Feedback on installing/starting out with RavenDb 4 on a new Azure VM

[Justin A]

Hi all - this is some feedback from a newbie trying to get started with the latest RC (v 40025) of RavenDb on a new vanilla VM, under Azure.

This all might be useless feedback because this is an RC and this is all going to change in future releases? Or maybe not...

Context: Up until today, I've always just downloaded a zip file of RavenDb _4_ and just _manually_ ran the raven.server.exe in RAM mode. Love it, works great, fast dev cycle. 

SIDE NOTE: I always seed my data when an app starts, if there's no data found in the db. That way, I've always got a consistent starting point. Love it - works great with RavenDb in RAM mode, vs persisting the data to the disk. Remember, this is DEV stuff ... so lots of churn when i'm coding.

Now today - I decided to see what it's like installing RavenDb on a new VM on Azure and seeing if I could get my app to talk to this. 

---

1. Downloaded zip and unzipped - no probs.

2. Looked in the root directory and noticed 4 files. Which one do I use? There's no readme. No install.txt or whatever. 

  :: Setup-service vs Startup.

  :: cmd vs ps1 (command vs powershell).

3. Lets reference the ravendb website? goto ravendb.net -> learn -> bootcamp -> Open -> 500 error.

    Ok. not a good start.

    Lets roll some dice and pray/hope...

4. double click setup-service.cmd .. I guess I want a background service to run, like my v3.5 ravendb which i have in production on a VM.

5. Ok -> it's now asking me for a service name ... er... what the hell? what does this mean? Ok - lets kill this app. (clicks the 'X' button to close the window).

6. Open up the setup-service.cmd in notepad and I can sorta read some stuff. It looks like it will ask for

   :: a service name ??? why?

   :: a port? oh lordy-lord. I now need to know low level stuff about ravendb and tcp or http ports? This is becoming a serious barrier to entry :(

7. Lets see if there's any info again in the website about ports...

8. back to ravendb.net -> learn -> documentation -> getting started.

9. Ah ... interesting .. there's a SETUP WIZARD .. which means i need to run start.cmd.

10. click start.cmd

11. OK ... a wizard .. nice.. and i have 3 options. kewl. nicely explained. I've heard of the Lets Encrypt and it's great but always sounds like a serious pain the butt to maintain, so nervously, lets go that route. Remember, I need to lock this server down cause it will be (potentially) on a public IP until this Azure-VM is a private IP only (and I can VPN into this VNet)

12. Get a community lic ... all sweet! get email .. all good. paste lic into the textarea ... click next ... wait 30 odd secs ... boom. nothing. 

13. Rinse -> repeat a few times with clicking the NEXT button ... this time, lets have CHROME INSPECTOR open to see what's going on ... ok. so there's an error on /setup/user-domains url. awesome :(

14. Go back -> install without a cert so there's no security. I hope i can upgrade to a secure version later.........

15. And .. we're in .... but ... i don't think the server is running as a windows-service still :( :(

So that's been my experience today. Not hating or trolling, just trying to give some feedback into what a simple, blond potential customer would do, if they did this _today_ with the latest RC.

More notes:

- VM is Server 2016 datacentre. Just created it an hour or so before this.

- VM is in a subnet

- VM has a public IP

- VM can hit the internets. I downloaded chrome on it, then downloaded ravendb via chrome. Also did some windows updates in it.

- I don't have any hardcore firewalls or other stuff setup. I don't _think_ i ended up making any specific port blocking etc ... but knowing Azure, maybe they have most things blocked?

Regardless - if I fell into this trap - I'm guessing others might too.

SUGGESTIONS:

- Don't have 4 files IN THE ROOT DIRECTORY of raven-server. Would be _really_ nice if there was just ONE file. and the other ones in a separate child/sub directory. Or a single exe (even though I generally hate those cause it's not so nice with automation etc)

- More information during the installation process. Like the old days, we got asked if we wanted to make a windows service or not. I _really_ liked that option. That said to me, do you want this to run 24/7 or manually, on demand.

