Announcing DoltLab v2.1.0 and its new Installer
We recently released DoltLab v2.1.0, that contains a brand new tool for configuring a DoltLab instance: the installer
. The DoltLab installer
is a single binary that will generate all the assets DoltLab needs to run. For those familiar with previous versions of DoltLab, this is a HUGE improvement.
Prior to the installer
, DoltLab would ship a zip
folder containing a variety of configuration files, templates, and scripts required for DoltLab to run via Docker Compose. Whenever DoltLab administrators needed to make changes to their setup, they'd have to manually edit these files and keep track of what changes they made, as they'd have to also perform these edits again after upgrading their DoltLab instance.
But now, DoltLab's zip
contains only the installer
. It handles all of the asset generation for you in a deterministic way, which is a huge improvement to administrator experience, but also a big change from previous versions of DoltLab. Today were gonna take a deep dive on the installer
and how it can be used to simplify your DoltLab setup moving forward.
Before jumping into the specifics of the installer
and how to use it, I think it's important to have a bit more context about DoltLab, its services, and how they work together in order to demystify some of the assets the installer
generates and how DoltLab will use them. I've written about these services before, but I think a refresher will serve nicely here.
DoltLab Overview
Put simply, DoltLab is a collection of services that run via Docker Compose on a single Linux host. The services that make up DoltLab are the same services (with a few exceptions) that make up DoltHub.com, since DoltLab's services share their code with DoltHub. The following is a break down of the services that comprise DoltLab and their role. Each section will also contains snippets of the base docker-compose.yaml
file that the installer
tool generates in order to run DoltLab using Docker Compose.
DoltLab's Application Database (doltlabdb)
DoltLab's application database is a Dolt server (formerly a PostgreSQL server) that backs DoltLab's main API, DoltLab API (doltlabapi). This database stores DoltLab users, repository (database) metadata, pull requests, credentials and anything else that doltlabapi
needs to perform its various operations or serve to the frontend. It does not store repository (database) data or data from user uploaded files. These are stored on disk in separate Docker volumes, but we will touch more on that later.
The doltlabdb
server image is actually the Dolt SQL Server Docker image called dolthub/dolt-sql-server with the following statements used to initialize the database:
CREATE USER 'dolthubadmin' IDENTIFIED BY '$DOLT_PASSWORD';
CREATE USER 'dolthubapi' IDENTIFIED BY '$DOLTHUBAPI_PASSWORD';
CREATE DATABASE dolthubapi;
GRANT ALL ON *.* TO 'dolthubadmin';
GRANT ALL ON dolthubapi.* TO 'dolthubapi';
This creates an admin role dolthubadmin
and a dolthubapi
role (artifacts of the code that DoltLab shares with DoltHub). The dolthubadmin
role is only used by database administrators when they need to run a shell against the running server. The dolthubapi
role is used by doltlabapi
.
As mentioned above, the installer will produce a docker-compose.yaml
file used to run DoltLab with Docker Compose, and the following section corresponds to the doltlabdb
service:
doltlabdb:
image: public.ecr.aws/dolthub/doltlab/dolt-sql-server:v2.1.0
command: |-
-l debug
environment:
DOLT_PASSWORD: "${DOLT_PASSWORD}"
DOLTHUBAPI_PASSWORD: "${DOLTHUBAPI_PASSWORD}"
networks:
- default
volumes:
- doltlabdb-dolt-data:/var/lib/dolt
- doltlabdb-dolt-root:/.dolt
- doltlabdb-dolt-configs:/etc/dolt
- doltlabdb-dolt-backups:/backups
By default, the server is run with -l debug
, or log level DEBUG
. This is so the server logs contain the queries that were run for easier debugging.
