get token
uaac client update admin --authorities "`uaac client get admin | \
    awk '/:/{e=0}/authorities:/{e=1;if(e==1){$1="";print}}'` scim.write"
uaac token client get admin -s admin-secret

# Create a new group and add the 'admin' user to it
uaac group add admin_ui.admin
uaac member add admin_ui.admin admin

# Create the new UAA admin_ui_client
uaac client add admin_ui_client \
 --authorities cloud_controller.admin,cloud_controller.read,cloud_controller.write,openid,scim.read \
 --authorized_grant_types authorization_code,client_credentials,refresh_token \
 --autoapprove true \
 --scope admin_ui.admin,admin_ui.user,openid \
 -s {admin_ui_secret}

###11. Access the Admin UI

1. Go the following url to access the Admin UI: http://{public-IP}/.
2. Use the user that you created above to access the UI.