Creating a cluster of 1C:Enterprise Linux servers with a Managed Service for PostgreSQL cluster
- Prepare your cloud
- Set up a VPN to access the cloud infrastructure
- Create virtual machines for 1C:Enterprise servers
- Create a Managed Service for PostgreSQL cluster
- Configure a Samba server on 1C servers
- Configure 1C:Enterprise servers
- Configure a 1C server cluster and infobase
- Connect to the infobase
- Delete the resources you created
In Yandex Cloud, you can create a Yandex Managed Service for PostgreSQL cluster optimized for 1C:Enterprise.
Your new 1C:Enterprise infrastructure will consist of a 1C working server, a 1C license server, and a Managed Service for PostgreSQL cluster. 1C servers will be running CentOS 7 with no internet access. The cluster will be accessed via an encrypted OpenVPN server connection.
To configure a 1C cluster and make sure the created infrastructure works properly, your local computer running Windows (outside Yandex Cloud) must have the 1C: Enterprise client and the 1C administration console installed.
The process of creating the 1C:Enterprise infrastructure described in this guide was tested in 1C version 8.3.25
.
Note
To use 1C:Enterprise, you need a license. For more information about licenses, their installation, as well as the distributions you may need, see the 1C:Enterprise website
To configure a 1C:Enterprise server cluster:
- Prepare your cloud.
- Set up a VPN to access the cloud infrastructure.
- Create virtual machines for 1C:Enterprise servers.
- Create a Managed Service for PostgreSQL cluster.
- Configure a Samba server on 1C servers.
- Configure 1C:Enterprise servers.
- Configure a 1C server cluster and infobase.
- Connect to the infobase.
If you no longer need the resources you created, delete them.
Prepare your cloud
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Required paid resources
The infrastructure support cost for 1C-Enterprise in Yandex Cloud includes:
- Fee for disks and continuously running VMs (see Yandex Compute Cloud pricing).
- Fee for a continuously running Managed Service for PostgreSQL cluster (see Managed Service for PostgreSQL pricing).
- Fee for using a static public IP address (see Yandex Virtual Private Cloud pricing).
Set up a VPN to access the cloud infrastructure
To ensure secure access to the 1C:Enterprise infrastructure you are creating in Yandex Cloud, set up a VPN. To address this task, use OpenVPN Access Server and its Windows client.
Create a cloud network and subnets
To create a cloud network with subnets in three availability zones:
- In the management console
, go to the folder where you need to create a cloud network. - In the list of services, select Virtual Private Cloud.
- In the top-right corner, click Create network.
- In the Name field, enter
my-1c-network
. - Enable Create subnets.
- Click Create network.
Configure network traffic permissions
Security groups act as a virtual firewall for incoming and outgoing traffic. Learn more about the default security group here.
To ensure proper operation of OpenVPN Access Server and the Managed Service for PostgreSQL cluster, add additional rules to the default security group of the my-1c-network
cloud network:
Traffic direction |
Description | Port range | Protocol | Source | CIDR blocks |
---|---|---|---|---|---|
Incoming | VPN Server 443 |
443 |
TCP |
CIDR |
0.0.0.0/0 |
Incoming | VPN Server 1194 |
1194 |
UDP |
CIDR |
0.0.0.0/0 |
Incoming | Admin Web UI, Client Web UI |
943 |
TCP |
CIDR |
0.0.0.0/0 |
Incoming | Managed Service for PostgreSQL |
6432 |
TCP |
CIDR |
0.0.0.0/0 |
Start the VPN server
Create a VM to serve as a gateway for VPN connections:
-
Reserve a public IP address for your VPN server.
-
On the folder page in the management console
, click Create resource and selectVirtual machine instance
. -
Under Boot disk image, enter
OpenVPN Access Server
in the Product search field and select a public OpenVPN Access Server image. -
Under Location, select an availability zone, e.g.,
ru-central1-b
. -
Under Disks and file storages, select the
HDD
disk type and specify the size:20 GB
. -
Under Computing resources, navigate to the
Custom
tab and specify the required platform, number of vCPUs, and amount of RAM:- Platform:
Intel Ice Lake
. - vCPU:
2
. - Guaranteed vCPU performance:
100%
. - RAM:
2 GB
.
