Admin Diary - How to seperate Frontend and Backend

Knowledge Base Supported
#1

Question

Can I run Univention Admin Diary Frontend and Backend on different machines?

Answer

Yes, the Admin Diary Frontend app can be installed on different UCS systems separately from the UCS system that runs the Admin Diary Backend app. The Admin Diary Frontend just requires the Backend App to be installed on at least one system anywhere in the UCS domain.

Admin Diary Backend is the central hub of logging for all Admin Diary events. It transfers those events into a relational database (MySQL/MariaDB or PostgreSQL). The Admin Diary Frontend is a UMC module that shows the entries found in the backend database and allows filtering and annotation.

The following four steps need to be performed to grant the Frontend access to the backend database:

  1. On the UCS system that runs the Frontend set the UCR variable admin/diary/dbms, to indicate if PostgreSQL or MySQL/MariaDB are used as backend database.
  2. Reconfigure every system in the domain to send events to the backend server. This is be configured via the UCR variable admin/diary/backend. The host must be reachable for all clients that log to it. The rsyslog service must be restarted on every system.
  3. Make sure that firewalls allow network communication between the system running the Admin Diary Frontend and the system running the backend database. The exact network port depends on the database type: TCP port 3306 for MySQL/MariaDB and TCP port 5432 for PostgreSQL.
  4. Copy the file /etc/admin-diary.secret from the server running the Admin Diary Backend to the server running the Admin Diary Frontend.
  5. Configure database access control to grant the frontend system access to the database named admindiary. For example assume that the frontend system has the FQDN server.mydom.intranet with the IP address 10.11.12.13. On the system running the backend database you may perform the following steps, depending on the type of SQL database:
  • PostgreSQL:
ucr set postgres11/pg_hba/config/01="host admindiary admindiary 10.11.12.13/32 md5"
# if this is still ucs 4.4, you would need ucr set postgres9/pg_hba/config/01="host admindiary admindiary 10.11.12.13/32 md5"
systemctl restart postgresql
  • MySQL/MariaDB:
echo "GRANT ALL ON admindiary.* TO 'admindiary'@'server.mydom.intranet' IDENTIFIED BY '<ADMINDIARY.SECRET>'" | mysql -p$(cat /etc/mysql.secret) 
## replace '<ADMINDIARY.SECRET>' by the random password stored in /etc/admindiary.secret on the system running the Admin Diary Frontend app.

If the steps above have not been followed, the Admin Diary Frontend will show an error like this (just included here to allow searching for the message):

An error occurred

Internal server error.

Server error message:

Error connecting to the Admin Diary Backend.
The database management system is “postgresql”. Is the service running and does it respond to TCP/IP connections?

Problem: System changes aren't recognized by Admin-Diary
Admin diary on 5.0.3-660 failing on replica
#2
Mastodon