DOLT_PASSWORD
and DOLTHUBAPI_PASSWORD
are configured with environment variables used by the initialization script of the doltlabdb
server and various Docker volumes are mapped to corresponding paths on the container so that data is persisted to disk. You'll see the following section for these volumes in the docker-compose.yaml
file as well:
volumes:
doltlabdb-dolt-backups: {}
doltlabdb-dolt-configs: {}
doltlabdb-dolt-data: {}
doltlabdb-dolt-root: {}
doltlabdb-dolt-data
stores all of the Dolt database data, while doltlabdb-dolt-configs
stores Dolt server configuration files and doltlabdb-dolt-root
contains anything stored at the DOLT_ROOT_PATH
. doltlabdb-dolt-backups
can be used to create file system based backups of the Dolt server, but is otherwise unused by DoltLab.
DoltLab's Main API (doltlabapi)
DoltLab main API server, doltlabapi
, is the powerhouse of DoltLab and by far its most complex service. It is a gRPC service that supports all of the functionality you see on DoltLab including database creation, file importing, searching, pull request merging, and online data editing. This is also the service responsible for emailing users at various times, and thus requires arguments for connecting to an existing SMTP server, but we'll go over that more shortly.
When the service first comes up, it connects to doltlabdb
and is the only service that reads from it and writes to it. After establishing a connection, it then runs a series of database schema migrations. These migrations are the result of new features and bug fixes supported in both DoltLab and DoltHub and are referenced in the schema_migrations
table. Details about the schema migrations executed by doltlabapi
are not crucial for setting up or maintaining a DoltLab instance, but it's important to note that new versions of DoltLab often run new schema migrations against the doltlabdb
. If for some reason those migrations fail, this service will crash and require manual updates to the schema_migrations
table.
The doltlabapi
section of the docker-compose.yaml
file generated by the installer
is by far the largest and most complex section of the file, and will change depending on the installer
arguments supplied.
doltlabapi:
depends_on:
- doltlabdb
- doltlabenvoy
- doltlabfileserviceapi
- doltlabremoteapi
image: public.ecr.aws/dolthub/doltlab/dolthubapi-server:v2.1.0
command: |-
-doltlab
-outboundInternalServiceEndpointHost doltlabenvoy
-iterTokenEncKeysFile /iter_token.keys
-iterTokenDecKeysFile /iter_token.keys
-processAsyncTasks
-port 60051
-noReplyEmail "me@email.com"
-emailAuthMethod plain
-emailHost email.smtp.host.com
-emailPort 587
-emailUsername "${EMAIL_USERNAME}"
-emailPassword "${EMAIL_PASSWORD}"
-emailOauthToken "${EMAIL_OAUTH_TOKEN}"
-defaultUser "admin"
-defaultUserPassword "${DEFAULT_USER_PASSWORD}"
-defaultUserEmail "me@email.com"
-metricsHost "eventsapi.dolthub.com"
-migrateUp
-importJobContainerImage "public.ecr.aws/dolthub/doltlab/file-importer:v2.1.0"
-mergeJobContainerImage "public.ecr.aws/dolthub/doltlab/pull-merge:v2.1.0"
-sqlReadJobContainerImage "public.ecr.aws/dolthub/doltlab/query-job:v2.1.0"
-jobEnvoyHost "doltlabenvoy"
-dolthubWhitelistAllowAll
-doltUser dolthubapi
-doltHost doltlabdb
-doltPort 3306
-remoteApiHostNameOverrideKey "doltlab.dolthub.com:100"
-userImportUploadsFileServiceBrowserHost "http://doltlab.dolthub.com:4321"
-websiteURL "http://doltlab.dolthub.com"
-doltremoteapi.url "doltlab.dolthub.com"
-doltremoteapi.port "50051"
-doltlabRemoteApiHost "doltlab.dolthub.com"
-doltlabRemoteApiPort "50051"
-remoteApiHostNameOverrideValue "doltlabremoteapi:100"
-userImportUploadsFileServiceServerHost "http://doltlabenvoy:4321"
-fileserviceapiServiceEndpoint "http://doltlabenvoy:4321"
environment:
BUILD_SCM_REVISION: "doltlabapi-v2.1.0"
DOLT_DOLTHUBAPI_PASSWORD: "${DOLT_PASSWORD}"
DOLTHUB_METRICS_ENABLED: "true"
DOLTHUBAPI_PASSWORD: "${DOLTHUBAPI_PASSWORD}"
MAILCHIMP_API_KEY: "does_not_work"
MAILCHIMP_LIST_ID: "does_not_work"
STRIPE_API_KEY: "does_not_work"
networks:
- default
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/ubuntu/doltlab/doltlabapi/iter_token.keys:/iter_token.keys
As you can see there's quite a lot going on with doltlabapi
, too much to cover in this blog alone. And prior to DoltLab's installer
, this section would need to be hand edited for configuration changes, yikes!
