Today I have built a RavenDB 4.0 cluster that spanned over 3 machines. This post is to document the process needed to build and secure the cluster on Ubuntu 16.x using Digital Ocean droplets with custom SSL certificates.
This is a completely manual process from creating the user, setting ravendb settings.json and setting LetsEncrypt certificates.
Digital Ocean Droplets
Let’s start by creating 3 droplets with the following spec:
- Ubuntu 16.x operating system
- 2GB Ram, 1 vCPU, 50GB SSD
You can choose to increase the specs as you require. However, for RavenDB community, license 3 vCPU are included in the community license. Any more are not available unless you have a paid license. https://ravendb.net/buy
For this demo, we will be using LetsEncrypt ssl certificate for each of the nodes in the cluster.
However, you could use your own paid wildcard ssl certificates without any change in the process outlined here.
The easiest way to acquire LetsEncrypt ssl certificate is to use this service here. https://www.sslforfree.com
If you are not using a wildcard certificate, you will need to obtain a certificate for each ravendb node you have in the cluster. You are required to have an active and valid domain name for this process.
Go through this process of validating the sub-domain names and downloading the certificate files.
Once you downloaded the certificates, you must generate a PFX file to be able to use the certificates with RavenDB.
Use openssl to generate the PFX file. On windows 10, run “bash” to get a bash command line, which have openssl already installed.
Navigate to the location of the extracted certificates. I placed mine somewhere easy and simple to get to “c:\temp\certs”
openssl pkcs12 -export -out “certificate_combined.pfx” -inkey “private.key” -in “certificate.crt” -certfile ca_bundle.crt
provide an export password for your newly created pfx file.
You should now have a file called “certificate_combined.pfx”.
Go ahead and import this PFX file in your system by double clicking on the file name (you will need this for later use).
You can verify you have everything right, open “Manage user certificates”
Now that we have done the initial preparation from setting up the droplets to generating the SSL certificate, we can move on to the actual installation and configuration of RavenDB.
This process will need to be repeated on each node in the cluster.
Step 1 – Login
Digital Ocean would have sent you an email for each droplet with username and password. I am using Putty to SSH to the droplet and change the password.
Step 2 – Upload Certificate
Use WinSCP to upload the PFX certificate. Login using the same credentials used for Putty and upload the PFX file to root directory.
Step 3 – Run Bash file
I have written installation bash script that run through the process of downloading ravendb binaries, installing them, configuring the service, etc.
Please DO NOT run script files from the internet without reading them first .
You can find it at https://github.com/Sarmaad/ravendb-cluster
Back to Putty, while you are at the root directory, clone the repository:
cmd> git clone https://github.com/sarmaad/ravendb-cluster
This will download the latest stable scripts from github. Then run the following commands:
cmd> cd ravendb-cluster/ubuntu
cmd> chmod +x install.sh
cmd> ./install.sh db01.sarmaad.com /root/certificate_combined.pfx password123!
This script will prepare your environment, download ravendb linux packages (currently version RavenDB-4.0.3-patch-40033-linux-x64 *at the time of writing*) and configure ravendb settings with the correct certificate details and data folder location.
After the scripts completes successfully, make sure to add your FQDN/sub-domain in hosts file so ravendb service can bind to the correct domain.
cmd> echo “220.127.116.11 db01.sarmaad.com” >> /etc/hostsChange the IP address and sub-domain to match your droplet!
Then start ravendb service by executing:
cmd> systemctl start ravendb
Check the logs to make sure the service started correctly and without any issue:
cmd> tail /var/log/syslog
You are looking for ravendb service started and listening for requests.
This is what you are looking for in the logs for a successful ravendb service installation/running
Step 4 – Test the Node
Type in the sub-domain directly in your browser and test that the browser prompting for client certificate. If you are prompted, then you have successfully installed a ravendb node.
If you have installed the certificate in your system, choose the certificate from the list and access the node.
Repeat these steps in all nodes updating the sub-domain, certificate and ip address.
Now that we have the 3 nodes up and running (db01, db02 and db03) we are going to login to db01 and start the cluster formation.
Get a License
RavenDB community license is for FREE and you can get it here. https://ravendb.net/license/request/community
You will need a license to continue building your cluster.
Once you receive your License, click on “About” menu or the red document icon on the footer bar to navigate to about page.
Click “Register” and copy paste your license details received from Hibernating Rhinos.
After you have registered your license. Click on “Manage Server” -> “Cluster” -> “Add Node to cluster”
Enter the second node you need to add, in this case is: https://db02.sarmaad.com:8080. Make sure to include the HTTPS and Port number.
You can “Test connection” to make sure your servers can reach each other (that is important that each node can reach and communicate with each other).
Then click “Add” button to add this node to cluster.
Repeat these steps for the third node and you are done.
Hopefully this blog helped you answer the question on how to setup ravendb cluster on linux infrastructure and demonstrated that is its not very hard.
Your cluster is not done yet. The topic of securing your droplets, firewalls and access restrictions are not covered here.
The guys at RavenDB done a great job with their documentation https://ravendb.net/docs/article-page/4.0/csharp/
Make sure to take your time to read it and understand how to operate and manage your new found cluster.