Incorporating External Services

The interaction of a cluster with a database instance hosted by a third-party service provider is a classic illustration of external service integration. Carbonio Mesh is used to deploy in circumstances like this one with Carbonio.

Situation & Conditions

In our example scenario, a Carbonio Multi-Server installation with the following components is used:

one or more Nodes for Carbonio Files
One cluster node, maybe distinct from the Carbonio Files Nodes, was chosen as the terminating gateway
Carbonio Files utilises a PostgreSQL database, which is either
Unrelated to the Carbonio infrastructure is a server
Remotely hosted by an outside service

Although certain instructions near the conclusion of the setup require access to the database node, for the most part, the configuration requires access to the command line on the terminating gateway because the process includes manual file editing and running commands.

Finally, remember your cluster credential password since token creation requires it.

Let’s begin the process by installing Carbonio Files after setting up Carbonio Mesh.

Setup and security

A few actions must be taken to finish the initial setup.

Make a special user.
Establish policies. The Carbonio Files database, carbonio-files-db, is the service that has to be routed in our case, hence Carbonio Mesh must be informed of this. Create a directory to house all of the configuration first.
After that, paste this text into the file /etc/carbonio/gateway/service-discover/policies.json.Let the consul finally pick up the new policy.
Export a fresh bootstrap token, which enables access to consul’s APIs and the ability to run commands. Run the following command and then provide the cluster credential password to retrieve the bootstrap token.
Create a new token that will be the only one required to interface with the external database and is linked to the policy.

What the External Service Means

We describe both the external service and how the terminating gateway may access it and grant Carbonio Files nodes access to it since the terminating gateway has to be aware of the precise location of the remote service in order to function properly.

Although there is currently no CLI command for this, we can use the APIs instead. Make a file called carbonio-files-db-external.json in the directory /etc/carbonio/gateway/service-discover.

the external service should then be registered by sending a curl request.

Services Scheduling

It is time to inform Carbonio Mesh of the list of services that can utilise the terminating gateway now that the terminating gateway and the service have been defined and registered.

Put the following code, which designates a carbonio-gateway as a terminating gateway for the carbonio-files-db service, in the file /etc/carbonio/gateway/service-discover/gateway-config.hcl to do this.

The file mentioned above has two items that are commented; these entries are optional and need not be supplied at all in the setup.

CAFile

an SSL certificate that is particular to the service. In most cases, unless a highly specific and complicated situation is set up, this is not essential. Consul is responsible for encrypting all communication between nodes and with external resources; since services and clients communicate with it through localhost, it is secure for them to do so. Before leaving the node, all data received from consul on localhost are instantly SSL-encrypted.

SNI

In order to avoid name mismatch, the Server Name Indication is an extra security measure on top of TLS. When a client request is received, the web server might not yet know which specific domain the client is trying to access because the HTTPS TSL/SSL handshake takes place before the client sends the actual HTTP request for the domain in the typical scenario where a single web server hosts multiple domains, each with its own SSL certificate. The client can end up receiving the incorrect certificate as a result, breaking the secure connection. This issue may be avoided by using an SNI since it enables the domain name to be sent during the SSL/TSL handshake.

Once the file has been saved, restart systemd to inform it of the updated unit file before enabling the new carbonio-gateway service.

Setting up the carbonio-files-db

The carbonio-files-db-bootstrap script typically handles the configuration of the database, which involves sending the DB credentials to Carbonio Mesh and creating the DBs. However, this action must be carried out manually using these commands on the terminating gateway because the carbonio-files-db package is not installed.

provide the database name
Configure the username and password

Let’s now log in to the database node, where a postgres superuser has to be created. In this illustration, we give the user the password ScrtPsw9872. Use a strong password of your choosing, and be sure to.

To access the database directly, first log in as the postgres user and launch the CLI client.

Then run the scripts below to create the user.

Exit the client after finishing.

Installing Carbonio Files Nodes

In a Multi-Server, the installation of Carbonio Files is slightly different from the typical one. Make sure in particular that no nodes have the package carbonio-files-db installed after installation. In fact, in our circumstance, the external service instead of that package provides the database functions. Therefore, you must remove it in order to prevent conflicts.

On each Proxy Node, install the carbonio-files-ui package.

Ubuntu

The final message of the installation will be:

hence, carry out pending preparations

Take Services Out of the Catalogue

It is simple to delete the configuration of the services when the external resource is no longer required, such as when the database is moved within the company’s data centre.

Delete the configuration file and stop the systemd unit service
Remove the gateway settings.

The carbonio-files-db package may now be installed on any node, and the Carbonio Files nodes will have immediate access to it.