Scenario with Five Nodes

By adminUncategorized

The only supported installation method in a production environment, particularly for large production systems, is Carbonio Multi-Server because it is more scalable in the event that the infrastructure grows and because Carbonio Mesh automatically sets up and secures communication across all nodes while also adding fault detection and dynamic routing between infrastructure components.

In the hypothetical situation, we’ll build up a Carbonio Multi-Server environment with five nodes (designated SRV1, SRV2, SRV3, and SRV5) as follows:

  1. Directory Server, Carbonio Mesh, a DB connection, and Carbonio Monitoring are all included in SRV1, which serves as the foundation of Carbonio’s infrastructure.
  2. The SRV2 package comes with MTA, the mail server, Proxy, which gives online access to all components, and User Management.
  3. SRV3 hosts an AppServer and a Carbonio Advanced instance.
  4. SRV4 installs Carbonio Files & Carbonio Docs, which enable document collaboration and sharing, as well as Carbonio Preview, which enables users to view snippets or thumbnails of a document
  5. SRV5 comes with the Carbonio VideoServer and Video Recording.\

In our case, six nodes running Ubuntu 20.04 LTS are used to launch the Carbonio installation. The only command that differs is the one used to install packages; all other commands used to setup the nodes are the same. The instructions apply to six nodes that have RHEL 8 installed on them.

We also suppose that each node has the IP address 172.16.0.1X, where X is the n-th node. That is to say, IP addresses will fall between 172.16.0.11 (SRV1) and 172.16.0.15 (Carbonio VideoServer). When manually modifying configuration files during installation or upgrade processes, these settings will be utilised.

Installing a Replica Directory Server in a Master/Slave configuration for increased dependability and load-balancing is beneficial in the majority of Multi-Server scenarios. In a separate part, we go over how to install the replica on SRV7, a special node (which has to have the same OS as the other Nodes). The same process may be used to install the Replica on any node other than SRV1 however.
Carbonio can only be installed in a multi-server environment. The Hardware Requirements and Software Requirements listed below must be met by each Node. Firewall Ports, on the other hand, must only be opened on the Node that hosts the associated service. For instance, only the Node hosting the Carbonio Admin Panel has to have port 6071 (protected access to the Admin Panel) accessible. To stop unauthorised access, the appropriate port can be closed if a service is not installed. Ports 110 and 995, for instance, can be blocked if POP3/POPS access is not permitted.
The hardware specifications that must be met for each node are listed below. Because the space needs for the data might vary greatly, the disc space specified in the table only pertains to the Operating System and not the data (e-mail quota and traffic, number of documents kept, etc.).

Additionally, keep in mind the following:
  • The node needing extra disc space is the one hosting Carbonio Advanced (SRV3) and hence the emails.
  • Make sure the node hosting it (SRV4) has at least 6GB of RAM as the Carbonio Files service needs 4GB of RAM to start.
  • It is challenging to predict how much more storage would be needed for the video recording capability in advance. In fact, it relies on a number of variables, such as the quantity of participants and the number of webcams that are active throughout the recording, as well as the recording’s size and other characteristics. In general, a recording of an hour at a resolution of 1280×720 at a frame rate of 25 would use about 400MB of disc space in the webm format.
For the sake of illustration, let’s assume that each of the 150 users has a 5GB limit, meaning that SRV3 requires 780GB of disc space (30GB for the OS and 750GB for user quotas combined).
Software specifications
Only 64-bit CPUs are supported by Carbonio, which may be deployed on top of any stock RHEL 8 or Ubuntu 20.04 LTS Server Edition setup.

Before making an attempt to install Carbonio, the following conditions must be met.
  1. At least one public IP address must be present throughout the whole Carbonio system. The IP address must be linked to a domain name that matches the A record in the DNS (for example, A mail.example.com).
  2. To allow the mail server to receive mail, it will be necessary to set up an MX record, which must correspond to the A record (e.g. MX: example.com = mail.example.com ) If either of the A or MX records is not correctly configured, the installation will be temporarily suspended to allow the change of the hostname. See the dedicated box below for details and examples. For improved security of sending emails, you should also define TXT records for SPF, DKIM and DMARC Python 3, latest version available on the Operating System chosen Perl, latest version available on the Operating System chosen IPv6 must be disabled. Make also sure that the /etc/hosts does not contain any IPv6 entrie
When it becomes available, support for more distributions will be notified in due time.

