RHCSA Project: Building a Private Cloud Database Using Syncthing, Tailscale & LibreOffice Base
Executive Summary
Juanita owns a small computer repair business in the heart of Atlanta, Georgia. She and her family live in a suburb of Atlanta known as Buckhead. She is studying for her RHCSA exam and she wants to build a private decentralized cloud for her business. The cloud will host a LibreOffice Base database of her customers including each customer's name, phone number, address, and a record of the work done on their computers. She has 3 computers that she uses for her business: Server A is the master computer in the back office of her business. It runs Pop!_OS 24.04 LTS. Desktop A runs Fedora 43 and it's the computer that her cashier uses to check-in and checkout customers. Server B is located at Juanita's Buckhead home, and it also runs Pop!_OS 24.04.
Juanita wants all 3 computers to have a synchronized copy of the LibreOffice Base customer database: the 3 copies will be synchronized using Syncthing. All 3 computers will be part of a decentralized Tailscale network allowing them to connect to each other seamlessly. Since Server B is in a different geographic location than Server A and Desktop A, it's unlikely that a natural disaster will cause a loss of all customer data since it's unlikely that all 3 computers would ever be completely destroyed.
This video and article will walk us through the process that Juanita will go through to build this setup.
Keywords: RHCSA, GNU/Linux, Syncthing, Tailscale, LibreOffice Base, Decentralized Cloud, Pop!_OS, Fedora, Database Synchronization, Disaster Recovery, Private Network, Small Business IT, Self-Hosted, Free Software, open-source
GLOSSARY
├── General Concepts
│ ├── Cloud-Native: Building apps to exploit cloud computing advantages
│ ├── Data Sovereignty: Concept that data is subject to laws of its location
│ ├── Decentralized: Distributed control; no single point of failure
│ └── Self-Hosted: Running services on your own hardware vs third parties
├── Networking & Security
│ ├── CGNAT: Carrier-Grade NAT (Large-scale ISP address translation)
│ ├── ISP: Internet Service Provider
│ ├── Mesh Network: Topology where infrastructure nodes connect directly
│ ├── NAT: Network Address Translation (Remaps IP address spaces)
│ ├── Tailnet: A private network instance created within Tailscale
│ ├── Tailscale: Mesh VPN service based on WireGuard
│ ├── TLS: Transport Layer Security (Cryptographic protocol)
│ ├── VPN: Virtual Private Network (Encrypted connection over internet)
│ └── WireGuard: Modern, high-performance VPN communication protocol
├── Operating Systems (GNU/Linux)
│ ├── Fedora: Upstream RHEL-based distribution (uses dnf)
│ ├── GNU/Linux: OS combining Linux kernel with GNU utilities
│ ├── Kernel: The core interface between hardware and processes
│ ├── LTS: Long Term Support (Software supported for extended period)
│ └── Pop!_OS: Ubuntu-based distribution (uses apt)
├── Software & Database
│ ├── BEP: Block Exchange Protocol (Syncthing data transfer protocol)
│ ├── Firebird: Relational database engine embedded in LibreOffice
│ ├── LibreOffice Base: Free/Open-source desktop RDBMS
│ ├── ODB: OpenDocument Database (File extension for Base)
│ └── Syncthing: Continuous peer-to-peer file synchronization app
└── System Administration
├── apt: Advanced Package Tool (Package manager for Debian/Pop!_OS)
├── CLI: Command Line Interface
├── dnf: Dandified YUM (Package manager for Fedora/RHEL)
├── RHCSA: Red Hat Certified System Administrator (Certification)
├── sudo: "SuperUser DO" (Execute commands with elevated privileges)
└── systemd: Init system used to bootstrap userspace and manage daemons
Section 0: A High-Level Overview of the Problem That Juanita is Trying To Solve
Juanita owns a small computer repair business in Atlanta and she faces a challenge common to many small business owners who value data sovereignty. She needs to maintain a single up-to-date customer database across three distinct computers that are physically separated between her business office and her home in Buckhead. Her infrastructure consists of three machines running the GNU/Linux operating system. Server A is the master computer located in the back office and it runs Pop!_OS 24.04 LTS. Desktop A is the workstation used by her cashier at the front desk and it runs Fedora 43. Finally she has Server B located at her home which also runs Pop!_OS 24.04 LTS to serve as a remote backup.
