Jump to content

Guidelines:DualHost: Difference between revisions

From Sahana Eden Wiki
← Older edit
Dominic (talk | contribs)
architect, maintainer
166 edits
Dominic (talk | contribs)
architect, maintainer
166 edits
 
(One intermediate revision by the same user not shown)
Line 21: Line 21:
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host. In these places, replace the designation with the respective IP address.
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host. In these places, replace the designation with the respective IP address.


Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain'''. Make a note of these details, too:
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain'''.


<pre>
== Setting Up Eden Account ==
FQDN eden.example.com
Hostname eden
Domain example.com
</pre>


This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).
Login to the DB Host and create a user account for Eden:


== Preparing the Servers ==
<syntaxhighlight lang="bash">
adduser eden
</syntaxhighlight>


First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:
Use <code>visudo</code> to add the following lines to the ''sudoers'' configuration:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost
# User rules for eden
eden ALL=(ALL) NOPASSWD:ALL
</syntaxhighlight>
</syntaxhighlight>


Leave the password empty, as the private key is to be used by the ''edenctl'' script.
This will allow Eden to become ''root'' without password.
 
== Configuring Key-based Login ==


This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:
On your local machine, generate a new RSA key pair:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp
ssh-keygen -t rsa -m PEM -b 4096 -f eden -C "eden"
</syntaxhighlight>
</syntaxhighlight>


Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:
'''''Note:''' Leave the password empty as this key is to be used for script automation''
 
This will generate two files, ''eden'' (=private key) and ''eden.pub'' (=public key), in the current directory. Install the public key on the DB Host:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
cat eden.pub | ssh eden@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
</syntaxhighlight>
</syntaxhighlight>


Login to the App Host:
Copy the private key to the App Host:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
ssh -i serveradm serveradm@<apphost-public-ip>
scp eden admin@<apphost-public-ip>:/tmp
</syntaxhighlight>
</syntaxhighlight>


Make yourself <code>root</code> and move the private key into a secure location:
Login to the App Host and store the key in a safe location:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
sudo su -
sudo su -
mv /tmp/apphost ~/.ssh/apphost
cp /tmp/eden ~/.ssh
chown root.root ~/.ssh/apphost
chown root.root ~/.ssh/eden
chmod 600 ~/.ssh/apphost
chmod 600 ~/.ssh/eden
</syntaxhighlight>
</syntaxhighlight>


Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:
Verify that you can use this key to SSH-login from the App Host to the DB Host (via private IP), as user ''eden'':


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip>
ssh -i ~/.ssh/eden eden@<dbhost-private-ip>
</syntaxhighlight>
</syntaxhighlight>


== Installing PostgreSQL ==
== PostgreSQL ==


On the DB Host, make yourself <code>root</code>:
=== Installing PostgreSQL ===
 
On the DB Host, make yourself ''root'':


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
Line 89: Line 94:
</syntaxhighlight>
</syntaxhighlight>


=== Configure Host-based Access ===
=== Configuring Host-based Access ===


You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):
Line 114: Line 119:
Logout from the DB Host, going back to the App Host.
Logout from the DB Host, going back to the App Host.


== Setting Up Eden ==
== Eden ==
 
=== Installing Release Package ===


Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:
Line 124: Line 131:


'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''
'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''
Login to the App Host and make yourself ''root'':
<syntaxhighlight lang="bash">
sudo su -
</syntaxhighlight>


Install the package:
Install the package:
Line 131: Line 144:
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb
</syntaxhighlight>
</syntaxhighlight>
=== Configuring DB Host ===


Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:
Line 136: Line 151:
<syntaxhighlight lang="bash" line>
<syntaxhighlight lang="bash" line>
DBHOST=<dbhost-private-ip>
DBHOST=<dbhost-private-ip>
DBHOST_USER=serveradm
DBHOST_USER=eden
DBHOST_KEY=/root/.ssh/apphost
DBHOST_KEY=/root/.ssh/eden
</syntaxhighlight>
</syntaxhighlight>
=== Setup with Edenctl ===