Specific Requirements for RHEL 8
Before trying the installation, you must complete these procedures if you intend to install Carbonio on RHEL 8.
Additional Requirements 
  • It’s required to be familiar with CLI use. Unless otherwise specified, all carbonio commands must be issued as the root user, and all other commands must be issued as the zextras user (these commands will contain a zextras$ prompt).
  • Give the nodes interesting names. Use names like mta.example.com, proxy.example.com, and so on. Simply substitute your domain name for example.com.
  • In order to set up the subsequent nodes, you will need to remember a few configuration settings and their values throughout the installation process. These details are summarised at the conclusion of the installation of each node; copy them to a secure location and keep them nearby until the installation is complete. Examples of values are a node’s public or private IP address or a database user’s password.
  • The ports indicated in ref:fw-ports must be opened in your firewall for all the services you will provide, depending on the Roles configured on each Node.
  • If none of the nodes are connected to the Internet, you must forward two ports from the public IP: port 25/smtp to the node with the MTA (SRV2) in order to receive mail, and port 443/https to the node with the proxy (SRV2) in order to enable users to access their webmail from a distance.
  • You should also route these ports appropriately if you intend to allow additional protocols (such POP and IMAP). A list is available in the section on Firewall Ports. If you don’t require these protocols, don’t open these ports!
  • Additionally, port 6071, which is used to access the Carbonio Admin Panel, should never be made publicly available on the Internet and should only be accessible through a VPN tunnel or other similar techniques.
  • The same rule applies to SSH access to the Nodes: only internal and administration networks should be able to use it, and any distant access must be made over a VPN tunnel or similar means.
  • Each Node’s hostname has to be a FQDN that can be internally resolved via DNS.
Ports on a firewall
Network communication on particular ports must be permitted in order for Carbonio to function effectively.
All nodes must have access to the ports indicated in the Internal Connections, but only the node with the relevant Role installed needs access to the ports mentioned in the External Connections. For instance, only the node hosting the Proxy Role should have port 443 exposed.

All ports indicated in a table must be opened exclusively on the Node on which the Role is installed since ports in Internal and External connections are grouped according to the Roles thavt require them.
introductory tasks
Perform the next two steps on each of the six nodes before beginning the installation itself.
Installation of Nodes
The proposed order of nodes as stated in the scenario is followed during installation. A few points:
  • The general process is the same for both Ubuntu and RHEL 8, but the specific commands and file paths may vary between the two operating systems. As a result, be careful to perform the right command on the right files and operating system. The instructions that are different are divided as shown below. According to the operating system you’re installing Carbonio.v on, select the Ubuntu or RHEL tab.
  • The root user must be used to run all the commands that are listed in this installation method.
  • Following a successful installation, you may use a browser to view Carbonio’s graphical user interface (GUI) by following the instructions in Section view to the Web Interface.
SRV1: Carbonio Mesh, Directory Server, Database Connection, and Carbonio Monitoring
Follow the Roles listed in the panel above to install the first Node: install PostgreSQL and configure the database connection first, then boot up Carbonio, configure Carbonio Mesh, and lastly set up the Carbonio Files database.

the setup of PostgreSQL
To store and keep track of all the items it needs to handle, Carbonio uses a variety of databases. In a few simple steps, the primary database may be setup.
We begin by creating a strong password for the administrator account of PostgreSQL.
Give a password of your choosing, which will be kept in the DB_ADM_PWD variable and used during the entire process. It’s crucial to note that only the current terminal’s root user has access to the password. It is locked out and will be erased after you log out. However, keep in mind that you will need it for the following step. You may also manually remove it using the proper command.
You’ll need it for the rest of the process and may need it in the future, so make sure to update the password with a strong one of your choosing and keep it safely (ideally using a password manager). DB_ADM_PWD will be used to identify this password.

The database creation process is the next phase.
Finally, execute these instructions to provide the other nodes access to the databases that will be kept on this node.