- Platform:
-
Under Network settings:
-
In the Subnet field, select
my-1c-network
and the subnet mapped to the selected VM availability zone. -
In the Public IP field, select
List
and the previously reserved public IP address from the list.When configuring a VPN server, use only a static public IP address. Dynamic IP addresses may change after the VM reboots and the connections will no longer work.
-
Leave the Security groups field blank. The default security group will be assigned to the new VM.
-
-
Under Access, select SSH key and specify the VM access data:
- In the Login field, enter a username, e.g.,
yc-user
. Do not useroot
or other names reserved by the OS. To perform operations requiring superuser permissions, use thesudo
command. -
In the SSH key field, select the SSH key saved in your organization user profile.
If there are no saved SSH keys in your profile, or you want to add a new key:
- Click Add key.
- Enter a name for the SSH key.
- Upload or paste the contents of the public key file. You need to create a key pair for the SSH connection to a VM yourself.
- Click Add.
The SSH key will be added to your organization user profile.
If users cannot add SSH keys to their profiles in the organization, the added public SSH key will only be saved to the user profile of the VM being created.
- In the Login field, enter a username, e.g.,
-
Under General information, specify the VM name:
vpn-server
. -
Click Create VM.
-
A window will open informing you of the pricing type, which is BYOL (Bring Your Own License). Click Create.
Get the administrator password
The openvpn user with administrator privileges was created on the OpenVPN
server in advance. The password is generated automatically when you create a VM.
Get the password in the serial port output or the serial console. The password will display in the following string:
To log in, please use the `openvpn` account with the <password> password.
Where <password>
is the openvpn
user password.
Log in to the admin panel using the openvpn
username and the obtained password.
If you do not get the password after launching the VPN server for the first time, you need to re-create the VM running OpenVPN Access Server. The password will not display when reboot.
Activate license
Note
If you have up to two VPN connections, use the product for free (no activation required).
To activate the license:
- Create an account on openvpn.net
. - Enter the confirmation code sent to your email address.
- In the Where would you like to Go? window, select the Remember my choice option and select the Access serve product.
- In the Tell us more window, select the purpose: Business use or Personal use.
- On the Subscriptions tab, select the maximum number of connections in the How many VPN connections do you need? field and click Create.
- Your subscription will be displayed on the screen: Subscription 1.
- To copy the activation key, click Copy Key under Subscription Key.
Wait until the VM status changes to RUNNING
and enter the activation key in the admin panel at https://<VM_public_IP_address>/admin/
.
You can look up the VM's public IP address in the management console
Create an OpenVPN user
OpenVPN Access Server provides two web interfaces:
- Client Web UI at
https://<VM_public_IP_address>/
. This interface is used by regular users to download client applications and configuration profiles. - Admin Web UI at
https://<VM_public_IP_address>/admin/
. This interface is used to configure the server.
Note
By default, the server has a self-signed certificate installed. If you need to replace this certificate, follow the steps described here
To create a user, log in to the admin panel:
- In the browser, open a URL, such as
https://<VM_public_IP_address>/admin/
. - Enter the
openvpn
username and password (to learn how to get the admin password, see this section). - Read the license agreement of click Agree. This will open the home screen of the OpenVPN admin panel.
- Go to the User management tab and select User permissions.
- In the user list, enter a username for the new user in the New Username field, e.g.,
test-user
. - Click the pencil icon in the More Settings column and enter a password for the new user in the Password field.
- Click Save settings.
- Click Update running server.
Connect to the VPN
In the admin panel, you can download the OpenVPN Connect
As this guide covers configuring the 1C:Enterprise client in the Windows environment, download and install the OpenVPN client for Windows on your local computer:
-
Download the installation distribution:
- In your browser, open the user panel at
https://<VM_public_IP_address>/
. - Sign in using the
test-user
username and password. - Download OpenVPN Connect version 2 or 3 by clicking the Windows icon.
- In your browser, open the user panel at
-
Install and run OpenVPN Connect.
-
A VPN connection will turn on automatically if auto-login is enabled in the user profile.
You can import a new configuration profile into the application. To do this, specify https://<VM_public_IP_address>/
or select a profile file.
Create virtual machines for 1C:Enterprise servers
The 1C:Enterprise license must be installed on a separate server for changes to the configurations of other 1C servers to have no effect on the installed license. At this stage, you will create two virtual machines: one will serve as the 1C:Enterprise server and the other, as the licensing server.
