This section explains how to set up a Carbonio CE Multi-Server, or distributed Carbonio installation, where each node takes on one or more roles.
We propose an installation scenario that may be tailored to the various demands of Carbonio CE customers that employ a varying number of nodes, as opposed to providing fixed installation instructions with certain functionality deployed on each node. As a result, we provide the concept of Role, which is a Carbonio CE utility that is thought of as atomic and is composed of one or more packages.
The situation we describe below may be changed at any time by putting a Role on a different node (or even on a dedicated node) of the cluster because a Role can be deployed on any node of the cluster.
Scenario with Four Nodes
In the recommended scenario, we’ll build up a Carbonio CE Multi-Server environment with four nodes (which we’ll refer to as SRV1, SRV2, SRV3, and SRV4) in the manner described below:
- Directory Server, Carbonio Mesh, a DB connection, and Carbonio Monitoring are all included in SRV1, which serves as the foundation of Carbonio CE.
- MTA, the mail server, Proxy, which enables all components to be accessed over the web, and User Management are all included with SRV2.
- An AppServer and a Carbonio Storages CE instance are hosted by SRV3.
- Carbonio Files & Carbonio Docs, which allow document sharing and collaborative editing, as well as Carbonio Preview, which allows users to examine excerpts or thumbnails of a document, are installed by SRV4.
Within a Carbonio CE architecture, the Carbonio Storages CE Roles must be distinct.
In our example, we begin Carbonio CE installation from 4 nodes outfitted with either RHEL 8 or Ubuntu 20.04 LTS. Only the procedures for installing packages are different from the instructions; the commands for configuring the nodes remain the same.
We also suppose that each node has the IP address 172.16.0.1X, where X is the n-th node. To put it another way, IP addresses will fall between 172.16.0.11 (SRV1) and 172.16.0.14 (SRV4). When manually modifying configuration files during installation or upgrade processes, these settings will be utilised.
Installing a Replica Directory Server in a Master/Slave configuration for increased dependability and load-balancing is beneficial in the majority of Multi-Server scenarios. The process to install the Replica on a specific node, designated as SRV7 (which must be outfitted with the same OS as the other Nodes), is covered in detail in a separate section.
The same process may be used to install the Replica on any node other than SRV1 however.
Requirements For a Carbonio CE setup that serves about 150 users, the Multi-Server scenario shown in the preceding section is advised.
The hardware specifications that must be met for each node are listed below. Because the space needs for the data might vary greatly, the disc space specified in the table only pertains to the Operating System and not the data (e-mail quota and traffic, number of documents kept, etc.).
Additionally, keep in mind the following:
- The node needing extra disc space is the one hosting Carbonio Storages CE (SRV3) and therefore the emails.
- Make sure the node hosting it (SRV4) has at least 6GB of RAM as the Carbonio Files service needs 4GB of RAM to start.
For the sake of illustration, let’s assume that each of the 150 users has a 5GB limit, meaning that SRV3 requires 780GB of disc space (30GB for the OS and 750GB for user quotas combined).
Each Node in a Multi-Server installation must meet both the Additional Requirements and the Software Requirements for a Node.
Make sure that each node complies with the RHEL 8 Specific Requirements before installing on RHEL 8.
The prerequisites listed below must all be met for Carbonio CE to function properly.
- When none of the four nodes are connected to the Internet, you must forward two ports from the public IP: port 25/smtp to the node with the MTA (SRV2) in order to receive mail, and port 443/https to the node with the proxy (SRV2) in order to enable users to use their webmail from a distance.
- If there are issues with internal network connectivity, consider disabling the firewall and giving it another shot; if it succeeds, a firewall rule was probably the cause of the troubles.
- You should also route these ports appropriately if you intend to allow additional protocols (such POP and IMAP). A list is available in the section on Firewall Ports. If you don’t require these protocols, don’t open these ports!
- Additionally, port 6071, which is used to access the Carbonio Admin Panel, should never be made publicly available on the Internet and should only be accessible through a VPN tunnel or other similar techniques.
- The same rule applies to SSH access to the Nodes: only internal and administration networks should be able to use it, and any distant access must be made over a VPN tunnel or similar means.
- Each Node’s hostname has to be a FQDN that can be internally resolved via DNS
introductory tasks
Perform the following actions on each of the six nodes before beginning the installation.
Installation of Nodes
The proposed order of nodes as stated in the scenario is followed during installation.
The general process is the same for both Ubuntu and RHEL 8, but the specific commands and file paths may vary between the two operating systems. As a result, be careful to perform the right command on the right files and operating system. The instructions that are different are divided as shown below. Depending on the Operating System you are installing Carbonio CE on, select the Ubuntu or RHEL tab.
The root user must be used to run all the commands that are listed in this installation method.
Please go to Section System Troubleshooting for useful commands if you run into any problems throughout the installation process.
Following a successful installation, you may use a browser to view Carbonio CE’s GUI by following the instructions in Section view to the Web Interface.
SRV1: Carbonio Mesh, Directory Server, Database Connection, and Carbonio Monitoring
Follow the Roles listed in the panel above to install the first Node: first, install PostgreSQL and configure a database connection; next, run up Carbonio CE; next, configure Carbonio Mesh; and lastly, set up the Carbonio Files database.
To store and keep track of all the items it needs to handle, PostgreSQL Carbonio CE installation uses a number of databases. In a few simple steps, the primary database may be setup.
We begin by creating a strong password for the administrator account of PostgreSQL.
Give a password of your choosing, which will be saved in the $DB_ADM_PWD variable and used during the entire process. It’s crucial to note that only the current terminal’s root user has access to the password. It is locked out and will be erased after you log out. However, keep in mind that you will need it for the following step. You may also manually remove it using the proper command.