Installation of Packages
  1. Install these packages from the primary repository.
Setup and configuration of pgpool
The following actions need be taken to configure pgpool.
  1. Setup pgpool
  2. Make Pgpool-II configurable by using the following command.
  3. Use these commands to restart the service after ensuring it is enabled.
Carbonio Bootstrap
The bootstrap command will carry out certain setup operations for the node. When the process is finished, a menu will appear, and if everything has already been established, all you need to do is click Y to confirm.
Configure Carbonio Mesh
To enable communication between Carbonio and its parts, Carbonio Mesh is necessary. Commands are used to interactively generate the configuration.
This instruction will:
  • the IP address and the netmask
  • In order to install, administer, and use the administrative GUI, you must have the Carbonio Mesh secret. For additional details, go to Section Carbonio Mesh Administration Interface.
MESH_SECRET will be used to refer to this password throughout the manual.
You can regenerate Carbonio Mesh Secret in the event that the password is forgotten or the credential file is damaged and rendered useless.
  • Keep the setup in the file cluster-credentials.tar.gpg at /etc/zextras/service-discover
Run to complete the installation of Carbonio Mesh.
Carbonio Bootstrap Databases
Use the Postgres user set up on SRV1 and the password specified in the preceding stages.

Advanced Carbonio Files for Carbonio
The installation of Carbonio Docs for SRV1 is now complete. Remove the administrator user’s password from memory to prevent others from viewing it:
MTA, Proxy, and User Management for SRV2
The setup of Node 2 include installing the MTA, Proxy, and user management Roles, as well as Carbonio, and configuring Memcached and Carbonio Mesh.

To configure the MTA, the following actions must be taken.
Carbonio Bootstrap.
the Carbonio bootstrap procedure to begin
You must supply these values during the procedure, which you may do by retrieving them from SRV1.
  • The FQDN of SRV1, srv1.example.com, is LDA master host.
  • The command is used to acquire the Ldap Admin password from SRV1.
  • bind the postfix password Using the command, SRV1 returns the ldap user.
  • bind amavis password Using the command, SRV1 returns the ldap user.
  • SRV1 is queried for the bind password for the nginx ldap user using the command
  • Configure Carbonio Mesh
  • The agent for Carbonio Mesh will be installed; it will connect to and communicate with the server. By using the launching command, the agent’s configuration is built
  • demand the current Node’s IP address and netmask.
Request the Carbonio Mesh secret from the SRV1 server, which is located in the file /var/lib/service-discover/password.

Run the subsequent command when the setup has been finished successfully, this time using the secret.
Activate Memcached
Use the zextras user’s instructions to allow Memcached access:
Carbonio Advanced (AppServer), SRV3.
The AppServer and Carbonio Advanced instance are installed on the third node, and much like the previous node, Carbonio is booted up along with Carbonio Mesh and Memcached settings.
Setup Packages
Carbonio Bootstrap
the Carbonio bootstrap procedure to begin
You must supply these values during the procedure, which you may do by retrieving them from SRV1.
The FQDN of SRV1, srv1.example.com, is LDA master host.
The command is used to acquire the Ldap Admin password from SRV1.
Configure Carbonio Mesh
The agent for Carbonio Mesh will be installed; it will connect to and communicate with the server. By using the launching command, the agent’s configuration is built.
This instruction will:
  • demand the current Node’s IP address and netmask.
  • Request the Carbonio Mesh secret from the SRV1 server, which is located in the file /var/lib/service-discover/password.
Run the subsequent command when the setup has been finished successfully, this time using the secret.
The configuration of Carbonio Mesh and Memcached, as well as the bootstrapping of Carbonio, are required for the fourth node.
installation of the Bootstrap Carbonio package.
the Carbonio bootstrap procedure to begin
You must supply these values during the procedure, which you may do by retrieving them from SRV1.
The FQDN of SRV1, srv1.example.com, is LDA master host.
The command is used to acquire the Ldap Admin password from SRV1.
Configure Carbonio Mesh
The agent for Carbonio Mesh will be installed; it will connect to and communicate with the server. By using the launching command, the agent’s configuration is built.
This instruction will:
demand the current Node’s IP address and netmask.
Request the Carbonio Mesh secret from the SRV1 server, which is located in the file /var/lib/service-discover/password.
Run the subsequent command when the setup has been finished successfully, this time using the secret.
Specify Memcached
The variables nginx_lookup_servers_full_path_urls and memcached_server_full_path_urls, which are one after the other, towards the conclusion of the file, must be set in order for Carbonio Preview to function properly.
Make certain to:
  • Line 1’s https protocol and the AppServer’s IP address (172.16.0.13 for SRV3) are both shown.
  • Be sure to provide the port that Preview uses, 7072, in line 1.
  • Line 2 of the script specifies SRV2’s IP address (172.16.0.12), allowing access to Memcached, which is installed on the Proxy Node.
SRV5: VideoServer and Video Recording for Carbonio
Setting up the Carbonio VideoServer
The Carbonio VideoServer may be set up without the ability to record videos. If you want to accomplish this, simply follow the steps below, skipping the installation of the video recording stage. It may always be installed at a later time by using the steps mentioned
Install the Carbonio VideoServer package first.
Make that the Carbonio VideoServer public IP address is included in the configuration file /etc/janus/janus.jcfg after installation (i.e., the one that will accept incoming connections to the Carbonio VideoServer) and add it if necessary: nat_1_1_mapping may be found and added by searching for it, for instance: nat_1_1_mapping = “93.184.216.34”.

