Deploy Fleet on Cloud.gov (Cloud Foundry)

This article was archived on May 16, 2024, and may be outdated. Check out Deploy Fleet for our recommended deployment method.

Cloud.gov is a FEDRAMP moderate Platform-as-a-Service (PaaS). This repository includes a sample manifest.yml.example file ready to be pushed and run the latest version of fleetdm as a container. Make a copy of the example file and update the key values as appropriate.

1. cp manifest.yml.cloudgov.example manifest.yml

2. Setup a cloud.gov account - https://cloud.gov/docs/getting-started/accounts/

3. Install the cf-cli - https://cloud.gov/docs/getting-started/setup/

4. From your local fleetdm source directory.

git clone https://github.com/fleetdm/fleet
cd fleet
cf login -a api.fr.cloud.gov  --sso

# Follow the link to copy the Temporary Authentication Code when prompted

5. Setup a demo application space

cf target -o sandbox-gsa create-space fleetdm-rename

6. Create database(s)

# Update manifest.yml file to rename application and database key names to match commands below.

cf marketplace
cf create-service aws-rds medium-mysql fleetdm-mysql
cf create-service aws-elasticache-redis redis-dev fleetdm-redis
cf create-service-key fleetdm-db-rename fleetdm-db-test-key
cf push

You will be returned the URL for your new test instance to navigate to.

Note: This is only for demonstration purposes, in order to run a production level federal/FISMA system. You will need to contact the cloud.gov program and consult your organization's security team (for risk assessment and an Authority to Operate).

Using jq to map service credentials

Cloud foundry injects an environmental variable $VCAP_SERVICES which is available within the container. fleetdm uses jq to map service injected credentials to the standard fleetdm environment variables.

{
    "aws-rds": [
        {
            "label": "aws-rds",
            "provider": null,
            "plan": "medium-mysql",
            "name": "fleetdm-db",
            "tags": [
                "database",
                "RDS"
            ],
            "instance_guid": "guid",
            "instance_name": "fleetdm-db",
            "binding_guid": "guid",
            "binding_name": null,
            "credentials": {
                "db_name": "db_name",
                "host": "host",
                "name": "name",
                "password": "password",
                "port": "3306",
                "uri": "mysql://username:password@hostname:port/db_name",
                "username": "username"
            },
            "syslog_drain_url": null,
            "volume_mounts": []
        }
    ],
    "aws-elasticache-redis": [
        {
            "label": "aws-elasticache-redis",
            "provider": null,
            "plan": "redis-dev",
            "name": "fleetdm-redis",
            "tags": [
                "redis",
                "Elasticache",
                "AWS"
            ],
            "instance_guid": "guid",
            "instance_name": "fleetdm-redis",
            "binding_guid": "guid",
            "binding_name": null,
            "credentials": {
                "current_redis_engine_version": "version",
                "host": "host",
                "hostname": "hostname",
                "password": "password",
                "port": "port",
                "uri": "redis://:address:port"
            },
            "syslog_drain_url": null,
            "volume_mounts": []
        }
    ]
}