After that, you can set up the Eden instance as usual:
After that, you can set up the Eden instance as usual:

Latest revision as of 07:52, 4 February 2026

All Deployment Guidelines

Dual Host Setup

  • new in Eden-6.2 (not yet released)

In certain situations, you may want to deploy Eden with the database on a separate host. Follow these steps for Debian/Linux:

Prerequisites and Terminology

This guideline assumes that you have two hosts running on Debian/Linux - we will use the App Host and DB Host designations here to distinguish between the two.

Further, we assume that each host has a public IP (exposed to the internet) and a private IP (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this: 

apphost-public-ip 000.000.000.000
apphost-private-ip 000.000.000.000
dbhost-public-ip 000.000.000.000
dbhost-private-ip 000.000.000.000

...so that you have them readily at hand when walking through this guide. We will use designations like <apphost-public-ip>, for instance, to refer to the public IP of the App Host. In these places, replace the designation with the respective IP address.

Make sure that you have a DNS A-record set up for the public IP of the App Host, e.g. in the FQDN (fully qualified domain name) "eden.example.com", the "eden" part constitutes the hostname, and "example.com" the domain.

Setting Up Eden Account

Login to the DB Host and create a user account for Eden: 

adduser eden

Use visudo to add the following lines to the sudoers configuration: 

# User rules for eden
eden ALL=(ALL) NOPASSWD:ALL

This will allow Eden to become root without password.

Configuring Key-based Login

On your local machine, generate a new RSA key pair: 

ssh-keygen -t rsa -m PEM -b 4096 -f eden -C "eden"

Note: Leave the password empty as this key is to be used for script automation

This will generate two files, eden (=private key) and eden.pub (=public key), in the current directory. Install the public key on the DB Host: 

cat eden.pub | ssh eden@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Copy the private key to the App Host: 

scp eden admin@<apphost-public-ip>:/tmp

Login to the App Host and store the key in a safe location: 

sudo su -
cp /tmp/eden ~/.ssh
chown root.root ~/.ssh/eden
chmod 600 ~/.ssh/eden

Verify that you can use this key to SSH-login from the App Host to the DB Host (via private IP), as user eden: 

ssh -i ~/.ssh/eden eden@<dbhost-private-ip>

PostgreSQL

Installing PostgreSQL

On the DB Host, make yourself root: 

sudo su -

Then install PostgreSQL and PostGIS: 

apt-get update
apt-get install -y postgresql-17 postgresql-17-postgis-3

Configuring Host-based Access

You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file /etc/postgresql/17/main/pg_hba.conf, adding the following lines at the end (using the private IP of the App Host): 

# Eden App Host
host    all    all    <apphost-private-ip>/32   md5

Note: if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.

Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file /etc/postgresql/17/main/postgresql.conf, and modify the listen_address setting, adding the private IP of the DB Host: 

listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;

Finally, restart PostgreSQL: 

systemctl restart postgresql

Logout from the DB Host, going back to the App Host.

Eden

Installing Release Package

Copy the Eden DEB-package to the App Host - either using scp from your local machine, or wget to fetch it from GitHub, e.g.: 

cd /tmp
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb

Note: The actual location and name of the package depends on the release - check on GitHub for the latest available package.

Login to the App Host and make yourself root: 

sudo su -

Install the package: 

apt-get update
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb

Configuring DB Host

Create a file /etc/sahana/dbhost.conf, with the details of the DB Host, so that edenctl can login there: 

DBHOST=<dbhost-private-ip>
DBHOST_USER=eden
DBHOST_KEY=/root/.ssh/eden

Setup with Edenctl

After that, you can set up the Eden instance as usual: 

edenctl setup

Eventually, start the Eden instance with: 

edenctl start
Retrieved from "https://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&oldid=273"