Create a VM for the 1C:Enterprise server:
-
On the folder page in the management console
, click Create resource and selectVirtual machine instance
. -
Under Boot disk image, in the Product search field, enter
CentOS 7
and select a public CentOS 7 image. -
Under Location, select the availability zone hosting the VNP server you created earlier.
-
Under Computing resources, navigate to the
Custom
tab and specify the required platform, number of vCPUs, and the amount of RAM:- Platform:
Intel Ice Lake
. - vCPU:
4
. - Guaranteed vCPU performance:
100%
. - RAM:
4 GB
.
- Platform:
-
Under Network settings:
-
In the Subnet field, select
my-1c-network
and the subnet mapped to the selected VM availability zone. -
In the Public IP field, leave the
Auto
value to assign a random external IP address from the Yandex Cloud pool.The virtual machine will need a public IP address for software configuration. Once the software has been configured, unlink the public IP address from the VM. The OpenVPN server will then be used to access the VM.
-
Leave the Security groups field blank. The default security group will be assigned to the new VM.
-
-
Under Access, select SSH key and specify the VM access data:
- In the Login field, enter a username, e.g.,
yc-user
. Do not useroot
or other names reserved by the OS. To perform operations requiring superuser permissions, use thesudo
command. -
In the SSH key field, select the SSH key saved in your organization user profile.
If there are no saved SSH keys in your profile, or you want to add a new key:
- Click Add key.
- Enter a name for the SSH key.
- Upload or paste the contents of the public key file. You need to create a key pair for the SSH connection to a VM yourself.
- Click Add.
The SSH key will be added to your organization user profile.
If users cannot add SSH keys to their profiles in the organization, the added public SSH key will only be saved to the user profile of the VM being created.
- In the Login field, enter a username, e.g.,
-
Under General information, specify the VM name:
server-1c
. -
Click Create VM.
Similarly, create a VM named licensing-server-1c
for the licensing server using the same parameters.
Create a Managed Service for PostgreSQL cluster
Yandex Cloud allows you to create Managed Service for PostgreSQL clusters optimized for 1C:Enterprise. Cluster settings may vary depending on your project requirements.
To create a Managed Service for PostgreSQL cluster optimized for 1C:
-
On the folder page in the management console
, click Create resource and select PostgreSQL cluster. -
Under Basic parameters:
- In the Cluster name field, enter the cluster name:
1c-pg
. - In the Version list, select
15-1c
.
- In the Cluster name field, enter the cluster name:
-
Under Host class, select
s3-c2-m8
. This configuration will be enough to health check the solution. If you expect a heavy workload on your new 1C:Enterprise database, select a higher performance class host. -
Under Size of storage, select
network-ssd
and set the size to114 GB
. -
Under Database, specify:
- DB name:
1c-database
. - Username:
user1
. - Password: Password you will use to access the DB.
- Locale for sorting (LC_COLLATE):
ru_RU.UTF-8
. - Charset locale (LC_CTYPE):
ru_RU.UTF-8
.
- DB name:
-
Under Network settings, select
my-1c-network
.Leave the Security groups field blank. The default security group will be assigned to the new cluster.
-
Under Hosts, select different availability zones for your hosts to ensure their fault tolerance.
-
Click Create cluster.
Creating a DB cluster may take a few minutes.
Configure a Samba server on 1C servers
-
Connect to the
server-1c
VM over SSH. -
Install Samba, the required dependencies, and the
nano
text editor:sudo yum install nano samba samba-client samba-common
-
Disable IPv6 to avoid server conflicts.
-
Open the
/etc/sysctl.conf
file:sudo nano /etc/sysctl.conf
Add the following lines to the
/etc/sysctl.conf
file:net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
-
Open the
/etc/sysconfig/network
file:sudo nano /etc/sysconfig/network
Add the following lines to the
/etc/sysconfig/network
file:NETWORKING_IPv6=no HOSTNAME=server-1c
-
-
Set up Samba. To do this, open the
/etc/samba/smb.conf
configuration file:sudo nano /etc/samba/smb.conf
Edit the file as follows:
[global] workgroup = WORKGROUP server string = Samba Server%v netbios name = centos security = user map to guest = bad user dns proxy = no passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups iptions = raw security = user [files] path = /1c-files browsable = yes writable = yes guest ok = yes read only = no
-
Create a shared folder and grant the required access permissions for it:
sudo mkdir /1c-files sudo chmod -R 777 /1c-files
-
Disable SELinux. To do this, open the
/etc/sysconfig/selinux
configuration file:sudo nano /etc/sysconfig/selinux
Change the value of the
SELINUX
parameter:SELINUX=disabled
-
Add the Samba server service to the startup script:
sudo systemctl enable smb.service
Result:
Created symlink from /etc/systemd/system/multi-user.target.wants/smb.service to /usr/lib/systemd/system/smb.service.