Finally, use the instructions to activate and start the service.
installing a video recording system
Install the package to put this functionality into effect.
If deployed alongside the Carbonio VideoServer, the video-recording capability is activated by default and does not require configuration. However, if installed later, certain explicit commands are necessary. For instructions, please see Section Recording a Video Meeting.

The recorded sessions will be kept on SRV3 in the directory /var/lib/videorecorder/ since recording needs a Node with the AppServer (i.e., one with the carbonio-advanced package installed) in order to function. Verify that the directory has enough free space before attempting to save any recorded movies.
Carbonio Bootstrap.
the Carbonio bootstrap procedure to begin
You must supply these values during the procedure, which you may do by retrieving them from SRV1.
The FQDN of SRV1, srv1.example.com, is LDA master host.
The command is used to acquire the Ldap Admin password from SRV1.
Configure Carbonio Mesh
The agent for Carbonio Mesh will be installed; it will connect to and communicate with the server. By using the launching command, the agent’s configuration is built.
This instruction will:
  • demand the current Node’s IP address and netmask.
  • Request the Carbonio Mesh secret from the SRV1 server, which is located in the file /var/lib/service-discover/password.
Run the subsequent command when the setup has been finished successfully, this time using the secret.
Management and troubleshooting for Carbonio
System tools like systemctl and journalctl, which the carbonio service smoothly connects with, make it possible to analyse the situation and look for potential issues more quickly.
Since the syntax is the same as that used by systemctl, you may use it to start, stop, or check the status of each Carbonio unit as well as to read the logs that each unit produces.
With the command below, you may get a list of all Carbonio-related units (and their state), then use only the unit you want to access to check, start, or stop it.
Open the licence
The final step before the installation is finished is to activate the Carbonio licence. To do this, perform the following command as the zextras user, substituting TOKEN with your licence token.
 Installation finished

Following the instructions in the section under “Access to the Web Interface,” Carbonio may now be used when the installation is complete.

Change the Global Admin’s password immediately, as described in the section titled Manage Global Administrators.

The installation is finished at this stage. Make sure to complete all of the post-installation activities specified in section Post-Installation activities before you can begin using Carbonio.
Tasks after Installation
The zextras user’s password has to be changed as a first step. This is a very crucial step since the password for this user has to be strong because they have complete control over all Carbonio functions. In the section Manage Global Administrators, you can find further information as well as the command to change the password.

Enter the user zextras@example.com and the newly modified password to access the Carbonio Admin Panel using the Proxy Node’s IP address or hostname at https://srv2.example.com:6071/ after changing the password.

If the login process is successful, navigate to Domains, choose example.com, and then under General Settings, specify:

Setting the Public Server Host Name to https://mail.example.com

The Public Service Port, with a 443 setting.
The URL that users must access to use Carbonio’s functionalities is represented by these two variables added together.
Configuration of centralised logging
The log system used by Carbonio, rsyslog, supports a centralised setup. This means that all log files generated by Carbonio can be sent to a single host server (referred to as the “Log Server”) that has been properly set up to receive log files.

We choose to use SRV1 as the log server in the procedures that follow.
Organise the world’s administrators
Enter these two commands while logged in as the zextras user to a shell terminal in order to modify the password that the zextras@example.com user uses to access the Web. With the second, you can truly change the password whereas the first enables you to switch to the zextras user.
Make sure newpassword complies with sound security standards.
You may create a new Global Admin using the Carbonio Admin Panel; for instructions, see the section Create New Global Admin.

Leave a Reply

Your email address will not be published. Required fields are marked *