Anyway, two things to make note of are the volumes mounted to the container. First the Docker socket /var/run/docker.sock
is mounted to the container. This is so that doltlabapi
can deploy DoltLab Jobs, that allow file imports, pull request merges, and large read queries to run as standalone Docker containers.
Second, a local file called doltlabapi/iter_token.keys
, generated by the installer
, is used to encrypt outbound tokens and decrypt inbound tokens produced by doltlabapi
.
Aside from these volumes mounted on the container, all other doltlabapi
configuration options are supplied either by argument or by environment variable, and the installer
is now the main interface for changing these options.
DoltLab Remote API (doltlabremoteapi)
The next service we'll cover, another gRPC
service, is DoltLab's remote service called doltlabremoteapi
. This service manages all the remote data stored on a DoltLab instance.
Let's say a user creates a new database on DoltLab called user1/test
, and they push data to that DoltLab database. The data that they push is not stored in the application database doltlabdb
, but is instead written to disk by doltlabremoteapi
. Similarly, if a different user clones user1/test
, they clone the data (using their Dolt client) through doltlabremoteapi
.
This service is responsible for serving remote data to authorized parties, and performs request authentication by interacting with doltlabapi
. Here's what you'll find in the doltlabremoteapi
section of the docker-compose.yaml
created by the installer
.
doltlabremoteapi:
depends_on:
- doltlabdb
- doltlabenvoy
- doltlabfileserviceapi
image: public.ecr.aws/dolthub/doltlab/doltremoteapi-server:v2.1.0
command: |-
-http-port "100"
-outboundInternalServiceEndpointHost doltlabenvoy
-repoTokenEncKeysFile /iter_token.keys
-repoTokenDecKeysFile /iter_token.keys
-backing-store local
-dir /doltlab-remote-storage
-metricsHost eventsapi.dolthub.com
-backingStoreHostNameOverrideKey ":100"
-doltlab
-allow-nbf-dolt
-backingStoreHostNameOverrideValue "doltlabremoteapi:100"
-http-host ":100"
environment:
BUILD_SCM_REVISION: "doltlabremoteapi-v2.1.0"
DOLTHUB_METRICS_ENABLED: "true"
networks:
- default
volumes:
- /home/ubuntu/doltlab/doltlabremoteapi/iter_token.keys:/iter_token.keys
- doltlab-remote-storage:/doltlab-remote-storage
ports:
- "50051:50051"
Here you'll see that the port 50051
is exposed on the container. This port must also be accessible on the DoltLab host so that Dolt clients can interact with this service during cloning, pushing, pulling, and fetching.
This service also gets a key file mounted to the container. /doltlabremoteapi/iter_token.keys
is created by the installer
and doltlabremoteapi
uses this file, like doltlabapi
, to encrypt and decrypt tokens.
There's an additional volume mount as well called doltlab-remote-storage
. This Docker volume is where doltlabremoteapi
actually writes all database data on local disk, and serves it from disk to doltlabapi
and Dolt clients alike. Although not seen explicitly in the service definition above, doltlabremoteapi
serves this data on port 100
so this port must also be exposed on the DoltLab host. Connections to this port are made through DoltLab's reverse proxy, doltlabenvoy
, discussed later.
You can find the definition of the doltlab-remote-storage
volume in the docker-compose.yaml
top level volumes
section.
