The interaction of a cluster with a database instance hosted by a third-party service provider is a classic illustration of external service integration. Carbonio Mesh is used to deploy in circumstances like this one with Carbonio.
Situation & Conditions
In our example scenario, a Carbonio Multi-Server installation with the following components is used:
- one or more Nodes for Carbonio Files
- One cluster node, maybe distinct from the Carbonio Files Nodes, was chosen as the terminating gateway
- Carbonio Files utilises a PostgreSQL database, which is either
- Unrelated to the Carbonio infrastructure is a server
- Remotely hosted by an outside service
Although certain instructions near the conclusion of the setup require access to the database node, for the most part, the configuration requires access to the command line on the terminating gateway because the process includes manual file editing and running commands.
Finally, remember your cluster credential password since token creation requires it.
Let’s begin the process by installing Carbonio Files after setting up Carbonio Mesh.
Setup and security
A few actions must be taken to finish the initial setup.
- Make a special user.
- Establish policies. The Carbonio Files database, carbonio-files-db, is the service that has to be routed in our case, hence Carbonio Mesh must be informed of this. Create a directory to house all of the configuration first.
- After that, paste this text into the file /etc/carbonio/gateway/service-discover/policies.json.Let the consul finally pick up the new policy.
- Export a fresh bootstrap token, which enables access to consul’s APIs and the ability to run commands. Run the following command and then provide the cluster credential password to retrieve the bootstrap token.
- Create a new token that will be the only one required to interface with the external database and is linked to the policy.
What the External Service Means
We describe both the external service and how the terminating gateway may access it and grant Carbonio Files nodes access to it since the terminating gateway has to be aware of the precise location of the remote service in order to function properly.
Although there is currently no CLI command for this, we can use the APIs instead. Make a file called carbonio-files-db-external.json in the directory /etc/carbonio/gateway/service-discover.
the external service should then be registered by sending a curl request.
It is time to inform Carbonio Mesh of the list of services that can utilise the terminating gateway now that the terminating gateway and the service have been defined and registered.
Put the following code, which designates a carbonio-gateway as a terminating gateway for the carbonio-files-db service, in the file /etc/carbonio/gateway/service-discover/gateway-config.hcl to do this.
The file mentioned above has two items that are commented; these entries are optional and need not be supplied at all in the setup.
an SSL certificate that is particular to the service. In most cases, unless a highly specific and complicated situation is set up, this is not essential. Consul is responsible for encrypting all communication between nodes and with external resources; since services and clients communicate with it through localhost, it is secure for them to do so. Before leaving the node, all data received from consul on localhost are instantly SSL-encrypted.
In order to avoid name mismatch, the Server Name Indication is an extra security measure on top of TLS. When a client request is received, the web server might not yet know which specific domain the client is trying to access because the HTTPS TSL/SSL handshake takes place before the client sends the actual HTTP request for the domain in the typical scenario where a single web server hosts multiple domains, each with its own SSL certificate. The client can end up receiving the incorrect certificate as a result, breaking the secure connection. This issue may be avoided by using an SNI since it enables the domain name to be sent during the SSL/TSL handshake.
Setting up the carbonio-files-db
- provide the database name
- Configure the username and password
Installing Carbonio Files Nodes
- On each Proxy Node, install the carbonio-files-ui package.
Take Services Out of the Catalogue
- Delete the configuration file and stop the systemd unit service
- Remove the gateway settings.