Jump to content

Guidelines:DualHost: Difference between revisions

From Sahana Eden Wiki
Dominic (talk | contribs)
architect, maintainer
166 edits
Created page with "== Dual Host Setup == In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux: === Terminology === This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''AppHost''' and '''DBHost''' designations here to distinguish between the two. Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only). Thus, a..."
 
Dominic (talk | contribs)
architect, maintainer
166 edits
 
(18 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Dual Host Setup ==
[[Guidelines:Deployment|All Deployment Guidelines]]


In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux:
= Dual Host Setup =
* ''new in Eden-6.2 (not yet released)''


=== Terminology ===
In certain situations, you may want to deploy Eden with the database on a separate host. Follow these steps for Debian/Linux:


This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''AppHost''' and '''DBHost''' designations here to distinguish between the two.
== Prerequisites and Terminology ==


Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only). Thus, a designation like ''apphost-public-ip'', for instance, refers to the public IP of the AppHost. In some intranet setups, public IP and private IP may be the same.
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.


Make sure that you have a '''DNS A-record''' set up for the public IP of the AppHost, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain'''.
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note  of the IPs, like this:


Preparing the Servers
<pre>
apphost-public-ip 000.000.000.000
apphost-private-ip 000.000.000.000
dbhost-public-ip 000.000.000.000
dbhost-private-ip 000.000.000.000
</pre>


''tbc''
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host. In these places, replace the designation with the respective IP address.
 
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain'''.
 
== Setting Up Eden Account ==
 
Login to the DB Host and create a user account for Eden:
 
<syntaxhighlight lang="bash">
adduser eden
</syntaxhighlight>
 
Use <code>visudo</code> to add the following lines to the ''sudoers'' configuration:
 
<syntaxhighlight lang="bash">
# User rules for eden
eden ALL=(ALL) NOPASSWD:ALL
</syntaxhighlight>
 
This will allow Eden to become ''root'' without password.
 
== Configuring Key-based Login ==
 
On your local machine, generate a new RSA key pair:
 
<syntaxhighlight lang="bash">
ssh-keygen -t rsa -m PEM -b 4096 -f eden -C "eden"
</syntaxhighlight>
 
'''''Note:''' Leave the password empty as this key is to be used for script automation''
 
This will generate two files, ''eden'' (=private key) and ''eden.pub'' (=public key), in the current directory. Install the public key on the DB Host:
 
<syntaxhighlight lang="bash">
cat eden.pub | ssh eden@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
</syntaxhighlight>
 
Copy the private key to the App Host:
 
<syntaxhighlight lang="bash">
scp eden admin@<apphost-public-ip>:/tmp
</syntaxhighlight>
 
Login to the App Host and store the key in a safe location:
 
<syntaxhighlight lang="bash">
sudo su -
cp /tmp/eden ~/.ssh
chown root.root ~/.ssh/eden
chmod 600 ~/.ssh/eden
</syntaxhighlight>
 
Verify that you can use this key to SSH-login from the App Host to the DB Host (via private IP), as user ''eden'':
 
<syntaxhighlight lang="bash">
ssh -i ~/.ssh/eden eden@<dbhost-private-ip>
</syntaxhighlight>
 
== PostgreSQL ==
 
=== Installing PostgreSQL ===
 
On the DB Host, make yourself ''root'':
 
<syntaxhighlight lang="bash">
sudo su -
</syntaxhighlight>
 
Then install PostgreSQL and PostGIS:
 
<syntaxhighlight lang="bash">
apt-get update
apt-get install -y postgresql-17 postgresql-17-postgis-3
</syntaxhighlight>
 
=== Configuring Host-based Access ===
 
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):
 
<syntaxhighlight lang="bash">
# Eden App Host
host    all    all    <apphost-private-ip>/32  md5
</syntaxhighlight>
 
'''''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.''
 
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the <code>listen_address</code> setting, adding the private IP of the DB Host:
 
<syntaxhighlight lang="python">
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;
</syntaxhighlight>
 
Finally, restart PostgreSQL:
 
<syntaxhighlight lang="bash">
systemctl restart postgresql
</syntaxhighlight>
 
Logout from the DB Host, going back to the App Host.
 