DoltLab File Service API (doltlabfileserviceapi)
DoltLab's next service is called the doltlabfileserviceapi
and this service is unique to DoltLab. This service is responsible for storing and retrieving files uploaded by users of the DoltLab instance, most often during the online file import process. doltlabfileserviceapi
writes all of these files to DoltLab's local disk and authenticates incoming requests against doltlabapi
.
DoltHub does not have an equivalent service, since it uploads user uploaded files directly to AWS S3.
The following section of the docker-compose.yaml
file corresponds to this service:
doltlabfileserviceapi:
depends_on:
- doltlabenvoy
image: public.ecr.aws/dolthub/doltlab/fileserviceapi-server:v2.1.0
command: |-
-outboundInternalServiceEndpointHost doltlabenvoy
-iterTokenEncKeysFile /iter_token.keys
-iterTokenDecKeysFile /iter_token.keys
-dir /doltlab-user-uploads
-doltlab
environment:
BUILD_SCM_REVISION: "doltlabfileserviceapi-v2.1.0"
DOLTHUB_METRICS_ENABLED: "true"
networks:
- default
volumes:
- /home/ubuntu/doltlab/doltlabfileserviceapi/iter_token.keys:/iter_token.keys
- doltlab-user-uploads:/doltlab-user-uploads
Similarly to doltlabapi
and doltlabremoteapi
, we can see that the installer
will generate doltlabfileserviceapi/iter_token.keys
so it can be mounted in the container for token encryption and decryption.
The Docker volume doltlab-user-uploads
is also mounted to the container and is where the service will write all uploaded files.
Not shown in this service definition is the port that doltlabfileserviceapi
uses for incoming requests, port 4321
. This port must be accessible on the DoltLab host so that browsers can upload files to doltlabfileserviceapi
. This port will be exposed by doltlabenvoy
, DoltLab's reverse proxy described below.
DoltLab GraphQL API (doltlabgraphql)
Next we'll look at the first part of DoltLab's frontend services, the GraphQL service called doltlabgraphql
. This service is a data layer API, that provides a uniform interface for DoltLab UI requests to and responses from doltlabapi
. This service has very low user facing impact, as it primarily acts as a middleware service between DoltLab's frontend, doltlabui
, and doltlabapi
.
In the generated docker-compose.yaml
file, the following corresponds to the doltlabgraphql
section:
doltlabgraphql:
depends_on:
- doltlabdb
- doltlabenvoy
- doltlabremoteapi
- doltlabapi
- doltlabfileserviceapi
image: public.ecr.aws/dolthub/doltlab/dolthubapi-graphql-server:v2.1.0
environment:
DOLTHUBAPI_URL: "http://doltlabenvoy:9443"
NODE_ENV: "development"
networks:
- default
Not too much else to say about this service except that the NODE_ENV=development
environment variable tells GraphQL to run a GUI at /graphql
which can be used to execute queries against doltlabapi
manually, although this endpoint is not exposed on the container definition by default.
DoltLab UI (doltlabui)
DoltLab's UI, called doltlabui
is a Next.js application that provides the DoltLab user interface. This service interacts only with doltlabgraphql
, which in turn interacts with doltlabapi
.
Here is the service definition for doltlabui
:
doltlabui:
depends_on:
- doltlabdb
- doltlabenvoy
- doltlabfileserviceapi
- doltlabremoteapi
- doltlabapi
- doltlabgraphql
image: public.ecr.aws/dolthub/doltlab/dolthub-server:v2.1.0
environment:
DOLTHUB_METRICS_ENABLED: "true"
DOLTHUB_VERSION: "v2.1.0"
EVENTSAPI_URL: "https://eventsapi.dolthub.com"
INTERNAL_GRAPHQLAPI_URL: "http://doltlabenvoy:10080/graphql"
IS_DOLTLAB_INSTANCE: "1"
NODE_OPTIONS: "--max-old-space-size=16384"
STRIPE_API_KEY: "does_not_work"
networks:
- default
Similar to doltlabgraphql
, not a lot of configuration going on here, although DoltLab Enterprise customers will see this service definition change if they use the installer
to customize their DoltLab's UI.