- Please don't let me think about service names. At least provide a default option or allow some way for advanced people to easily specify their own name.

- Please don't let me think about ports. Urgh. I need to KNOW what ports are used cause of firewalls and stuff - but again stick with defaults and advanced options for people to choose their own. But i freaked out here cause I didn't know what port i should be setting (sure, u can choose whatever u like ... just don't conflict with an existing app that's using an existing port) ... because i didn't know what the ports were to be used for, etc. I was always happy with the 8080 port for ravendb so i'm not sure if this was a port for that or something else, etc. I got freaked out :(

- Not sure what to suggest with the setup error where it failed to .. setup up a locked down version of ravendb :( I do know that the error message dissapeared after 5 seconds or something. I missed that the first 4 times i clicked 'next' cause you know .. waiting around for 30 seconds is boring and i kept alt-tabbing to other things, then coming back. I was lucky to actually SEE that error popup .. show itself, once.

- I really liked the setup wizard which gave me the three options. L.E, my own cert, no cert. I liked how it explained all the differences and how I felt it was really easy to grab a lic, copy it from my email and off i went. Sure, that could be automated but I get that u need to confirm the email addy so I'm happy with that. Nice :) (just wish it worked, for me :P )

Hope this helps :)

(Now ... I still need to figure out how to get this to run as a service ..)

-me-

[Oren Eini (Ayende Rahien)]

First, thanks a lot for this feedback, it is really valuable for us.

More inline

1. Downloaded zip and unzipped - no probs.

2. Looked in the root directory and noticed 4 files. Which one do I use? There's no readme. No install.txt or whatever. 

  :: Setup-service vs Startup.

  :: cmd vs ps1 (command vs powershell).

http://issues.hibernatingrhinos.com/issue/RavenDB-10245

3. Lets reference the ravendb website? goto ravendb.net -> learn -> bootcamp -> Open -> 500 error.

    Ok. not a good start.

Thanks, fixing this.

 

    Lets roll some dice and pray/hope... 

4. double click setup-service.cmd .. I guess I want a background service to run, like my v3.5 ravendb which i have in production on a VM.

5. Ok -> it's now asking me for a service name ... er... what the hell? what does this mean? Ok - lets kill this app. (clicks the 'X' button to close the window).

6. Open up the setup-service.cmd in notepad and I can sorta read some stuff. It looks like it will ask for

   :: a service name ??? why?

   :: a port? oh lordy-lord. I now need to know low level stuff about ravendb and tcp or http ports? This is becoming a serious barrier to entry :(

You need a port because you need to know where to point the browser. That said, we can probably do some better defaults there. 

 

7. Lets see if there's any info again in the website about ports...

8. back to ravendb.net -> learn -> documentation -> getting started.

9. Ah ... interesting .. there's a SETUP WIZARD .. which means i need to run start.cmd.

10. click start.cmd

11. OK ... a wizard .. nice.. and i have 3 options. kewl. nicely explained. I've heard of the Lets Encrypt and it's great but always sounds like a serious pain the butt to maintain, so nervously, lets go that route. Remember, I need to lock this server down cause it will be (potentially) on a public IP until this Azure-VM is a private IP only (and I can VPN into this VNet)

12. Get a community lic ... all sweet! get email .. all good. paste lic into the textarea ... click next ... wait 30 odd secs ... boom. nothing. 

13. Rinse -> repeat a few times with clicking the NEXT button ... this time, lets have CHROME INSPECTOR open to see what's going on ... ok. so there's an error on /setup/user-domains url. awesome :(

Fixing this. 

 

14. Go back -> install without a cert so there's no security. I hope i can upgrade to a secure version later.........

Yes, that can be done.

 

15. And .. we're in .... but ... i don't think the server is running as a windows-service still :( :(

So that's been my experience today. Not hating or trolling, just trying to give some feedback into what a simple, blond potential customer would do, if they did this _today_ with the latest RC.

