Setup
This section includes information that helps you set up the external dependencies and the host environments for running the LabScale services. The instructions below are for an AWS based platform and require the following:
- EC2 instance (Recommend Ubuntu)
- Docker Engine
- yq utility
- Elastic Container Registry
- Simple Email Service
- S3
- Install Docker Engine
- IAM user
- Doman and SSL Certificates
Install Docker Engine
LabScale services are running in the docker environments, to install the docker engine, follow the instructions in the Docker doc Install Docker Engine
Install Unzip and the AWS CLI
Install Unzip which is necessary for installing the AWS tools.
sudo apt install unzip
Install the AWS CLI tools.
Install yq
yq is a command-line tool for parsing YAML, JSON, etc. The LabScale shell scripts use it to read the LabScale YAML config. Follow the instructions on the github mikefarah/yq to install it.
Create AWS IAM Users
LabScale services use AWS services for some of their functionalities, these include
- Private Elastic Container Registry owned by LabScale to host the service Docker images. Users will use a service runner IAM user to authenticate and authorize the image pull requests.
- S3 owned by the users to store their own artifacts, such as testing results, logs, Device Integration Packages(DIPs), etc.
- Simple Email Service to send emails.
As a result, you will need to create an IAM users in your AWS account and set up the SMTP credentials:
-
Service Runner (
service-runner): This is the IAM user for pulling private LabScale docker images and interact with S3. After creating the IAM user, please put its credentials into$HOME/.aws/credentialson the host running the LabScale services, and set the AWS region in$HOME/.aws/config. Please also share the Amazon Resource Names of it with LabScale for permission setup.Click for IAM Permission Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ECRLogin",
"Effect": "Allow",
"Action": ["ecr:GetAuthorizationToken"],
"Resource": "*"
},
{
"Sid": "ECRPull",
"Effect": "Allow",
"Action": [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability"
],
"Resource": "arn:aws:ecr:*:417632557299:repository/*"
},
{
"Sid": "S3Object",
"Effect": "Allow",
"Action": ["s3:PutObject", "s3:GetObject", "s3:DeleteObject"],
"Resource": "arn:aws:s3:::*/*"
},
{
"Sid": "S3Bucket",
"Effect": "Allow",
"Action": ["s3:PutBucketAcl", "s3:CreateBucket", "s3:PutBucketCORS"],
"Resource": "arn:aws:s3:::*"
}
]
}Click for Format of
$HOME/.aws/credentials[default]
aws_access_key_id = <replace_me>
aws_secret_access_key = <replace_me>Click for Format of
$HOME/.aws/config[default]
region = us-west-2warningBe sure that the file permissions on the credentials and config files allow for read access to all users.
noteOnce the
service-runnerIAM user has been created, it's AWS ARN must be provided to LabScale in order to grant the user permission to the LabScalefiles.labscale.comS3 bucket. -
SMTP Credentials: Follow the instructions Obtaining Amazon SES SMTP credentials to create the SMTP credentials and keep the username and password, which will be used in the Run stage later. The username will be set in the
webapp.envconfig and the password should be put into$HOME/.labscale/secrets/smtp-pwd.
Obtain Domain and SSL Certificates
LabScale Web UI requires a domain for redirection and uses the subdomain in the URL to differentiate the team resources. Therefore, the following items are needed:
- A domain.
- A wildcard DNS record (e.g., *.labscale.com).
- A wildcard SSL certificate to secure the connection.
There are various solutions available, and the following instructions are provided as an example.
- Obtain a domain from a domain name registrar
- Use Let’s Encrypt (CA) and
Certbot (client) to manage (obtain and auto-renew)
the certificates.
- The certificates will be in /etc/letsencrypt/live/$domain
- Change the permission of the directory to 0755
chmod 0755 /etc/letsencrypt/{live,archive}(doc)