We'll touch more on that in the DoltLab Enterprise section below.
DoltLab's Envoy Reverse Proxy (doltlabenvoy)
DoltLab runs behind an Envoy Proxy that performs a variety of functions including routing ingress requests to their proper targets as well as facilitating internal requests between services.
The service definition for doltlabenvoy
is as follows:
doltlabenvoy:
image: envoyproxy/envoy:v1.28-latest
command: |-
-c /envoy.json
networks:
- default
volumes:
- /home/ubuntu/doltlab/envoy.json:/envoy.json
ports:
- "100:100"
- "4321:4321"
- "7770:7770"
- "2001:2001"
- "80:80"
doltlabenvoy
requires a configuration file to be mounted on the container, and the installer
will generate this envoy.json
for us. Unfortunately the configuration of the Envoy proxy is outside the scope of this post, so we won't detail the generated envoy.json
file here. There are some important things to note about the port definitions in the docker-compose.yaml
file above, though.
We can see from the ports exposed on the container above that requests for remote data files will go through this proxy on port 100
to doltremoteapi
, requests for doltlabfileserviceapi
will go through this proxy on 4321
, and requests for our DoltLab's instance's homepage will go through this proxy to doltlabui
on port 80
.
Port 7770
is used for service metrics as discussed in a DoltLab monitoring blog and port 2001
can be used to health check the proxy, as it will return a 200
to GET
requests.
This service is a crucial piece of DoltLab's infrastructure, so it's good to be aware of its role within the suite of services, but like doltlabgraphql
, when its functioning properly, it has low end-user impact.
Getting Started with the Installer
Now that you have an updated overview of DoltLab's services, it's time to use the installer
to get a DoltLab instance up and running! Let's start by configuring the most basic version of DoltLab v2.1.0
.
First, ensure you have the minimum requirements for DoltLab, which are a Linux host with ports 100
, 50051
, 4321
, and 80
open for ingress.
Next, make sure DoltLab's dependencies are installed and configured. This primarily means Docker, Docker Compose, and amazon-ecr-credential-helper.
Next, on your provisioned host, download DoltLab v2.1.0 and unzip the contents into a doltlab
directory:
$ curl -LO https://doltlab-releases.s3.amazonaws.com/linux/amd64/doltlab-v2.1.0.zip
$ unzip doltlab-v2.1.0.zip -d doltlab
Archive: doltlab-v2.1.0.zip
inflating: doltlab/smtp_connection_helper
inflating: doltlab/installer
inflating: doltlab/installation_guide.md
inflating: doltlab/administrators_guide.md
You're now ready to run the installer
:
$ ./installer \
--host=doltlab.dolthub.com \
--smtp-auth-method=plain \
--smtp-host=doltlab.dolthub.com \
--smtp-port=587 \
--no-reply-email=me@email.com \
--default-user-email=me@email.com
2024-03-29T18:19:28.164Z INFO metrics/emitter.go:111 Successfully sent DoltLab usage metrics
2024-03-29T18:19:28.164Z INFO cmd/main.go:345 Successfully configured DoltLab {"version": "v2.1.0"}
2024-03-29T18:19:28.164Z INFO cmd/main.go:349 You can now start DoltLab using the generated script {"start_script": "/home/ubuntu/doltlab/start.sh"}
2024-03-29T18:19:28.164Z INFO cmd/main.go:354 Use the generated stop script to stop DoltLab {"stop_script": "/home/ubuntu/doltlab/stop.sh"}
The arguments used in the snippet above are the minimum required arguments to successfully run the installer
.
--host
, is the host name or IP address of the host running DoltLab. This argument is used in a number of DoltLab's services.
--smtp-auth-method
, is your SMTP server's authentication method, one of plain
, login
, external
, anonymous
, oauthbearer
, and disable
. This is used by doltlabapi
for sending emails to end users.
--smtp-host
, is your SMTP server's host name, and is also used by doltlabapi
.