More notes:

- VM is Server 2016 datacentre. Just created it an hour or so before this.

- VM is in a subnet

- VM has a public IP

That is actually NOT required for the setup, see: https://www.youtube.com/watch?v=K-2iZ_lJVag&t=26s

 

- VM can hit the internets. I downloaded chrome on it, then downloaded ravendb via chrome. Also did some windows updates in it.

- I don't have any hardcore firewalls or other stuff setup. I don't _think_ i ended up making any specific port blocking etc ... but knowing Azure, maybe they have most things blocked?

Regardless - if I fell into this trap - I'm guessing others might too.

SUGGESTIONS:

- Don't have 4 files IN THE ROOT DIRECTORY of raven-server. Would be _really_ nice if there was just ONE file. and the other ones in a separate child/sub directory. Or a single exe (even though I generally hate those cause it's not so nice with automation etc)

Yes, see the issue

 

- More information during the installation process. Like the old days, we got asked if we wanted to make a windows service or not. I _really_ liked that option. That said to me, do you want this to run 24/7 or manually, on demand.

http://issues.hibernatingrhinos.com/issue/RavenDB-10246

 

- Please don't let me think about service names. At least provide a default option or allow some way for advanced people to easily specify their own name.

- Please don't let me think about ports. Urgh. I need to KNOW what ports are used cause of firewalls and stuff - but again stick with defaults and advanced options for people to choose their own. But i freaked out here cause I didn't know what port i should be setting (sure, u can choose whatever u like ... just don't conflict with an existing app that's using an existing port) ... because i didn't know what the ports were to be used for, etc. I was always happy with the 8080 port for ravendb so i'm not sure if this was a port for that or something else, etc. I got freaked out :(

We'll add a default here, yes. 

- I really liked the setup wizard which gave me the three options. L.E, my own cert, no cert. I liked how it explained all the differences and how I felt it was really easy to grab a lic, copy it from my email and off i went. Sure, that could be automated but I get that u need to confirm the email addy so I'm happy with that. Nice :) (just wish it worked, for me :P )

We need to do the validation because you are getting your own domain and certificate, so we need to validate only you can get them

[Justin A]

Thanks again HR for listening :) Wasn't sure if it was going to be worth posting that feedback, but I'm glad it is ... I've sub'd to those YT issues to follow them :) :)

Some more updates on my side, after I posted that (and went to a holiday yum cha lunch) ... I kept plugging away with it afterwards.

1. The docs do mention something about installing it as a service! I so ran that command line and it did install it, but failed to start. it's on auto startup but just can't start. starts, then stops asap. Event logs aren't very helpful either :(

2. I'm just running it manually right now. It's not a serious production product, just R&D (with me manually stopping the VM to reduce costs)

3. When I tried to create a database in the Studio GUI, It failed with some error about missing C++ redistributable or something. Had a link to MS. i dl'd one of the versions, installed it ... same error. Shutdown then started up RavenDb and then I could create the DB manually again - yes, i'm back!

4. I punched a hole in the (stock standard) OS firewall for port 8080. (something i expect to be a manual step, which I'm happy for)

5. I had to change the serverUrl to 0.0.0.0 to accept traffic from outside of the VM. not sure if this is good/bad, etc. Of course, my applications will all be outside of the VM so i'm assuming this will be the common practice here? Later on, I hope to nuke the public IP of the VM so only apps in the VNET can access this VM. If i want to RD, I'll need to VPN to the VNET.

Also - love that YouTube vid on securing RavenDb - very nice! Would have loved to see that very last step => getting some client code (e.g. a website) that uses those client certs, so it could start communicating with the secure ravendb server. More reading and R&D'ing for me! :) :)

[Oren Eini (Ayende Rahien)]

1) The error there should go to the error log. Are you trying to run this at the same time as the process?