== Eden ==
 
=== Installing Release Package ===
 
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:
 
<syntaxhighlight lang="bash">
cd /tmp
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb
</syntaxhighlight>
 
'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''
 
Login to the App Host and make yourself ''root'':
 
<syntaxhighlight lang="bash">
sudo su -
</syntaxhighlight>
 
Install the package:
 
<syntaxhighlight lang="bash">
apt-get update
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb
</syntaxhighlight>
 
=== Configuring DB Host ===
 
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:
 
<syntaxhighlight lang="bash" line>
DBHOST=<dbhost-private-ip>
DBHOST_USER=eden
DBHOST_KEY=/root/.ssh/eden
</syntaxhighlight>
 
=== Setup with Edenctl ===
 
After that, you can set up the Eden instance as usual:
 
<syntaxhighlight lang="bash">
edenctl setup
</syntaxhighlight>
 
Eventually, start the Eden instance with:
 
<syntaxhighlight lang="bash">
edenctl start
</syntaxhighlight>

Latest revision as of 07:52, 4 February 2026

All Deployment Guidelines

Dual Host Setup

  • new in Eden-6.2 (not yet released)

In certain situations, you may want to deploy Eden with the database on a separate host. Follow these steps for Debian/Linux:

Prerequisites and Terminology

This guideline assumes that you have two hosts running on Debian/Linux - we will use the App Host and DB Host designations here to distinguish between the two.

Further, we assume that each host has a public IP (exposed to the internet) and a private IP (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this: 

apphost-public-ip 000.000.000.000
apphost-private-ip 000.000.000.000
dbhost-public-ip 000.000.000.000
dbhost-private-ip 000.000.000.000

...so that you have them readily at hand when walking through this guide. We will use designations like <apphost-public-ip>, for instance, to refer to the public IP of the App Host. In these places, replace the designation with the respective IP address.

Make sure that you have a DNS A-record set up for the public IP of the App Host, e.g. in the FQDN (fully qualified domain name) "eden.example.com", the "eden" part constitutes the hostname, and "example.com" the domain.

Setting Up Eden Account

Login to the DB Host and create a user account for Eden: 

adduser eden

Use visudo to add the following lines to the sudoers configuration: 

# User rules for eden
eden ALL=(ALL) NOPASSWD:ALL

This will allow Eden to become root without password.

Configuring Key-based Login

On your local machine, generate a new RSA key pair: 

ssh-keygen -t rsa -m PEM -b 4096 -f eden -C "eden"

Note: Leave the password empty as this key is to be used for script automation

This will generate two files, eden (=private key) and eden.pub (=public key), in the current directory. Install the public key on the DB Host: 

cat eden.pub | ssh eden@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Copy the private key to the App Host: 

scp eden admin@<apphost-public-ip>:/tmp

Login to the App Host and store the key in a safe location: 

sudo su -
cp /tmp/eden ~/.ssh
chown root.root ~/.ssh/eden
chmod 600 ~/.ssh/eden

Verify that you can use this key to SSH-login from the App Host to the DB Host (via private IP), as user eden: 

ssh -i ~/.ssh/eden eden@<dbhost-private-ip>

PostgreSQL

Installing PostgreSQL

On the DB Host, make yourself root: 

sudo su -

Then install PostgreSQL and PostGIS: 

apt-get update
apt-get install -y postgresql-17 postgresql-17-postgis-3

Configuring Host-based Access

You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file /etc/postgresql/17/main/pg_hba.conf, adding the following lines at the end (using the private IP of the App Host): 

# Eden App Host
host    all    all    <apphost-private-ip>/32   md5

Note: if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.

Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file /etc/postgresql/17/main/postgresql.conf, and modify the listen_address setting, adding the private IP of the DB Host: 

listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;

Finally, restart PostgreSQL: 

systemctl restart postgresql

Logout from the DB Host, going back to the App Host.

Eden

Installing Release Package

Copy the Eden DEB-package to the App Host - either using scp from your local machine, or wget to fetch it from GitHub, e.g.: 

cd /tmp
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb

Note: The actual location and name of the package depends on the release - check on GitHub for the latest available package.

Login to the App Host and make yourself root: 

sudo su -

Install the package: 

apt-get update
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb

Configuring DB Host

Create a file /etc/sahana/dbhost.conf, with the details of the DB Host, so that edenctl can login there: 

DBHOST=<dbhost-private-ip>
DBHOST_USER=eden
DBHOST_KEY=/root/.ssh/eden

Setup with Edenctl

After that, you can set up the Eden instance as usual: 

edenctl setup

Eventually, start the Eden instance with: 

edenctl start
Retrieved from "https://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&oldid=273"