--smtp-port
, is your SMTP port, and is also used by doltlabapi
.
--no-reply-email
, is the email address to use as the "from" address for emails sent by DoltLab. Ensure that your SMTP server allows you to send emails from this address. This value will be used by doltlabapi
.
--default-user-email
, is the email address to use for DoltLab's default user admin
. DoltLab creates a default user automatically in case there are problems with DoltLab's connection to your SMTP server, you can still use DoltLab's features as user admin
. This value is used by doltlabapi
as well.
If we run ls
, we can see that the installer
generated the expected files we need to run DoltLab:
$ ls
administrators_guide.md doltlabapi doltlabfileserviceapi envoy.json installer start.sh
docker-compose.yaml doltlabdb doltlabremoteapi installation_guide.md smtp_connection_helper stop.sh
The generated files include the docker-compose.yaml
file which contains our service definitions, the envoy.json
file for configuring DoltLab's reverse proxy, and three key files used for token encryption and decryption for each respective service: doltlabapi/iter_token.keys
, doltlabremoteapi/iter_token.keys
, and doltlabfileserviceapi/iter_token.keys
.
Additionally, the installer
generated a script to easily start DoltLab and a script to easily stop it, start.sh
and stop.sh
.
If we inspect start.sh
, we'll see:
#!/bin/bash
set -e
export EMAIL_USERNAME
export EMAIL_PASSWORD
export EMAIL_OAUTH_TOKEN
export DEFAULT_USER_PASSWORD=${DEFAULT_USER_PASSWORD-DoltLab1234}
export DOLT_PASSWORD
export DOLTHUBAPI_PASSWORD
check_env() {
if [[ -z "$DOLT_PASSWORD" || -z "$DOLTHUBAPI_PASSWORD" ]]; then
echo "Must supply DOLT_PASSWORD, and DOLTHUBAPI_PASSWORD"
exit 1
fi
check_plain_auth_env
}
check_plain_auth_env() {
if [[ -z "$EMAIL_USERNAME" || -z "$EMAIL_PASSWORD" ]]; then
echo "Must supply EMAIL_USERNAME and EMAIL_PASSWORD"
exit 1
fi
}
create_docker_network_if_not_exists() {
docker network inspect doltlab >/dev/null 2>&1 || \
docker network create --driver bridge doltlab
}
update_images() {
local config="/home/ubuntu/doltlab/docker-compose.yaml"
docker compose -f "$config" pull
}
start_services() {
local config="/home/ubuntu/doltlab/docker-compose.yaml"
EMAIL_USERNAME="$EMAIL_USERNAME" \
EMAIL_PASSWORD="$EMAIL_PASSWORD" \
EMAIL_OAUTH_TOKEN="$EMAIL_OAUTH_TOKEN" \
DEFAULT_USER_PASSWORD="$DEFAULT_USER_PASSWORD" \
DOLT_PASSWORD="$DOLT_PASSWORD" \
DOLTHUBAPI_PASSWORD="$DOLTHUBAPI_PASSWORD" \
docker compose -f "$config" up -d
}
_main() {
check_env
create_docker_network_if_not_exists
update_images
start_services
}
_main "$@"
The contents of this script will change depending on how the installer
was run, but you can expect this script to require the environment variables necessary to successfully start and run DoltLab based on the installer
configuration.
For example, we ran the installer with --smtp-auth-method=plain
. As a result, the generated start.sh
script requires EMAIL_USERNAME
and EMAIL_PASSWORD
to be set in your environment.
We can also see that it's possible to configure the default user of a DoltLab instance, admin
, with a specific password. This can be set by supplying DEFAULT_USER_PASSWORD
, or if unset, this will default to DoltLab1234
.
We are now ready to run ./start.sh
and see our DoltLab instance go live.
You should now be able to navigate to http://doltlab.dolthub.com (or whatever your --host
was) and see your DoltLab homepage!
