Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Setting Up

Installing PostgreSQL Manually

search

Installing PostgreSQL Manually

Installing PostgreSQL Manually

To install PostgreSQL database manually on the same server or on an external server:

  1. Add the hostname/IP of the database server to the CCC server's /etc/hosts file.

  2. Download and install the PostgreSQL RPM.

  3. Initialize the database.

  4. Configure PostgreSQL to use syslog, if desired.

  5. Configure the PostgreSQL listen address.

  6. Configure PostgreSQL to use SSL.

    CCC supports one-way SSL authentication for PostgreSQL database

  7. Configure PostgreSQL to allow CCC to connect to the database.

  8. Create the CCC database and user.

    In case you encounter an error, ensure that you are meeting all the requirements for PostgreSQL installation.

To add the database server to the CCC server hosts file

  1. Open the /etc/hosts file in a text editor.

  2. Add an entry for the database server host. For example, the following entry adds the host postgresql_ server at IP address 123.45.67.8:
    123.45.67.8 postgresql_server

  3. Save and close the file.

Download and Install PostgreSQL

The PostgreSQL RPM is available for download from https://www.postgresql.org/.

Skip steps 1 to 5 mentioned below, in case you wish to install PostgreSQL manually.

As a CCC administrator, you can also install PostgreSQL during server installation. Skip steps 1 to 5 mentioned below, in case you have decided to install PostgreSQL Database during server installation.

As an example, all the following commands use PostgreSQL 14.

To download and install PostgreSQL:

  1. Log in as root to the server you will use to host the CCC PostgreSQL database.

  2. Open a web browser and access the url: http://yum.postgresql.org.

  3. Locate the correct PostgreSQL Yum Repository RPM for your operating system and copy its link location (URL). If you are using RHEL 8, run the dnf -qy module disable postgresql &>/dev/null command.

  4. Enter the following command to install the RPM: yum install <rpm_url>

    If you are a CentOS 7 or RHEL 7 user, download PostgreSQL using the following link:
    https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repolatest.noarch.rpm.

    If you are a RHEL 8 user, download PostgreSQL using the following link:
    https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repolatest.noarch.rpm.

  5. Install the PostgreSQL server.
    yum install postgresql14-server

Initialize the PostgreSQL Database and Start the PostgreSQL Service

You must initialize and start the database server before you can configure it for use with CCC.

  1. Enter the following command to initialize the PostgreSQL database:
    /usr/pgsql-14/bin/postgresql-14-setup initdb

  2. Enter the following command to enable automatic startup of the PostgreSQL database:
    systemctl enable postgresql-14.service

    Instructions for RHEL 8 users
    If you are using RHEL 8, edit the service unit file of PostgreSQL from /usr/lib/systemd/system/postgresql-14.service and make the following entry in the Unit section: After=network-online.target. Then save the file and run the command systemctl daemon-reload.

  3. Enter the following command to start the Postgresql service:
    systemctl start postgresql-14

  4. Open the /var/lib/pgsql/14/data/postgresql.conf file in a text editor and uncomment the following line:
    port = 5432

Configure PostgreSQL to Use Syslog (optional)

You can optionally configure PostgreSQL to send its logs to the syslog service. Using syslog is recommended.

  1. Open the /var/lib/pgsql/14/data/postgresql.conf file in a text editor, and uncomment and configure the following lines in the Error Reporting and Logging section, as indicated:

    log_destination = 'syslog'

    syslog_facility = 'LOCAL0'

    syslog_ident = 'postgres'

  2. Open the /etc/rsyslog.conf file in a text editor, and add the following line: local0.info /var/log/postgres.

  3. Enter the following command to restart the syslog or rsyslog service: systemctl restart rsyslog.service.

  4. Enter the following command to restart the PostgreSQL service: systemctl restart postgresql-14

Configure the PostgreSQL Listen Address

The listen_addresses setting specifies the TCP/IP address(es) of the IP interfaces that the PostgreSQL server listens on for connections from client applications. The listen_addresses setting controls which interfaces attempts to access the database, and should be configured such that connections are accepted only on the interfaces CCC uses to access the PostgreSQL database, to mitigate the risk of repeated malicious connection requests on insecure network interfaces. To configure the PostgreSQL listen address:

  1. Open the /var/lib/pgsql/14/data/postgresql.conf file in a text editor.

  2. Update the listen_addresses = setting in the Connections and Authentication section. If you are using an external database (standalone or HA), use the IP address or host name of the network interface CCC will use to connect to the database. You specify this IP address or host name when you run the CCC configuration script. See Configuring CCC for more information. For example, if the hostname of the PostgreSQL server is ccc_db, set the listen address as follows: listen_addresses ='ccc_db'.