4  & 5) This means that you have this on the public internet with no security whatsoever. That is a Bad Idea, and I assume you are aware of that and not putting anything there.

Hibernating Rhinos Ltd  

Oren Eini l CEO l Mobile: + 972-52-548-6969

Office: +972-4-622-7811 l Fax: +972-153-4-622-7811

 

--
You received this message because you are subscribed to the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Oren Eini (Ayende Rahien)]

I'll probably do an update video in a week or so

Hibernating Rhinos Ltd  

Oren Eini l CEO l Mobile: + 972-52-548-6969

Office: +972-4-622-7811 l Fax: +972-153-4-622-7811

 

On Sun, Jan 21, 2018 at 3:18 PM, Justin A <jus...@adler.com.au> wrote:

--

[Justin A]

Inline.

On Sunday, 21 January 2018 23:52:55 UTC+10, Oren Eini wrote:

1) The error there should go to the error log. Are you trying to run this at the same time as the process?

nope - as in .. there was no other instance of RavenDb running (as far as i know). I later just manually ran the server and using start.cmd and it popped up.

 

4  & 5) This means that you have this on the public internet with no security whatsoever. That is a Bad Idea, and I assume you are aware of that and not putting anything there.

yeah - totally get that and i'm happy with that. Safe by default, until I _manually_ turn things off at my own risk. This is just an R&D app, with the VM off 99% of the time. I would prefer the L.E. certs to be in place, but it didn't work for me :( 

Not really sure what to do right now to try and get it to work again. I might try re-starting the wizard again. Maybe it was related to not having the c++ redist installed?

I'll give that another crack when I wake up. No i know why I couldn't find any place to create an API key .. cause they don't exist any more :P just these certs, now, it seems. 

[Dejan Miličić]

I tried new setup script setup-as-service.ps1 but I kept gettting

\setup-as-service.ps1 is not digitally signed. You cannot run this script on the current
system. For more information about running scripts and setting execution policy, see about_Execution_Policies at

I found solution on bypassing this here http://tritoneco.com/2014/02/21/fix-for-powershell-script-not-digitally-signed/

Maybe it would be good idea to add this to documentation since some of my clients already had problems with this.

[Justin A]

@dejan - yeah ... i had changed my PS settings ages ago for something else ... which was why I didn't get that warning message showing to me. 

good pickup!

[Dejan Miličić]

After successfully installing service, it is not started automatically.

When I try to start it, I am getting "access denied" 

[Oren Eini (Ayende Rahien)]

Anything in the logs?

[Dejan Miličić]

Ravem log files are completely empty

Anything in the logs?

To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+u...@googlegroups.com.

[Dejan Miličić]

Windows event logs shows error

===========

The RavenDB service failed to start due to the following error: 

Access is denied.

===========

============

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

- <System>

  <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />

  <EventID Qualifiers="49152">7000</EventID>

  <Version>0</Version>

  <Level>2</Level>

  <Task>0</Task>

  <Opcode>0</Opcode>

  <Keywords>0x8080000000000000</Keywords>

  <TimeCreated SystemTime="2018-02-06T23:23:25.272394100Z" />

  <EventRecordID>26147</EventRecordID>

  <Correlation />

  <Execution ProcessID="952" ThreadID="15420" />

  <Channel>System</Channel>

  <Computer>DESKTOP-QTPI7HQ</Computer>

  <Security />

  </System>

- <EventData>

  <Data Name="param1">RavenDB</Data>

  <Data Name="param2">%%5</Data>

  <Binary>52006100760065006E00440042000000</Binary>

  </EventData>

  </Event>

============

[Oren Eini (Ayende Rahien)]

Can you try running as a command line?

Hibernating Rhinos Ltd  

Oren Eini l CEO l Mobile: + 972-52-548-6969

Office: +972-4-622-7811 l Fax: +972-153-4-622-7811

 

To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+unsubscribe@googlegroups.com.