The core problem is that Juanita needs to manage her customer records using LibreOffice Base but this software does not have built-in cloud synchronization features. She needs a system where a new customer entry made by the cashier on the Fedora desktop is instantly and securely propagated to the back office server and her home server. To achieve this she will build a private decentralized cloud using two specific Free Software/open-source tools. She will use Tailscale to create a secure mesh network that connects all three computers over the internet as if they were on the same Local Area Network. She will then use Syncthing to synchronize the actual database files across this secure network in real time. This architecture ensures that even if a natural disaster were to destroy her business location she would still have a complete copy of her customer data safe on Server B at her home.
Section 1: What is Syncthing, What is Its History, and What Problem Does it Solve?
Syncthing is a Free Software/open-source continuous file synchronization application that synchronizes files between two or more computers. It is written in the Go programming language and implements a unique decentralized architecture that distinguishes it from traditional cloud storage services. Unlike proprietary solutions that store data on a central server owned by a third party Syncthing allows devices to communicate directly with one another using the Block Exchange Protocol. This protocol breaks files into small parts called blocks and transfers them between nodes in a cluster which ensures that data is synchronized efficiently across the network. For an IT professional studying for the RHCSA exam it is important to understand that Syncthing runs as a service on the GNU/Linux operating system and listens on specific ports to maintain a state of consistency between directories on different machines.
The history of Syncthing begins in late 2013 when it was first released by its original creator Jakob Borg. Borg initiated the project with the specific goal of creating a synchronization tool that was open-source trustworthy and decentralized. The first public binary release version 0.2 became available in December 2013 and the project has since evolved through active community development to become a stable and widely adopted solution. It reached its version 1.0 milestone in 2019 which signaled its maturity for production use. Throughout its development history the focus has remained on user privacy and security which is why all communication between Syncthing nodes is authenticated using TLS certificates and no data is ever stored on a server that the user does not own.
The primary problem that Syncthing solves is the lack of data sovereignty and privacy inherent in centralized cloud computing models. In a typical scenario a small business owner like Juanita would have to rely on a service like Dropbox or Google Drive to keep her customer database accessible from multiple locations. This would require her to entrust sensitive customer information to a third party provider and rely on their internet infrastructure for access. Syncthing eliminates this dependency by allowing Juanita to create her own private synchronization cloud. It solves the technical challenge of keeping the LibreOffice Base database files identical on her Pop!_OS and Fedora computers without manual intervention. By using Syncthing Juanita ensures that her data exists only on her own hardware and that updates made by the cashier are immediately and securely propagated to her back office and home servers.
Section 2: What is Tailscale, What is Its History, and What Problem Does it Solve?
Tailscale is a virtual private network service that allows users to create a secure mesh network connecting their devices across the internet. It is built on top of the highly secure and performant WireGuard protocol which encrypts traffic between nodes to ensure privacy and data integrity. Unlike traditional VPN architectures that route all traffic through a central gateway server Tailscale employs a peer-to-peer mesh topology where each device communicates directly with every other device in the network. For a system administrator managing GNU/Linux environments this tool abstracts away the complexities of network configuration by assigning a stable private IP address to each machine that persists regardless of the physical network location. This creates a virtual overlay network that behaves exactly like a local area network even when the devices are separated by vast geographic distances.
The history of Tailscale dates back to its founding in 2019 by a team of engineers including Avery Pennarun who previously worked at Google. The founders recognized the immense potential of the WireGuard protocol but identified that its manual configuration and key management were significant barriers to entry for many users. They developed Tailscale to provide a control plane that handles key exchange and coordination automatically while leaving the data plane entirely within the user's control via WireGuard. Since its public launch the platform has rapidly gained popularity in the Free Software/open-source and DevOps communities for its ability to simplify secure remote access. It has grown from a niche networking tool into a robust enterprise solution that integrates with existing identity providers to manage access controls for complex infrastructures.
The specific problem that Tailscale solves for Juanita is the difficulty of connecting computers that sit behind restrictive firewalls and network address translation or NAT gateways. In a traditional setup connecting Server A in the office to Server B in Buckhead would require Juanita to configure port forwarding on her routers and possibly purchase expensive static IP addresses from her internet service provider. This process opens holes in the firewall that can be exploited by attackers if not managed perfectly. Tailscale solves this by using a technique called NAT traversal to establish direct encrypted connections between the computers without requiring any open ports. This allows Juanita to securely connect her Fedora desktop and Pop!_OS servers into a private network where they can synchronize the LibreOffice Base database as if they were sitting on the same desk.
Section 3: What is LibreOffice Base, What is Its History, and What Problem Does it Solve?