You might have noticed that the installer
also generated assets in doltlabdb
. They are doltlabdb/shell-db.sh
and doltlabdb/dolt_db_cli.sh
. doltlabdb/dolt_db_cli/sh
can be used to connect a Dolt CLI client to doltlabdb
, for very rare occasions when the Dolt CLI needs to be used instead of the server itself.
More important is doltlabdb/shell-db.sh
which opens a shell to the running doltlabdb
server. This can be used to run queries against the server or even whitelist emails to create accounts against your DoltLab instance if you've enabled email whitelisting.
More Installer Power
Hopefully it's clear how much simpler the installer
has made configuring something as complex as DoltLab. Here are some more very useful installer
options that can help you set up DoltLab for your specific use case.
SMTP Implicit TLS
Some SMTP servers use implicit TLS connections which DoltLab will need to handle. To configure DoltLab's SMTP client to use implicit TLS, run the installer with --smtp-implicit-tls=true
. Similarly, to configure DoltLab's SMTP client to skip TLS verification, use --smtp-insecure-tls=true
.
Prevent Open Account Creation
DoltLab for non-enterprise use currently supports explicit email whitelisting to prevent account creation by unauthorized users. To enable email whitelisting (disallowing open account creation) use --white-list-all-users=false
with the installer
. To whitelist an email and allow it to create an account on your DoltLab instance use the doltlabdb/shell-db.sh
script to run the following query:
$ DOLT_PASSWORD=******** ./shell-db.sh
...
mysql> INSERT INTO email_whitelist_elements (email_address, updated_at, created_at) VALUES ('example@address.com', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP);
A user with email example@address.com
can now create an account on your DoltLab instance.
Connect DoltLab to an External Dolt Server
DoltLab runs doltlabdb
on the same host as the application database on the same host as the other services by default, but DoltLab can also use an external Dolt server as it's application database.
Ensure you run the following statements against your external Dolt server.
CREATE USER 'dolthubadmin' IDENTIFIED BY '$DOLT_PASSWORD';
CREATE USER 'dolthubapi' IDENTIFIED BY '$DOLTHUBAPI_PASSWORD';
CREATE DATABASE dolthubapi;
GRANT ALL ON *.* TO 'dolthubadmin';
GRANT ALL ON dolthubapi.* TO 'dolthubapi';
Then, run the installer
with --doltlabdb-host
referencing your external database's host name, and --doltlabdb-port
referencing its port.
Serve DoltLab natively over HTTPS
To do so, make sure that port 443
is open on the host running DoltLab (as well as the other required ports 100
, 4321
, and 50051
) and that you have a valid TLS certificate that uses the --host
value you supplied to the installer
. We recommend creating a TLS certificate using certbot.
You can then run the installer
with --https=true
, --tls-cert-chain=/path/to/tls/certificate/chain
, and --tls-private-key=/path/to/tls/private/key
and use the start.sh
script to run DoltLab over HTTPS.
DoltLab Enterprise and Beyond
A major motivation for creating DoltLab's installer
tool was to better support our DoltLab Enterprise clients, and make it simpler for them to configure various Enterprise features.
Previous versions of DoltLab required Enterprise feature configuration with a separate file called admin-config.yaml
. Thankfully we've done away with this additional file, and can simply use the installer
to enable Enterprise features.
For those not yet aware, we offer an Enterprise version of DoltLab the has exclusive features and support, not included with the free version of DoltLab. This includes, but is not limited to: UI customization options including use of custom colors, logo, and email templates, single-sign-on integration with your identity-provider, and 24/7 engineering support, and more coming soon! If you're interested in finding out more about DoltLab Enterprise, contact us on Discord for more information.
If you're already a DoltLab Enterprise customer, using the installer
to unlock your exclusive features very simple.
In addition to supplying the minimum required installer
arguments, simply include the following arguments to configure DoltLab to run in Enterprise mode:
$ ./installer \
...
--enterprise-online-product-code=******** \
--enterprise-online-shared-key=************** \
--enterprise-online-api-key=************ \
--enterprise-online-license-key=********** \
...
