4.3 KiB
4.3 KiB
Goal
Setup a metabase instance via docker with https support and a professional Deployment Pipeline
Questions
- Separate Reverse Proxy or local Web Server enough??
- Exisiterende SSL Zertifikate nutzen?
- Kriege ich irgendwie Zugang?
20250311
- How many users?
- What is the old db software? Maybe we can reuse it? Are there backups of the old database ?
- DNS Verwaltung
- is the metabase version a requirement?
Meeting-20250311
Teilnehmer: Lukas Maas, Milos Nikolic, Petar Cubela
Answers
- DB: MySQL. Backup dump exist.
- Version needs to be 0.49.18
- 20 people
- Existing certs
- Use Reverse Proxy
- I will get access to the machines
My Time/ Steps
- Databse Instance MySQL (0.5h -1h)
- Metabase (.50 h)
- VM R2verse Proxy (.50 h)
- Find and Test the recreation of the data/dashboard database (metabase.db/) (1-2h)
- write overwivew network setup (ip address, open ports in firewall, metabase.discopharma.de -> public ip ) (1h)
- Recreate in discopharma setup: (2-3h)
- dns setup properly
- network setup properly
- creation of the VMs (oeither discopharma or me)
- Installation process (db exist, docker deployment of metabase, reverse proxy)
- Test
List of requirements regarding Metabase deployment (discopharma)
- Find or create backup of Metabase Dashboard data within Docker image on the old machine (marketplace image that was compromised, or a previous image of it)
- Solution architecture that obeys to best practices of security, so that
- DISCO employees can connect to a DISCO-internal metabase application using a web browser and the URL “metabase.discopharma.de”
- The application is not exposed to the public
- All connections to the application are encrypted (https)
- Solution architecture that includes a
- Productive instance (highest priority)
- Development/sandbox instance (lower priority)
- A process to deploy upgrades of the application (lower priority)
- Metabase version 0.49.18
Requirements
- properly configured and firewalled google cloud; VMs should only be able to communicate via private IPs!
- VM in google cloud for the metabase instance; Public IP address, port 80 and 443 forwarded; 1 cores, 2GB RAM (depends on user number)
- VM in google cloud for the metabase database instance; Private IP address; 1 cores, 1GB RAM (depends on user number); PostgreSQL
- Use existing SSL certs(??) with web server/reverse proxy like nginx/traefik/etc
Software
- Debian 12
- Docker
- Metabase
- PostgreSQL
- Traefik/Nginx (depends)
Notes
20250311
-
Run separate database (PostgreSQL) and application server instances
Metabase application server size
- Metabase needs at least 1 core and 1GB of RAM
- For every 20 concurrent people it needs 1CPU and 2GB of RAM
Metabase application database server size
- Database needs at least 1 core and 2GB of RAM
- For every 40 concurrent people it needs 1CPU and 1GB of RAM
docker-compose.yml example
services:
metabase:
image: metabase/metabase:latest
container_name: metabase
hostname: metabase
restart: unless-stopped
volumes:
- /dev/urandom:/dev/random:ro
- "./metabase-db:/metabase.db"
- ./plugins:/plugins
ports:
- 3000:3000
environment:
JAVA_TIMEZONE: Europe/Berlin
MB_DB_FILE=/metabase.db
MB_DB_TYPE: postgres
MB_DB_DBNAME: metabase
MB_DB_PORT: 5432
MB_DB_USER_FILE: /run/secrets/db_user
MB_DB_PASS_FILE: /run/secrets/db_password
MB_DB_HOST: postgres
networks:
- metanet1
secrets:
- db_password
- db_user
healthcheck:
test: curl --fail -I http://localhost:3000/api/health || exit 1
interval: 15s
timeout: 5s
retries: 5
postgres:
image: postgres:latest
container_name: postgres
hostname: postgres
restart: unless-stopped
environment:
POSTGRES_USER_FILE: /run/secrets/db_user
POSTGRES_DB: metabase
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
networks:
- metanet1
secrets:
- db_password
- db_user
networks:
metanet1:
driver: bridge
secrets:
db_password:
file: db_password.txt
db_user:
file: db_user.txt