You’ll need it for the rest of the process and may need it in the future, so make sure to update the password with a strong one of your choosing and keep it safely (ideally using a password manager). DB_ADM_PWD will be used to identify this password.
The database creation process is the next phase.
Finally, execute these instructions to provide the other nodes access to the databases that will be kept on this node.
Installation of Packages
Install these packages from the primary repository.
Setup and configuration of pgpool
The following actions need be taken to configure pgpool.
- Setup pgpool
- Make Pgpool-II configurable by using the following command.
- Use these commands to restart the service after ensuring it is enabled.
Carbonio Bootstrap CE
The bootstrap command will set up the node and carry out a variety of activities. When the process is finished, a menu will appear, and if everything has already been established, all you need to do is click Y to confirm.
Configure Carbonio Mesh
To enable connectivity between Carbonio CE and its components, Carbonio Mesh is necessary. Commands are used to interactively generate the configuration.
This instruction will:
- the IP address and the netmask
- In order to install, administer, and use the administrative GUI, you must have the Carbonio Mesh secret. For additional details, go to Section Carbonio Mesh Administration Interface.
MESH_SECRET will be used to refer to this password throughout the manual.
You can regenerate Carbonio Mesh Secret in the event that the password is forgotten or the credential file is damaged and rendered useless.
Keep the setup in the file cluster-credentials.tar.gpg at /etc/zextras/service-discover
Run Bootstrap Carbonio Files Database to finish installing Carbonio Mesh.
SRV1 installation is now complete. Remove the administrator user’s password from memory to prevent someone else from viewing it:
MTA, Proxy, and User Management for SRV2
The installation of Node 2 entails the setup of Carbonio CE, Carbonio Mesh, and Memcached as well as the installation of MTA, Proxy, and user management Roles.
To configure the MTA, the following actions must be taken.
Launch the Carbonio bootstrapping procedure.
You must supply these values during the procedure, which you may do by retrieving them from SRV1.
- The FQDN of SRV1, srv1.example.com, is LDA master host.
- The command is used to acquire the Ldap Admin password from SRV1.
- SRV1 is queried for the postfix ldap user’s binding password using the command
- SRV1 is queried for the bind password for the amavis ldap user using the command
- SRV1 is queried for the bind password for the nginx ldap user using the command
Configure Carbonio Mesh
The agent for Carbonio Mesh will be installed; it will connect to and communicate with the server. By using the launching command, the agent’s configuration is built.
This instruction will:
- demand the current Node’s IP address and netmask.
- Request the Carbonio Mesh secret from the SRV1 server, which is located in the file /var/lib/service-discover/password.
Run the subsequent command when the setup has been finished successfully, this time using the secret.
Activate Memcached
Use the zextras user’s instructions to allow Memcached access:
SRV3: Carbonio Storages CE and AppServer
The AppServer and the Carbonio Storages CE instance are installed on the third node, and much like the previous node, Carbonio CE is booted up and Carbonio Mesh and Memcached are configured.
Carbonio Bootstrap
the Carbonio bootstrap procedure to begin
You must supply these values during the procedure, which you may do by retrieving them from SRV1.
- The FQDN of SRV1, srv1.example.com, is LDA master host.
- The command is used to acquire the Ldap Admin password from SRV1.
Configure Carbonio Mesh
The agent for Carbonio Mesh will be installed; it will connect to and communicate with the server. By starting command, the agent’s configuration is produced.
This instruction will:
- demand the current Node’s IP address and netmask.
- Request the Carbonio Mesh secret from the SRV1 server, which is located in the file /var/lib/service-discover/password.
Run the subsequent command when the setup has been finished successfully, this time using the secret.
The configuration of Carbonio Mesh and Memcached, as well as the bootstrapping of Carbonio CE, are required for the fourth and final node.
installation of the Bootstrap Carbonio package.
the Carbonio bootstrap procedure to begin
You must supply these values during the procedure, which you may do by retrieving them from SRV1.
- The FQDN of SRV1, srv1.example.com, is LDA master host.
- The command is used to acquire the Ldap Admin password from SRV1.
Configure Carbonio Mesh
The agent for Carbonio Mesh will be installed; it will connect to and communicate with the server. By using the launching command, the agent’s configuration is built.
This instruction will:
- demand the current Node’s IP address and netmask.
- Request the Carbonio Mesh secret from the SRV1 server, which is located in the file /var/lib/service-discover/password.
Run the subsequent command when the setup has been finished successfully, this time using the secret.
Specify Memcached
The variables nginx_lookup_servers_full_path_urls and memcached_server_full_path_urls, which are one after the other, towards the conclusion of the file, must be set in order for Carbonio Preview to function properly.
Make certain to:
- Line 1’s https protocol and the AppServer’s IP address (172.16.0.13 for SRV3) are both shown.
- Be sure to provide the port that Preview uses, 7072, in line 1.
- Line 2 of the script specifies SRV2’s IP address (172.16.0.12), allowing access to Memcached, which is installed on the Proxy Node.
The installation is finished at this stage. As long as you have adhered to all the instructions in Section ref:web-access, you can access the Carbonio Admin Panel using the zextras users.
Configuration of centralised logging
The log system used by Carbonio CE is rsyslog, which supports a centralised setup. As a result, all log files generated by Carbonio CE can be sent to a single host server (referred to as the “Log Server”) that has been properly set up to receive log files.
We choose to use SRV1 as the log server in the procedures that follow
Organise the world’s administrators
Enter the command in a shell terminal while logged in as the zextras user to update the password that the zextras@example.com user uses to access the Web.
Make sure newpassword complies with sound security standards.
You may create a new Global Admin using the Carbonio Admin Panel; for instructions, see the section Create New Global Admin.