[Dejan Miličić]

That works without a problem and that is how I ran it so far. Yesterday I tried to install on a staging server and ran into problem

--
You received this message because you are subscribed to a topic in the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ravendb/74CL53lhv1M/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ravendb+unsubscribe@googlegroups.com.

[Oren Eini (Ayende Rahien)]

Silly question, but the user that you are running the service as has permission for the network / files, right?

[Dejan Miličić]

I did not check that.

What would be recommended user of predefined ones?

[Oren Eini (Ayende Rahien)]

The NETWORK SERVICE should do it.

[Dejan Miličić]

"Log on as" set to Network Service

Same error

[Oren Eini (Ayende Rahien)]

There should be _something_ that said _what_ is denied.

[Dejan Miličić]

"Windows could not start the RavenDB service on Local Computer"

"Error 5: Access is denied"

[Oren Eini (Ayende Rahien)]

Few questions:

a) the service user has permissions to the exec?

b) you are running the proper bitness?

[Dejan Miličić]

a) how to precisely check that? What executable files are run by the ravendb service?

b) 64 bit nightly downloaded, 64-bit windows 10

[Oren Eini (Ayende Rahien)]

Look at the command line in the service in the services.msc

[Dejan Miličić]

Will do

One more question: if I want to try some other version, how do I uninstall service? Or is it needed at all, maybe I just can let newer version override already installed service?

[Oren Eini (Ayende Rahien)]

You can override the existing service, just make sure to replace _ALL_ the binaries.

[Dejan Miličić]

Added execution permissions to Network Service for Raven.Server.Exe

Now I am getting new error

Error 1053: The service did not respond to the start or control request in a timely fashion

I must say this error appears less than a second after I try to manually start Ravendb service

P.S. Are we getting RTM tomorrow?

[Oren Eini (Ayende Rahien)]

We got RTM yesterday :-)

I suggest we setup a conf call to go over this directly with someone from our team

[Dejan Miličić]

That would be awesome

My email is dejan....@gmail.com

[Dejan Miličić]

No need for it, I magaed to get it working

Last missing step was to assign access rights to the folder where Raven resides.

So, to sum it up

1. Bypass Powershell restriction

2. Make sure Network Service is user Windows Service runs under

2. Assign exec permissions to Raven.Server.exe for user Network Service

3. Assign folder acess rights to user Network Service

Thanx for your support

[Oren Eini (Ayende Rahien)]

Okay, that is great! 

[Justin A]

Hi HR Team - got some more feedback from trying to install RTM version 4.

Had some wins and losses. I'm trying to list down the repo steps (from memory) to help make the onboarding experience, better :)

---- This is not a troll/hate reply .... quite the opposite, actually! Just trying to help ... ----

# Start

- Download == worked fine. (NOTE: this zip is sitting in my DOWNLOADS folder, btw....)

- Unzip == fine. (NOTE: unzipped in the DOWNLOADS folder ...)

# First impression (so far) 

- Small number of files in the root dir. TICK! 

- Readme. TICK

- Instructions are pretty simple. run 1 of the 2 different ps files!

# Memory fails me.

- I'm not sure when I had to change the script execution permissions ... but I had to .. somewhere in the middle of all this.

# First Explosion

- Run the setup-as-a-service.ps1

- PS Window opened. Setup a secure server? I think i clicked 'y' for yes ... the window quickly closed.

- Manually open a PS window. (note, not as admin...)

- re-run. click y ... exception.

- Figure out I need to run this as admin. Open new PS window as Admin. run ps1. click y .. Tries to remove old RC-service RavenDb4 (i don't think that worked). tried to add new service RavenDb. (worked i think), failed to start.

- Spent a fair amount of wasted time realising the following:

  * Folder is under DOCUMENTS folder. :(  Copy this to _anywhere else_ (eg. C:/RavenDb/RavenDB-4.0.0-windows-x64)

- Rerun .. and yay! I think it's now installed and running! Browser opens and we begin...