LibreOffice Base is a fully featured desktop database management system designed to meet the needs of a broad range of users from individuals to small businesses. It acts as a bridge to various database engines and includes a native internal engine for creating self-contained databases. It is part of the LibreOffice productivity suite which is the default office suite on most GNU/Linux distributions including the Fedora and Pop!_OS systems Juanita is using. For an RHCSA candidate it is helpful to conceptualize Base not just as an application but as a graphical frontend that allows users to design forms and reports that interact with underlying structured data. It supports standard database formats and provides a user-friendly interface similar to proprietary alternatives like Microsoft Access making it an essential tool for local data management.
The history of LibreOffice Base is deeply intertwined with the history of the open-source movement itself. It originated from the OpenOffice.org project which was previously known as StarOffice before being acquired by Sun Microsystems and later Oracle. In 2010 fearing that the project would become proprietary or be discontinued a group of developers forked the source code to create The Document Foundation and released LibreOffice. Base was included as a core component from the very beginning to ensure the suite offered complete functionality equivalent to commercial office suites. Over the years it has transitioned from using HSQLDB as its default embedded engine to the more modern Firebird engine. This evolution demonstrates the commitment of the Free Software/open-source community to providing robust tools that are not controlled by a single corporate entity.
The specific problem that LibreOffice Base solves for Juanita is the need for a structured and relational way to organize her business data without the cost or complexity of an enterprise database server. While she could use a spreadsheet application like LibreOffice Calc to list her customers spreadsheets are poor tools for managing complex relationships such as linking a specific customer to multiple repair records over time. Base allows Juanita to create tables for customers and repairs and then link them together using keys. It solves the issue of data integrity by enforcing rules on how data is entered. This ensures that every repair record is correctly associated with a valid customer which is critical for accurate billing and service history tracking in her repair business.
Section 4: How Will Juanita Install Tailscale on All 3 Computers and Connect Them in a Private Network?
Juanita begins the process of building her private network by installing the Tailscale daemon on all three of her GNU/Linux computers. For the two machines running Pop!_OS 24.04 she utilizes the convenience script provided by Tailscale which automates the configuration of the apt package manager. She opens a terminal on Server A and Server B and executes the following curl command which fetches the script and pipes it into the shell to ensure the repository is added correctly:
curl -fsSL https://tailscale.com/install.sh | sh
On her Fedora 43 desktop she takes a more manual approach utilizing the dnf package manager. First she adds the official repository:
sudo dnf config-manager --add-repo https://pkgs.tailscale.com/stable/fedora/tailscale.repo
Then she installs the application using:
sudo dnf install tailscale
This demonstrates the flexibility of managing different distributions within the same infrastructure which is a common scenario for an RHCSA candidate to encounter. She ensures the service is enabled and running by checking its status with systemctl to guarantee it starts automatically upon reboot:
sudo systemctl enable --now tailscaled
Once the application is installed on every node Juanita must authenticate each machine to join her specific tailnet. She executes the up command in the terminal of Server A:
sudo tailscale up
This generates a unique authentication link. She copies this link into her web browser and logs in using her preferred identity provider which binds the machine to her private network. She repeats this exact procedure for Desktop A at the front desk and Server B at her home in Buckhead. As each device creates its cryptographic keys and authenticates it is assigned a unique IP address from the Carrier Grade NAT range such as 100.x.y.z which allows it to be addressed statically regardless of its physical location or local network changes.
The final phase of the networking setup involves verifying that the mesh is fully operational and that the nodes can communicate with one another. Juanita sits at her Fedora desktop and uses the ping command to target the Tailscale IP address of Server B:
ping 100.101.102.103
Despite the server being located miles away in a residential home behind a standard ISP router the packets flow seamlessly through the encrypted tunnel. She further inspects the network state by running the status command:
tailscale status
This displays a list of all peers and confirms that direct connections have been established using NAT traversal techniques. This confirms that she has successfully bridged the gap between her business and her home creating a unified virtual local area network for her database to reside upon.
Section 5: How Will Juanita Install LibreOffice Base on All 3 Computers, and How Will She Start to Populate it With Customer Data on Desktop A?
Juanita proceeds to install the database software on her GNU/Linux fleet to ensure that every machine can read and write to the customer records. On her two Pop!_OS servers she opens the terminal and uses the apt package manager to install the specific Base component of the suite. She executes the command sudo apt update followed by:
sudo apt install libreoffice-base
This pulls the necessary binaries and dependencies from the repositories. On her Fedora workstation she utilizes the dnf package manager which is standard for Red Hat based systems. She enters the following command to ensure that the cashier has the graphical frontend required to interact with the database:
sudo dnf install libreoffice-base
This step is critical because while the core LibreOffice suite is often preinstalled the Base component is frequently packaged separately in many GNU/Linux distributions to save space.