Enable PostgreSQL to Use SSL

CCC uses SSL to connect to the database. You must enable PostgreSQL to use SSL.
To enable PostgreSQL, open the /var/lib/pgsql/14/data/postgresql.conf file in a text editor, and uncomment and configure the ssl = setting in the Connections and Authentication section as follows: ssl=on.

Generate the SSL Key and Certificate

You must configure SSL and generate the SSL key and certificate used to authenticate the SSL connection. You must generate the key and certificate in the /var/lib/pgsql/14/data directory. To generate the SSL key and certificate:

  1. Go to the /var/lib/pgsql/14/data directory:
    cd /var/lib/pgsql/14/data

  2. Enter the following commands to create a self-signed certificate with the correct permissions (644):
    openssl req -new -text -out server.req -nodes

  3. Enter a passphrase, and respond to the prompts for country code, state or province, locality name, organization name, organizational unit, common name, and email address. Optionally enter a challenge password and company name. The key is generated. For the common name (CN), use the IP address or hostname which you configured as the PostgreSQL listen-address. You must also use the same IP address or hostname when you are prompted to enter the database server's hostname or IP address when configuring CCC.

  4. To complete the registration of the SSL key enter the following commands:
    openssl rsa -in privkey.pem -out server.key
    rm -f privkey.pem
    openssl req -x509 -in server.req -text -key server.key -out server.crt
    chmod og-rwx server.key
    chown postgres:postgres server.req
    chown postgres:postgres server.crt
    chown postgres:postgres server.key
    systemctl restart postgresql-14.service

Configuring PostgreSQL to Allow Connections from CCC

To allow CCC to connect to the database, you must configure PostgreSQL to specify the location of the CCC server or HA cluster, the name of the database it is able to connect to (lunadirectordb), and the user name that it uses to connect (lunadirector). To configure PostgreSQL to allow CCC to connect to the database:

  1. Open the /var/lib/pgsql/14/data/pg_hba.conf file in a text editor and add an entry for CCC to the #IPv4 local connections section of the file.

    To ensure that CCC can successfully connect to the database, the entry must be the first line in the #IPv4 local connections section.

  2. Add the following line as the first entry in the section to allow connections from the CCC host: hostssl lunadirectordb lunadirector / md5. For example, if your CCC host name is ccc_server, add the following line as the first entry in the section: hostssl lunadirectordb lunadirector ccc_server md5.

  3. Save and close the file.

  4. Restart the PostgreSQL service: systemctl restart postgresql-14.service.

Creating the CCC Database and User

You must now create the database (lunadirectordb) and the user (lunadirector) that is allowed to access the database. To create the lunadirectordb database and lunadirector user:

  1. Enter the following commands to create the lunadirector user and password, where password is the password the lunadirector user will use to access the database. The password cannot contain a single quote (‘) or backslash () character.

  2. Enter the su - postgres command to become the postgres superuser. The bash shell prompt bash-4.1$ appears on the screen.

  3. Enter the following command to start psql: bash-4.1$ psql. The postgres=# prompt is displayed.

  4. Enter the following command to create the lunadirector user and password:
    postgres=# create user lunadirector encrypted PASSWORD '<password>';
    Postgres returns CREATE ROLE. For example:
    postgres=# create user lunadirector encrypted PASSWORD 'CCCPa$$w0rd'; CREATE ROLE

  5. Enter the following command to create the lunadirectordb database and assign ownership of the database to the lunadirector user:
    postgres=# create database lunadirectordb owner lunadirector;
    Postgres returns CREATE DATABASE.

  6. Press CTRL-D to exit psql.

  7. Enter exit to exit the postgres session.

Remember the password you specified for the lunadirector user. You will need it later when you configure CCC.

Testing Your PostgreSQL Configuration

Installing and configuring PostgeSQL is complex and error prone. Before proceeding, test your PostgreSQL configuration to ensure that it is working correctly. To test your PostgreSQL configuration:

  1. Ensure that you are logged in as root.

  2. Enter the following command to become the postgres superuser:
    su - postgres
    The bash shell prompt (bash-4.1$) is displayed.

  3. Enter the following command to test your PostgreSQL configuration:
    bash-4.1$ psql "sslmode=require host=<hostname> dbname=lunadirectordb user=lunadirector", where is the hostname you configured in the pg_hba.conf file.
    If PostgreSQL is configured properly, you are prompted to enter the password for the lunadirector user. After successfully entering the password, the lunadirectordb=> prompt is displayed. If it is not, proceed to the next step to repair your configuration.

  4. If the lunadirectordb=> prompt is not displayed, PostgreSQL is not configured correctly. Repeat or verify the procedures described in this section.

Viewing the PostgreSQL Server Logs

You can view the PostgreSQL server logs to audit database activity or to troubleshoot configuration issues. The logs are stored in the /var/log/postgres directory on the PostgreSQL server.