# Setup pains...

- Agree to EULA

- Click on LETS ENCRYPT

- FAIL: Access IO error at some point. Can't remember which step.

- Modify permissions on folder C:/RavenDb to be LOCAL SERVICE. (NOTE: Dejan did it on NETWORK SERVICE, which didn't work when I did that) I ticked read * execute, read, write .. to all

# Choose domain.

- What is the reason for this step? Would love some reasoning about why this is important. What does it do? Can we change the domain later? Does the domain have to be unique?

- Why is there a drop down option in this step?

So this step was a bit confusing. REMEMBER, I've never heard of LETS ENCRYPT (ok, i lie. i have) but i know nothing about it and how to use it (basically, true).

# Node Addresses

- This step was the most confusing for me. I had no idea what I was _really_ doing here and WHY.

- I need some on-screen tips and help to explain the following:

  * What IP Address/Hostnames I should put in each node.

  * Can I change the values later?

These can best be answered by suggesting some SETUP ARCHITECTURE SCENARIO's.

e.g.

Scenario 1: VM on Azure in it's own VNET. Website/Other services are also in the same VNET. Single Node.

 - What Ip's to set?

 - Do we need to set the external IP?

Scenario 2: VM on Azure in it's own VNET. Other websites _outside_ of the VNET need to access RavenDb.

- Again, what ip's?

- I'm now assuming we need to set some external IP's?

- what about firewalls, etc?

# Final step

- This ended up failing for me. So I couldn't continue. :(

- It created the dns settings etc... and was waiting and did get the result .. but then failed with an exception. (i'll try later on again to see if I can get a screen shot .. i forgot to :(  )

So they are a few steps similar to what Dejan has said/done above .. but also some minor differences.

### Suggestions

- Readme should include some steps/notes about

 a) moving the folder out of "Documents" (yes i know it's dumb, but I was so excited to start running it ... other people might fall into this problem as well).

 b) bypass PS restriction

 c) folder permissions

 d) re-instating PS restriction when complete.

- More on-screen help/links/tips about the steps during Lets Encrypt.

- Tips to say whether this can later on be changed in some admin-setting, if in case we screw up (right now).

So yeah - hope this helps.

(I'll try again to see if i can get in installed).

-me-

[Justin A]

Just me again, talking to myself.

So - after work, I came back to this and thought I might keep trying. 

This time, I gambled and thought "lets see if there's any Docs on installing ravendb..."

Well blow me down with a feather! There are .. and .. THEY ARE GOOD :)

ref: https://ravendb.net/docs/article-page/4.0/csharp/start/installation/setup-wizard

They basically went through each step and answered many of my questions, from the previous post!

Awesome!

So i think what would be _really good_ would be to have some hyper links in the setup-wizard that open up a new tab to the RavenDb DOCS on the setup wizard :)

I _really like_ the scenarios listed in the setup-wizard also! So nice.

Finally, I found that I still have some problems which I think can be solved by adding some screen shots to the docs. For an Azure VM:

- I had to goto VM -> Networking -> Add inbound port rule -> 443.

- RD'd into the VM -> Advanced Firewalls -> Add new rule -> TCP/HTTPS.

- The c:\ravendb folder needs to have _modify_ permissions because the LETS ENCRYPT step wanted to modify settings.json or something... 

So yay! it's now ... working?

I restarted the server and it's trying to goto a.<snip>.ravendb.community but showing me some error:

Authentication error occurred

There were problems authenticating the request:

This server requires client certificate for authentication, but none was provided by the client.

So i'll try and see why this is erroring. Guess: the cert didn't install? yes, i'm sure i had that box ticked...

anyways! nearly there and as always, I hope this feedback helps.

[Judah Gabriel Himango]

Justin,

I've done the same steps as you on 4 Azure VMs now, so I've got it down pat. :-)

Your last step: restart your browser. Like, close all instances, and open it again, then go to https://[your domain name here].ravendb.community. I found Firefox requires this, and Chrome sometimes required.