Once the software is successfully installed on all nodes Juanita launches LibreOffice Base on Desktop A to create the master database file. She is greeted by the Database Wizard where she selects the option to create a new database using the embedded Firebird engine. This choice allows the data to be stored entirely within a single file ending in the dot odb extension which simplifies the synchronization process she will configure later. She saves this file as repair_business.odb inside a specific directory she creates called BusinessData in her home folder. It is vital for an RHCSA candidate to note that file permissions and ownership must be correct for the user to write to this file so she verifies this using the ls -l command in her terminal.
With the database file created Juanita begins the task of structuring her data by designing the primary table for her customers. She uses the Table Design View to define fields such as CustomerID which she sets as the primary key with auto value enabled to ensure every client has a unique identifier. She adds columns for FirstName LastName PhoneNumber and HomeAddress setting appropriate data types for each text field. After saving the table structure she switches to the datasheet view to manually enter the first record. She inputs her own information as a test case to verify that the data persists correctly after closing and reopening the application. This confirms that the database is ready for production use and is waiting to be replicated across her private cloud.
Section 6: How Will Juanita Install Syncthing on ALL 3 Computers, and How Will She Set Up The Synchronization of the LibreOffice Base database on All 3 Machines?
Juanita moves to the final stage of her infrastructure build by deploying the open-source synchronization engine on all three GNU/Linux systems. On the two Pop!_OS machines she opens the terminal and uses the apt package manager to pull the software from the default repositories by running
sudo apt install syncthing
For her Fedora workstation she utilizes the dnf command
sudo dnf install syncthing
to achieve the same result. A critical step for an RHCSA candidate to observe is the management of systemd services for user-specific applications. Unlike a system-wide daemon like httpd Juanita enables Syncthing to run specifically for her user account to ensure it has the correct permissions to read and write her home directory files. She executes the command
systemctl enable --now syncthing@juanita.service
on every machine which starts the background process and ensures it launches automatically when the system boots.
With the service active Juanita configures the cluster by accessing the Syncthing web interface which listens on port 8384 by default. She opens the web browser on her Fedora desktop and navigates to the dashboard to retrieve her unique Device ID. She then accesses the interfaces of Server A and Server B and adds the Device ID of the desktop to their configurations. She repeats this process to introduce every node to the others ensuring that all three computers have exchanged cryptographic keys and are authorized to communicate. Because she is utilizing the private Tailscale network she configures the device addresses to use the stable Tailscale IPs she established in the previous section rather than relying on dynamic local discovery. This guarantees that synchronization traffic flows securely over the encrypted WireGuard tunnel regardless of where the computers are physically located.
The final step involves defining the shared directory that will house the critical LibreOffice Base database. On Desktop A Juanita creates a new folder within the Syncthing interface pointing it to the BusinessData directory she created earlier containing the repair_business.odb file. She selects the option to share this folder with both Server A and Server B. Moments later she approves the sharing request on the two servers and maps the folder to the identical path in her home directory on those machines. As soon as the configuration is saved Syncthing begins to break the database file into blocks and transmits them across the private network. Within seconds Juanita verifies that the file repair_business.odb has appeared on the hard drives of both Server A and Server B effectively establishing her decentralized private cloud.
Section 7: Conclusions
By following this guide Juanita has successfully transformed three isolated GNU/Linux computers into a resilient and cohesive distributed system. She has combined the relational database capabilities of LibreOffice Base with the secure networking of Tailscale and the real-time synchronization of Syncthing to solve her data management challenges. This setup provides her with a professional grade solution that completely respects her data sovereignty and eliminates the monthly subscription costs associated with proprietary software as a service products. For the RHCSA candidate this project serves as a comprehensive exercise in system administration that goes far beyond simple command memorization by requiring the integration of multiple distinct technologies into a unified workflow.
The skills demonstrated throughout this process are directly applicable to the daily responsibilities of a Red Hat Certified System Administrator. You have practiced managing software across different distributions like Fedora and Pop!_OS utilizing both the dnf and apt package managers to maintain a heterogeneous environment. You have also configured systemd services to manage user-space daemons and established secure encrypted networks without relying on complex hardware firewall configurations. This holistic approach to system design effectively demonstrates the critical thinking and adaptability required to succeed in a modern enterprise IT environment where cloud-native thinking is applied to on-premise hardware.
Finally the architecture Juanita has built offers robust protection against data loss through geographic redundancy. Because the database exists simultaneously in the back office and at her home in Buckhead a disaster at one location will not result in the total loss of her business records. This decentralized model empowers small business owners to take full control of their digital infrastructure using Free Software/open-source tools. You now possess the knowledge to replicate this setup and adapt it to various other use cases ensuring that your critical data remains always available and securely in your own hands.
