]
This commit is contained in:
Petar Cubela
149
archive/discopharma/Meetings/20250310-Next_Steps.md
Normal file
149
archive/discopharma/Meetings/20250310-Next_Steps.md
Normal file
@@ -0,0 +1,149 @@
|
||||
## Goal
|
||||
|
||||
Setup a metabase instance via docker with https support and a professional Deployment Pipeline
|
||||
|
||||
## Questions
|
||||
|
||||
- Separate Reverse Proxy or local Web Server enough??
|
||||
- Exisiterende SSL Zertifikate nutzen?
|
||||
- Kriege ich irgendwie Zugang?
|
||||
|
||||
### 20250311
|
||||
|
||||
- How many users?
|
||||
- What is the old db software? Maybe we can reuse it? Are there backups of the old database ?
|
||||
- DNS Verwaltung
|
||||
- is the metabase version a requirement?
|
||||
|
||||
## Meeting-20250311
|
||||
|
||||
Teilnehmer: Lukas Maas, Milos Nikolic, Petar Cubela
|
||||
|
||||
### Answers
|
||||
|
||||
- DB: MySQL. Backup dump exist.
|
||||
- Version needs to be 0.49.18
|
||||
- 20 people
|
||||
- Existing certs
|
||||
- Use Reverse Proxy
|
||||
- I will get access to the machines
|
||||
|
||||
### My Time/ Steps
|
||||
|
||||
1. Databse Instance MySQL (0.5h -1h)
|
||||
2. Metabase (.50 h)
|
||||
3. VM R2verse Proxy (.50 h)
|
||||
4. Find and Test the recreation of the data/dashboard database (metabase.db/) (1-2h)
|
||||
5. write overwivew network setup (ip address, open ports in firewall, metabase.discopharma.de -> public ip ) (1h)
|
||||
6. Recreate in discopharma setup: (2-3h)
|
||||
1. dns setup properly
|
||||
2. network setup properly
|
||||
3. creation of the VMs (oeither discopharma or me)
|
||||
4. Installation process (db exist, docker deployment of metabase, reverse proxy)
|
||||
5. Test
|
||||
|
||||
## List of requirements regarding Metabase deployment (discopharma)
|
||||
|
||||
1. Find or create backup of Metabase Dashboard data within Docker image on the old machine (marketplace image that was compromised, or a previous image of it)
|
||||
2. Solution architecture that obeys to best practices of security, so that
|
||||
- DISCO employees can connect to a DISCO-internal metabase application using a web browser and the URL “metabase.discopharma.de”
|
||||
- The application is not exposed to the public
|
||||
- All connections to the application are encrypted (https)
|
||||
3. Solution architecture that includes a
|
||||
- Productive instance (highest priority)
|
||||
- Development/sandbox instance (lower priority)
|
||||
- A process to deploy upgrades of the application (lower priority)
|
||||
4. Metabase version 0.49.18
|
||||
|
||||
## Requirements
|
||||
|
||||
- properly configured and firewalled google cloud; VMs should only be able to communicate via private IPs!
|
||||
- VM in google cloud for the metabase instance; Public IP address, port 80 and 443 forwarded; 1 cores, 2GB RAM (depends on user number)
|
||||
- VM in google cloud for the metabase database instance; Private IP address; 1 cores, 1GB RAM (depends on user number); PostgreSQL
|
||||
- Use existing SSL certs(??) with web server/reverse proxy like nginx/traefik/etc
|
||||
|
||||
## Software
|
||||
|
||||
- Debian 12
|
||||
- Docker
|
||||
- Metabase
|
||||
- PostgreSQL
|
||||
- Traefik/Nginx (depends)
|
||||
|
||||
## Notes
|
||||
|
||||
### 20250311
|
||||
- <https://www.metabase.com/learn/metabase-basics/administration/administration-and-operation/metabase-in-production#metabase-application-server-size>
|
||||
|
||||
- Run separate database (PostgreSQL) and application server instances
|
||||
|
||||
#### Metabase application server size
|
||||
|
||||
- Metabase needs at least 1 core and 1GB of RAM
|
||||
- For every 20 concurrent people it needs 1CPU and 2GB of RAM
|
||||
|
||||
#### Metabase application database server size
|
||||
|
||||
- Database needs at least 1 core and 2GB of RAM
|
||||
- For every 40 concurrent people it needs 1CPU and 1GB of RAM
|
||||
|
||||
|
||||
## docker-compose.yml example
|
||||
|
||||
```yml
|
||||
services:
|
||||
metabase:
|
||||
image: metabase/metabase:latest
|
||||
container_name: metabase
|
||||
hostname: metabase
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /dev/urandom:/dev/random:ro
|
||||
- "./metabase-db:/metabase.db"
|
||||
- ./plugins:/plugins
|
||||
ports:
|
||||
- 3000:3000
|
||||
environment:
|
||||
JAVA_TIMEZONE: Europe/Berlin
|
||||
|
||||
MB_DB_FILE=/metabase.db
|
||||
MB_DB_TYPE: postgres
|
||||
MB_DB_DBNAME: metabase
|
||||
MB_DB_PORT: 5432
|
||||
MB_DB_USER_FILE: /run/secrets/db_user
|
||||
MB_DB_PASS_FILE: /run/secrets/db_password
|
||||
MB_DB_HOST: postgres
|
||||
networks:
|
||||
- metanet1
|
||||
secrets:
|
||||
- db_password
|
||||
- db_user
|
||||
healthcheck:
|
||||
test: curl --fail -I http://localhost:3000/api/health || exit 1
|
||||
interval: 15s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
postgres:
|
||||
image: postgres:latest
|
||||
container_name: postgres
|
||||
hostname: postgres
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_USER_FILE: /run/secrets/db_user
|
||||
POSTGRES_DB: metabase
|
||||
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
|
||||
networks:
|
||||
- metanet1
|
||||
secrets:
|
||||
- db_password
|
||||
- db_user
|
||||
networks:
|
||||
metanet1:
|
||||
driver: bridge
|
||||
secrets:
|
||||
db_password:
|
||||
file: db_password.txt
|
||||
db_user:
|
||||
file: db_user.txt
|
||||
|
||||
```
|
||||
Reference in New Issue
Block a user