Now for the cool part: Raven Studio is now available to every computer you install that certificate on. I really like this; previously I was keeping my dev server behind firewalls for security. Now I can expose my Raven instances securely and simply require HTTPS security with PFX cert. (Any browser can reach the Studio, but can only access it if it has the .pfx file installed on it.)

If it helps folks, here's my c:\raven\settings.json file:

{
    "ServerUrl":  "https://10.0.0.5:443", [Note: this should be your local IP address]
    "Setup.Mode":  "LetsEncrypt",
    "DataDir":  "RavenData",
    "License.Eula.Accepted":  true,
    "Security.Certificate.LetsEncrypt.Email":  "yo...@email.com",
    "Security.Certificate.Path":  "cluster.server.certificate.MYSERVERNAME.pfx", [Note: this file should already exist in c:\raven\server]
    "ServerUrl.Tcp":  "tcp://10.0.0.5:38888", [Note: this should be your local IP address]
    "ExternalIp":  "52.237.200.200", [Note: Your Azure VM's external IP address.]
    "PublicServerUrl":  "https://a.MYSERVERNAME.ravendb.community:443", [Note: I'm using 443 as the public server port. I opened this port in 2 places. 1: Azure Portal -> My VM -> Endpoints. 2: inside my VM -> Windows Firewall]
    "PublicServerUrl.Tcp":  "tcp://a.bitshuvadb.ravendb.community:60593" [Note: I'm using 60593 as the public TCP port. I opened this port in 2 places. 1: Azure Portal -> My VM -> Endpoints. 2: inside my VM -> Windows Firewall]
}


-Judah

[Judah Gabriel Himango]

p.s. this knowledge may be too specialized to put in the official docs, but I think it's too important to be buried across this thread. I think I may write a blog post showing step-by-step for setting up Raven on an Azure virtual machine.

-Judah

[Justin A]

Hi Judah! Thanks heaps for jumping into the convo - your comments are really helpful! IMO, some of this stuff should be added to the docs. Sure it might be tooooo technical, but I was just stumbling across some of these issues _during the install step(s)_. So if I struggled or question stuff, then others will too ... and that might be a barrier-to-entry which means people just give up and never come back ... during the install step.

Also - what is your TCP port 60593 for? I didn't open that port in outer and inner firewalls...

-J-

[iftah]

Hi Justin,

Thanks for the feedback.
You are right. Setting up a secured server can be confusing and that's why we wrote the walk-through in the documentation. And yes, we will add a link during the wizard.
We are also working on completing the documentation and I will add some of your issues to the FAQ section:
https://ravendb.net/docs/article-page/4.0/csharp/server/security/common-errors-and-troubleshooting

As Judah suggested, you should also allow the TCP port you chose during setup (default is 38888).

Iftah

[Justin A]

Also, Oren's Youtube video showing these steps was _really_ helpful also. A link to that would be great for other people, too, IMO.

[Oren Eini (Ayende Rahien)]

inline

Hibernating Rhinos Ltd  

Oren Eini l CEO l Mobile: + 972-52-548-6969

Office: +972-4-622-7811 l Fax: +972-153-4-622-7811

 

On Thu, Feb 15, 2018 at 2:53 PM, Justin A <jus...@adler.com.au> wrote:

Hi HR Team - got some more feedback from trying to install RTM version 4.

Had some wins and losses. I'm trying to list down the repo steps (from memory) to help make the onboarding experience, better :)

---- This is not a troll/hate reply .... quite the opposite, actually! Just trying to help ... ----

# Start

- Download == worked fine. (NOTE: this zip is sitting in my DOWNLOADS folder, btw....)

- Unzip == fine. (NOTE: unzipped in the DOWNLOADS folder ...)

# First impression (so far) 

- Small number of files in the root dir. TICK! 

- Readme. TICK

- Instructions are pretty simple. run 1 of the 2 different ps files!