RHCSA PROJECT: DECENTRALIZED CLOUD DATABASE
├── GLOSSARY
│ ├── General Concepts
│ │ ├── Cloud-Native: Building apps to exploit cloud computing advantages
│ │ ├── Data Sovereignty: Data is subject to laws of its location
│ │ ├── Decentralized: Distributed control; no single point of failure
│ │ └── Self-Hosted: Running services on your own hardware
│ ├── Networking & Security
│ │ ├── CGNAT: Carrier-Grade NAT (Large-scale ISP address translation)
│ │ ├── Mesh Network: Topology where nodes connect directly
│ │ ├── Tailscale: Mesh VPN service based on WireGuard
│ │ ├── TLS: Transport Layer Security (Cryptographic protocol)
│ │ └── WireGuard: Modern, high-performance VPN protocol
│ ├── Operating Systems
│ │ ├── Fedora: Upstream RHEL-based distro (uses dnf)
│ │ ├── GNU/Linux: OS combining Linux kernel with GNU utilities
│ │ └── Pop!_OS: Ubuntu-based distro (uses apt)
│ ├── Software & Database
│ │ ├── BEP: Block Exchange Protocol (Syncthing transfer protocol)
│ │ ├── LibreOffice Base: Free/Open-source desktop RDBMS
│ │ ├── ODB: OpenDocument Database (File extension)
│ │ └── Syncthing: Continuous peer-to-peer file sync app
│ └── System Administration
│ ├── apt: Package manager for Debian/Pop!_OS
│ ├── dnf: Package manager for Fedora/RHEL
│ ├── sudo: Execute commands with elevated privileges
│ └── systemd: Init system to manage user/system daemons
├── IMPLEMENTATION GUIDE
│ ├── Section 0: Problem Overview
│ │ ├── Goal: Sync Customer DB across 3 geo-separated nodes
│ │ ├── Constraints: Data Sovereignty, Disaster Recovery, No 3rd Party
│ │ └── Infrastructure
│ │ ├── Server A (Pop!_OS): Back Office Master
│ │ ├── Desktop A (Fedora): Front Desk Cashier
│ │ └── Server B (Pop!_OS): Remote Home Backup
│ ├── Section 1: Syncthing (The Sync Layer)
│ │ ├── Role: Real-time sync of 'repair_business.odb'
│ │ └── Features: Decentralized, TLS Authenticated, Private
│ ├── Section 2: Tailscale (The Network Layer)
│ │ ├── Role: Create secure virtual LAN over internet
│ │ ├── Method: WireGuard mesh + NAT Traversal
│ │ └── Result: Stable private IPs (100.x.y.z)
│ ├── Section 3: LibreOffice Base (The App Layer)
│ │ ├── Role: Frontend for Customer Data
│ │ └── Engine: Embedded Firebird (Single file storage)
│ ├── Section 4: Install Tailscale (Networking)
│ │ ├── Step 1: Install
│ │ │ ├── Pop!_OS: curl -fsSL https://tailscale.com/install.sh | sh
│ │ │ └── Fedora: dnf config-manager --add-repo ... -> dnf install
│ │ ├── Step 2: Config
│ │ │ ├── Enable: systemctl enable --now tailscaled
│ │ │ └── Auth: tailscale up -> Browser Login
│ │ └── Step 3: Verify
│ │ ├── ping <Peer_IP>
│ │ └── tailscale status
│ ├── Section 5: Install LibreOffice Base (Database)
│ │ ├── Step 1: Install
│ │ │ ├── Pop!_OS: apt install libreoffice-base
│ │ │ └── Fedora: dnf install libreoffice-base
│ │ └── Step 2: Structure
│ │ ├── Create 'BusinessData' directory
│ │ └── Create 'repair_business.odb' (Firebird Engine)
│ ├── Section 6: Install Syncthing (Synchronization)
│ │ ├── Step 1: Install
│ │ │ └── Command: sudo apt install syncthing / sudo dnf install syncthing
│ │ ├── Step 2: Service Management
│ │ │ └── Command: systemctl enable --now syncthing@juanita.service
│ │ └── Step 3: Configuration (Web GUI localhost:8384)
│ │ ├── Link Nodes: Exchange Device IDs
│ │ ├── Network: Force connection via Tailscale IPs
│ │ └── Share: Map 'BusinessData' folder to all nodes
│ └── Section 7: Conclusion
│ ├── Outcome: Private, resilient, self-hosted cloud
│ └── Skills: Heterogeneous OS management, Systemd, Secure Networking