All Enterprise features will require these arguments. With these supplied to the installer
, here's how you configure the following features:
Custom Emails
DoltLab Enterprise allows you to customize the emails sent to users by your DoltLab instance. You can do this by editing email templates that DoltLab uses for these automated emails.
Using the installer
supply the argument --custom-email-templates=true
. The installer
will generate template files you can edit at doltlabapi/templates/email
. For more information about how to edit these files, check out our Custom emails section in DoltLab's Administrator guide.
Custom Logo
You can also use a custom logo on your DoltLab instance, which helps ensure users of your DoltLab instance know it's yours. To use a custom logo, supply --custom-logo=/path/to/custom/logo.png
to the installer
.
Super Admins
Its often the case that DoltLab administrators need super user permissions on their DoltLab instance so they can add or remove users, modify various databases, and perform various actions to meet their use case. We call these users "super admins", and they can be configured with the installer
by supplying the argument --super-admin-email
with the email address associated with the user who should have super admin privileges.
This argument can also be supplied multiple times, ie:
$ ./installer \
...
--super-admin-email=yours@email.com \
--super-admin-email=mine@email.com \
--super-admin-email=ours@email.com \
...
SAML Single Sign-on
To configure SAML single sign-on (SSO) with DoltLab, there are a few prerequisite steps you'll need to take in order to ensure you're ready to integrate your DoltLab instance with your identity provider. For those we have a section in our documentation that walks you through what to do.
Once you have the SAML metadata from your identity provider downloaded, you can configure your instance to use SSO by using the --sso-saml-metadata-descriptor=/path/to/downloaded/metadata/descriptor
argument and the --sso-saml-cert-common-name=mydoltlabinstance
argument with the installer
. The --sso-saml-cert-common-name
is used during the SAML certificate generation of your DoltLab instance.
Automated Backups
DoltLab Enterprise also enables automated backups of the application database doltlabdb
to various cloud providers. Using the power of dolt backup under-the-hood, automated backups can be configured to write to an AWS, GCS, or OCI remote. For detailed information about automated DoltLab backups, see the section in DoltLab's Administrator guide.
In brief, AWS backups can be configured with the installer
with the arguments:
$ ./installer \
...
--automated-dolt-backups-url="aws://[test-doltlab-backup-application-db-manifest:test-doltlab-application-db-backups]/my_doltlab_backup" \
--aws-shared-credentials-file="/absolute/path/to/aws/credentials" \
--aws-config-file="/absolute/path/to/aws/config" \
--aws-region="aws-region" \
--aws-profile="doltlab_backuper" \
...
GCS backups can be configured with:
$ ./installer \
...
--automated-dolt-backups-url="gs://test-doltlab-application-db-backup/my_doltlab_backup" \
--google-creds-file="/absolute/path/to/gcloud/credentials" \
...
And OCI backups can be configured with:
$ ./installer \
...
--automated-dolt-backups-url="oci://test-doltlab-application-db-backup/my_doltlab_backup" \
--oci-config-file="/absolute/path/to/oci/config" \
--oci-key-file="/absolute/path/to/oci/private/key.pem" \
...
Automated backups will be pushed by default every 24 hours, but this schedule can be augmented by supplying --automated-dolt-backups-cron-schedule
with a cron string, like "0 * * * *", to push backups every hour, for example. DoltLab will also email the administrator if a backup fails for some reason.
Conclusion
Hopefully our work on the latest release of DoltLab and its new installer
interface has encouraged you to download and try DoltLab for yourself. We're always working to make the experience of running DoltLab simple and straightforward and would love to hear your feedback.
We are also offering free, 30-day trials of DoltLab Enterprise so you can demo this powerful product for the rest of your team. To find out more information hit us up on Discord in the #doltlab
server.
Not sure which product is right for you? You can check out each of our different product offerings below:
- Dolt—it's Git for data.
- DoltHub—it's GitHub for data.
- DoltLab—it's GitLab for data.
- Hosted Dolt—it's RDS for Dolt databases.