Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, app library Integrations
Docs
Stories
News Ask around Schedule a demo Share your story COMPANY The handbook What people are saying
Pricing Try it yourself
{{thisPage.meta.articleTitle}}
search

Deploy Fleet on Cloud.gov

{{articleSubtitle}}

| The author's GitHub profile picture

John Jediny

Share this article on Hacker News Share this article on LinkedIn Share this article on Twitter
Docs Docs REST API REST API Guides Guides Talk to an engineer Talk to an engineer

Deploy Fleet on Cloud.gov

{{articleSubtitle}}

| The author's GitHub profile picture

John Jediny

Deploy Fleet on Cloud.gov (Cloud Foundry)

Deploy Fleet on Cloud.gov

Cloud.gov is a FEDRAMP moderate Platform-as-a-Service (PaaS). This repository includes a sample manifest.yml.example file ready to be pushed and run the latest version of fleetdm as a container. Make a copy of the example file and update the key values as appropriate.

  1. cp manifest.yml.cloudgov.example manifest.yml

  2. Setup a cloud.gov account - https://cloud.gov/docs/getting-started/accounts/

  3. Install the cf-cli - https://cloud.gov/docs/getting-started/setup/

  4. From your local fleetdm source directory.

git clone https://github.com/fleetdm/fleet
cd fleet
cf login -a api.fr.cloud.gov  --sso

# Follow the link to copy the Temporary Authentication Code when prompted
  1. Setup a demo application space
cf target -o sandbox-gsa create-space fleetdm-rename
  1. Create database(s)
# Update manifest.yml file to rename application and database key names to match commands below.

cf marketplace
cf create-service aws-rds medium-mysql fleetdm-mysql
cf create-service aws-elasticache-redis redis-dev fleetdm-redis
cf create-service-key fleetdm-db-rename fleetdm-db-test-key
cf push

You will be returned the URL for your new test instance to navigate to.

An icon indicating that this section has important information

Note: This is only for demonstration purposes, in order to run a production level federal/FISMA system. You will need to contact the cloud.gov program and consult your organization's security team (for risk assessment and an Authority to Operate).

Using jq to map service credentials

Cloud foundry injects an environmental variable $VCAP_SERVICES which is available within the container. fleetdm uses jq to map service injected credentials to the standard fleetdm environment variables. 

{
    "aws-rds": [
        {
            "label": "aws-rds",
            "provider": null,
            "plan": "medium-mysql",
            "name": "fleetdm-db",
            "tags": [
                "database",
                "RDS"
            ],
            "instance_guid": "guid",
            "instance_name": "fleetdm-db",
            "binding_guid": "guid",
            "binding_name": null,
            "credentials": {
                "db_name": "db_name",
                "host": "host",
                "name": "name",
                "password": "password",
                "port": "3306",
                "uri": "mysql://username:password@hostname:port/db_name",
                "username": "username"
            },
            "syslog_drain_url": null,
            "volume_mounts": []
        }
    ],
    "aws-elasticache-redis": [
        {
            "label": "aws-elasticache-redis",
            "provider": null,
            "plan": "redis-dev",
            "name": "fleetdm-redis",
            "tags": [
                "redis",
                "Elasticache",
                "AWS"
            ],
            "instance_guid": "guid",
            "instance_name": "fleetdm-redis",
            "binding_guid": "guid",
            "binding_name": null,
            "credentials": {
                "current_redis_engine_version": "version",
                "host": "host",
                "hostname": "hostname",
                "password": "password",
                "port": "port",
                "uri": "redis://:address:port"
            },
            "syslog_drain_url": null,
            "volume_mounts": []
        }
    ]
}