# Memory fails me.

- I'm not sure when I had to change the script execution permissions ... but I had to .. somewhere in the middle of all this.

There isn't much we can do about this, I'm afraid.

The nightly build is now signed, which should help with this, I hope. 

 

# First Explosion

- Run the setup-as-a-service.ps1

- PS Window opened. Setup a secure server? I think i clicked 'y' for yes ... the window quickly closed.

- Manually open a PS window. (note, not as admin...)

- re-run. click y ... exception.

- Figure out I need to run this as admin. Open new PS window as Admin. run ps1. click y .. Tries to remove old RC-service RavenDb4 (i don't think that worked). tried to add new service RavenDb. (worked i think), failed to start.

- Spent a fair amount of wasted time realising the following:

  * Folder is under DOCUMENTS folder. :(  Copy this to _anywhere else_ (eg. C:/RavenDb/RavenDB-4.0.0-windows-x64)

- Rerun .. and yay! I think it's now installed and running! Browser opens and we begin...

this is now handled by the setup script, which set the appropriate permissions on the directory

 

# Setup pains...

- Agree to EULA

- Click on LETS ENCRYPT

- FAIL: Access IO error at some point. Can't remember which step.

- Modify permissions on folder C:/RavenDb to be LOCAL SERVICE. (NOTE: Dejan did it on NETWORK SERVICE, which didn't work when I did that) I ticked read * execute, read, write .. to all

Dejan? 

# Choose domain.

- What is the reason for this step? Would love some reasoning about why this is important. What does it do? Can we change the domain later? Does the domain have to be unique?

 

http://issues.hibernatingrhinos.com/issue/RavenDB-10540

This is so we can generate a valid certificate for you via Let's Encrypt.

The domain is unique, you can create a new domain later.

- Why is there a drop down option in this step?

You might have registered multiple domains in the past, so we remember them based on the license.

 

So this step was a bit confusing. REMEMBER, I've never heard of LETS ENCRYPT (ok, i lie. i have) but i know nothing about it and how to use it (basically, true).

# Node Addresses

- This step was the most confusing for me. I had no idea what I was _really_ doing here and WHY.

- I need some on-screen tips and help to explain the following:

  * What IP Address/Hostnames I should put in each node.

That should already be in the nightlies.

 

  * Can I change the values later?

Yes, via the ravendb.net website, we'll add a link there in a week or two when it is ready. 

 

These can best be answered by suggesting some SETUP ARCHITECTURE SCENARIO's.

e.g.

Scenario 1: VM on Azure in it's own VNET. Website/Other services are also in the same VNET. Single Node.

 - What Ip's to set?

 - Do we need to set the external IP?

Scenario 2: VM on Azure in it's own VNET. Other websites _outside_ of the VNET need to access RavenDb.

- Again, what ip's?

- I'm now assuming we need to set some external IP's?

- what about firewalls, etc?

Really great idea, see: http://issues.hibernatingrhinos.com/issue/RDoc-1144

 

# Final step

- This ended up failing for me. So I couldn't continue. :(

- It created the dns settings etc... and was waiting and did get the result .. but then failed with an exception. (i'll try later on again to see if I can get a screen shot .. i forgot to :(  )

So they are a few steps similar to what Dejan has said/done above .. but also some minor differences.

### Suggestions

- Readme should include some steps/notes about

 a) moving the folder out of "Documents" (yes i know it's dumb, but I was so excited to start running it ... other people might fall into this problem as well).

The problem is that we don't really have a good way to move it _to_. We handle this now by properly setting permissions. 

 

 b) bypass PS restriction

Can't do that without first running the script :-)

 

 c) folder permissions

 d) re-instating PS restriction when complete.

- More on-screen help/links/tips about the steps during Lets Encrypt.

- Tips to say whether this can later on be changed in some admin-setting, if in case we screw up (right now).

So yeah - hope this helps.

(I'll try again to see if i can get in installed).

-me-

--