-
Restart the Samba server service:
sudo systemctl restart smb.service
Similarly, configure the Samba server on the licensing-server-1c
VM.
Configure 1C:Enterprise servers
-
Copy the 1C:Enterprise server distribution from your local computer to the
server-1c
VM:scp <file_name> <username>@<VM_public_IP_address>:/1c-file.
Where:
<file_name>
: Name of the binary distribution file, e.g.,setup-full-8.3.25.1257-x86_64.run
.<username>
: VM username, e.g.,yc-user
.<VM_public_IP_address>
: Public IP address of the VM with the 1C server.
-
Connect to the
server-1c
VM over SSH. -
Install the 1C:Enterprise server on the VM:
cd /1c-files sudo ./<file_name> --mode unattended --enable-components server,ws,server_admin
Where
<file_name>
is the name of the binary distribution file, e.g.,setup-full-8.3.25.1257-x86_64.run
. -
After installation is complete, delete the distribution file by specifying the name of the binary distribution file:
rm <file_name>
-
Start the 1C server service and add it to the startup script:
sudo ln /opt/1cv8/x86_64/8.3.25.1257/srv1cv8-8.3.25.1257@.service /etc/systemd/system sudo systemctl start srv1cv8-8.3.25.1257@.services.service sudo systemctl enable srv1cv8-8.3.25.1257@.services.service
Result:
Created symlink from /etc/systemd/system/multi-user.target.wants/srv1cv8-8.3.25.1257@.services.service to /etc/systemd/system/srv1cv8-8.3.25.1257@.service.
The path to the 1C:Enterprise server installation files depends on the 1C platform version installed. The example shows commands to start the 1C:Enterprise
8.3.25
server service. -
Make sure the 1C:Enterprise server service is running:
systemctl status -l srv1cv8-8.3.25.1257@.services
Result:
● srv1cv8-8.3.25.1257@.services.service - 1C:Enterprise Server 8.3 (8.3.25.1257) (.services) Loaded: loaded (/etc/systemd/system/srv1cv8-8.3.25.1257@.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2024-07-18 09:09:12 UTC; 6min ago Main PID: 16656 (ragent) CGroup: /system.slice/system-srv1cv8\x2d8.3.25.1257.slice/srv1cv8-8.3.25.1257@.services.service ├─16656 /opt/1cv8/x86_64/8.3.25.1257/ragent -d /home/usr1cv8/.1cv8/1C/1cv8 -port 1540 -regport 1541 -range 1560:1591 -seclev 0 -pingPeriod 1000 -pingTimeout 5000 ├─16670 /opt/1cv8/x86_64/8.3.25.1257/rmngr -port 1541 -host server-1c.ru-central1.internal -range 1560:1591 -d /home/usr1cv8/.1cv8/1C/1cv8/ -clstid 29361c8c-d4b8-47fd-8b53-43d8349f0e94 └─16769 /opt/1cv8/x86_64/8.3.25.1257/rphost -range 1560:1591 -reghost server-1c.ru-central1.internal -regport 1541 -pid 43049953-184b-453f-985c-604fb96300ae
Similarly, configure the 1C server on the licensing-server-1c
VM.
When you are done configuring both 1C servers, detach the public IP addresses from the server-1c
and licensing-server-1c
VMs. For further access to the 1C servers, use the OpenVPN server.
Configure a 1C server cluster and infobase
Before getting started with 1C:Enterprise, configure the server roles and add the infobase to the cluster:
-
Start the 1C administration console on your local Windows computer with the OpenVPN client running.
