Then, in the file /etc/carbonio/gateway/service-discover/policies.json, put the following text.
Finally, the new policy should be picked up by consul.
To function effectively, the terminating gateway must be aware of the precise location of the remote service; hence, we specify both the external service and how the terminating gateway may contact it, as well as how Carbonio Files nodes can access it.
There is currently no CLI command for this, but we can utilise the APIs to do this. Make a file called /etc/carbonio/gateway/service-discover/carbonio-files-db-external.json with the following content:
Then, to register the external service, issue a curl request.
Routing of Services
Now that the terminating gateway and the service have been defined and registered, let Carbonio Mesh know which services can utilise the gateway.
To do so, add the following text to the file /etc/carbonio/gateway/service-discover/gateway-config.hcl, which specifies a carbonio-gateway as a terminating gateway for the carbonio-files-db service.
The above file has two commented entries: they are optional and may not be provided at all in the configuration.
A service-specific SSL certificate. Unless a highly particular and sophisticated scenario is set up, this is typically not essential. Indeed, consul is in responsible of encrypting all traffic between nodes and with external resources: services and clients communicate with consul on localhost, thus they may communicate in plain text with it. Before leaving the node, data received from consul on localhost is instantly SSL-encrypted.
The Server Name Indication (SNI) is an extra layer of security on top of TLS that is used to prevent name mismatches. In the common case where a single web server hosts multiple domains, each with its own SSL certificate, when a client request is received, the web server may not yet know which domain the client is attempting to access because the HTTPS TSL/SSL handshake occurs before the client sends the actual HTTP request for the domain. This may result in the client receiving the incorrect certificate and perhaps terminating the secure connection. Using an SNI overcomes this issue since it allows the domain name to be sent directly during the SSL/TSL handshake.
Make careful to save the settings by running the command below.
At this stage, we are practically finished: Carbonio Mesh setup is complete. Let’s finish up the final few duties.
Create a systemd unit to regulate whether or not the carbonio gateway is enabled, and hence whether or not access to the external DB is permitted. Create the file /lib/systemd/system/carbonio-gateway.service and fill it with the following text.
Reload systemd after saving the file to make it aware of the new unit file, then activate the new carbonio-gateway service.
The carbonio-files-db-bootstrap script is commonly used to configure the database, which involves transferring the DB credentials to Carbonio Mesh and creating the DBs. However, because the carbonio-files-db package is not installed, this action must be completed manually on the terminating gateway using these instructions.
- set the database name
- configure username and password
Now, let’s log in to the database node, where a postgres superuser must be created. In this example, we give the user the password ScrtPsw9872. Make use of a strong password of your choosing.
First, log in as the postgres user and begin a direct connection to the database using the CLI client.
Then run the scripts below to create the user.
Exit the client once you’ve finished.
Installation of Carbonio Files Nodes
Carbonio Files installation differs differently from conventional Multi-Server installation. Make certain that the package carbonio-files-db is not installed on any node after the installation. In our instance, the database capabilities are given by an external service rather than by that package. As a result, you must remove it to avoid conflicts.
Install the carbonio-files-ui package on each Proxy Node.
Install these packages on both Nodes where Carbonio Files will be used. We recommend installing them on the two Stores Nodes.
The installation will conclude with the following message:
As a result, carry out pending-setups.
Take Services Out of Catalogue
When the external resource is no longer required, such as when the database is moved to the company’s data centre, the setup of the services is simple to delete.
Installing the carbonio-files-db package on any node now makes it available to Carbonio Files nodes instantly.
- Stop the systemd unit service and remove the configuration file from the system.
- Uninstall the gateway configuration.