-
Add the central 1C:Enterprise server to the cluster:
-
Right-click Central 1C:Enterprise 8.3 servers and select Create → Central 1C:Enterprise 8.3 server from the context menu that opens. In the window that opens:
-
In the Name field, enter the server's internal FQDN:
server-1c.ru-central1.internal
.You can look up the VM's internal FQDN in the management console
by checking the Internal FQDN field on the VM page. -
Click OK.
You will see the local cluster in the tree on the left.
-
-
-
Add the 1C licensing server to the server cluster:
- Expand the Clusters tab and select Local cluster.
- Right-click Working servers and select Create → Working server from the context menu that opens.
- In the Computer field of the window that opens, specify
licensing-server-1c.ru-central1.internal
and click OK.
This server will be used to distribute licenses to other 1C servers.
-
Add functionality assignment requirements to
licensing-server-1c
:-
Expand the tab of the
licensing-server-1c.ru-central1.internal
server you added, right-click Functionality assignment requirements, and select Create → Functionality assignment requirement from the context menu that opens. In the window that opens:- In the Requirement object list, select
Any requirement object
. - In the Requirement type list, select
Do not assign
. - Leave all other parameters as they are and click OK.
- In the Requirement object list, select
-
Open the Local cluster context menu and select Apply functionality assignment requirements (full) to apply the new requirement to the cluster.
-
Add another requirement for assigning functionality to the
licensing-server-1c.ru-central1.internal
server with the following parameters:- In the Requirement object list, select
Licensing service
. - In the Requirement type list, select
Assign
. - Leave all other parameters as they are and click OK.
- In the Requirement object list, select
-
Open the Local cluster context menu and select Apply functionality assignment requirements (full) to apply the new requirement to the cluster.
-
-
Add functionality assignment requirements to
server-1c
:-
Expand the
server-1c.ru-central1.internal
server tab, right-click Functionality assignment requirements, and select Create → Functionality assignment requirement from the context menu that opens. In the window that opens:- In the Requirement object list, select
Client connection to infobase
. - In the Requirement type list, select
Assign
. - Leave all other parameters as they are and click OK.
- In the Requirement object list, select
-
Open the Local cluster context menu and select Apply functionality assignment requirements (full) to apply the new requirement to the cluster.
-
Add another requirement for assigning functionality to the
server-1c.ru-central1.internal
server with the following parameters:- In the Requirement object list, select
Licensing service
. - In the Requirement type list, select
Do not assign
. - Leave all other parameters as they are and click OK.
- In the Requirement object list, select
-
Open the Local cluster context menu and select Apply functionality assignment requirements (full) to apply the new requirement to the cluster.
-
-
Right-click Infobases inside the Local cluster section and select Create → Infobase from the context menu that opens. In the window that opens, specify:
-
Name:
1c-database
. -
Secure connection:
Continuously
. -
Database server: Your DB host address and port, e.g.,
rc1b-cfazv1db********.mdb.yandexcloud.net port=6432
.To find out the host address:
Management console- In the management console
, go to the folder page. - In the list of services, select Managed Service for PostgreSQL.
- In the window that opens, select the
1c-pg
cluster you created earlier. - Select the Hosts tab in the left-hand menu.
- In the Host FQDN field, hover over the host name (format:
rc1b-cfazv1db********
) and copy the database FQDN by clicking . The FQDN will be added to the host name, so the Database server field should contain a name inrc1c-cfazv1db********.mdb.yandexcloud.net port=6432
format.
- In the management console
-
DBMS type:
PostgreSQL
. -
Database: Database name,
1c-database
. -
Database server user:
user1
. -
Database user password: User password you set when creating the cluster.
-
Allow license issuing by 1C:Enterprise server:
Yes
. -
Language (Country):
English (United States)
. -
Create database if none present: Disabled.
-
Lock execution of scheduled jobs: Disabled.
Click OK.
-
Connect to the infobase
-
Start the 1C: Enterprise client on your local Windows computer with the OpenVPN client running.
-
Click Add.
-
Select Add an existing infobase to the list and click Next.
-
Enter the infobase name, select On 1C:Enterprise server, and specify the following settings:
- Server cluster:
server-1c.ru-central1.internal
. - Infobase name:
1c-database
.
- Server cluster:
-
Click Next.
-
Click Ready.
The infobase should appear on the list of infobases. You can now proceed to configuring and using it.
Delete the resources you created
To stop paying for the deployed infrastructure: