Installing PostgreSQL on an External Server
To install PostgreSQL database on external server:
1.Add the hostname/IP of the database server to the CCC server's /etc/hosts file.
2.Download and install the PostgreSQL RPM.
3.Initialize the database.
4.Configure PostgreSQL to use syslog, if desired.
5.Configure the PostgreSQL listen address.
6.Configure PostgreSQL to use SSL.
7.Configure PostgreSQL to allow CCC to connect to the database.
8.Create the CCC database and user.
To add the external database server to the CCC server hosts file
1.Open the /etc/hosts file in a text editor.
2.Add an entry for the database server host. For example, the following entry adds the host postgresql_server at IP address 123.45.67.8:
123.45.67.8 postgresql_server3.Save and close the file.
Download and Install PostgreSQL
The PostgreSQL RPM is available for download from postgresql.org.
To download and install PostgreSQL
NOTE As a CCC administrator, you can also install PostgreSQL during server installation. Please skip steps (1-5) mentioned below if you have decided to install PostgreSQL Database during server installation.
NOTE As an example, all the following commands use PostgreSQL 10.
1.Log in as root to the server you will use to host the CCC PostgreSQL database.
2.Open a web browser and access the url: http://yum.postgresql.org.
3.Locate the correct PostgreSQL Yum Repository RPM for your operating system and copy its link location (URL). If you are using CentOS 8 or RHEL 8, run the dnf -qy module disable postgresql &> /dev/null command.
4.Enter the following command to install the RPM:
yum install <rpm_url>
If you are a CentOS 7 or RHEL 7 user, download PostgreSQL using the following link: https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm.
If you are a CentOS 8 or RHEL 8 user, download PostgreSQL using the following link: https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm.
5.Install the PostgreSQL server.
yum install postgresql10-server
Initialize the PostgreSQL Database and Start the PostgreSQL Service
You must initialize and start the database server before you can configure it for use with CCC.
1.Enter the following command to initialize the PostgreSQL database:
/usr/pgsql-10/bin/postgresql-10-setup initdb
2.Enter the following command to enable automatic startup of the PostgreSQL database:
systemctl enable postgresql-10.service
Instructions for CentOS 8 and RHEL 8 users:
If you are using CentOS 8 or RHEL 8, edit the service unit file of PostgreSQL from /usr/lib/systemd/system/postgresql-10.service and make the following entry in the [Unit] section:
After=network-online.target
Then save the file and run the following command:
systemctl daemon-reload
3.Enter the following command to start the Postgresql service:
systemctl start postgresql-10
4.Open the /var/lib/pgsql/10/data/postgresql.conf file in a text editor and uncomment the following line:
port = 5432
Configure PostgreSQL to Use Syslog (optional)
You can optionally configure PostgreSQL to send its logs to the syslog service. Using syslog is recommended.
1.Open the /var/lib/pgsql/10/data/postgresql.conf file in a text editor, and uncomment and configure the following lines in the Error Reporting and Logging section as indicated:
•log_destination = 'syslog'
•syslog_facility = 'LOCAL0'
•syslog_ident = 'postgres'
2.Open the /etc/rsyslog.conf file in a text editor, and add the following line:
local0.info /var/log/postgres
3.Enter the following command to restart the syslog or rsyslog service:
systemctl restart rsyslog.service
4.Enter the following command to restart the PostgreSQL service:
systemctl restart postgresql-10
Configure the PostgreSQL Listen Address
The listen_addresses setting specifies the TCP/IP address(es) of the IP interfaces that the PostgreSQL server listens on for connections from client applications. The listen_addresses setting controls which interfaces attempts to access the database, and should be configured such that connections are accepted only on the interfaces CCC uses to access the PostgreSQL database, to mitigate the risk of repeated malicious connection requests on insecure network interfaces. Refer to the PostgreSQL documentation for more information.
To configure the PostgreSQL listen address
1.Open the /var/lib/pgsql/10/data/postgresql.conf file in a text editor, and update the listen_addresses = setting in the Connections and Authentication section as follows:
•If you are using an external database (standalone or HA), use the IP address or host name of the network interface CCC will use to connect to the database. You specify this IP address or host name when you run the CCC configuration script. See Configuring CCC for more information. For example, if the hostname of the PostgreSQL server is ccc_db, set the listen address as follows:
listen_addresses ='ccc_db'
Enable PostgreSQL to Use SSL
CCC uses SSL to connect to the database. You must enable PostgreSQL to use SSL.
To enable PostgreSQL to use SSL
Open the /var/lib/pgsql/10/data/postgresql.conf file in a text editor, and uncomment and configure the ssl = setting in the Connections and Authentication section as follows:
ssl=on
Generate the SSL Key and Certificate
You must configure SSL and generate the SSL key and certificate used to authenticate the SSL connection. You must generate the key and certificate in the
/var/lib/pgsql/10/data directory. To generate the SSL key and certificate:
1.Go to the /var/lib/pgsql/10/data directory:
cd /var/lib/pgsql/10/data
2.Enter the following commands to create a self-signed certificate with the correct permissions (644).
openssl req -new -text -out server.req -nodes
3.Enter a passphrase, and respond to the prompts for country code, state or province, locality name, organization name, organizational unit, common name, and email address. Optionally enter a challenge password and company name. The key is generated. For the common name (CN), use the IP address or hostname which you configured as the PostgreSQL listen-address. You must also use the same IP address or hostname when you are prompted to enter the database server's hostname or IP address when configuring CCC.
4.To complete the registration of the SSL key enter the following commands:
openssl rsa -in privkey.pem -out server.key
rm -f privkey.pem
openssl req -x509 -in server.req -text -key server.key -out server.crt
chmod og-rwx server.key
chown postgres:postgres server.req
chown postgres:postgres server.crt
chown postgres:postgres server.key
systemctl restart postgresql-10.service
Configuring PostgreSQL to Allow Connections from CCC
To allow CCC to connect to the database, you must configure PostgreSQL to specify the location of the CCC server or HA cluster, the name of the database it is able to connect to (lunadirectordb), and the user name that it uses to connect (lunadirector).
To configure PostgreSQL to allow CCC to connect to the database
1.Open the /var/lib/pgsql/10/data/pg_hba.conf file in a text editor and add an entry for CCC to the #IPv4 local connections section of the file.
NOTE To ensure that CCC can successfully connect to the database, the entry must be the first line in the #IPv4 local connections section.
Add the following line as the first entry in the section to allow connections from the CCC host:
hostssl lunadirectordb lunadirector <CCC_hostname_or_IP>/<mask> md5
For example, if your CCC host name is ccc_server, add the following line as the first entry in the section:
hostssl lunadirectordb lunadirector ccc_server md5
2.Save and close the file.
3.Restart the PostgreSQL service.
systemctl restart postgresql-10.service
Creating the CCC Database and User
You must now create the database (lunadirectordb) and the user (lunadirector) that is allowed to access the database.
To create the lunadirectordb database and lunadirector user
1.Enter the following commands to create the lunadirector user and password, where <password> is the password the lunadirector user will use to access the database.
NOTE The password cannot contain a single quote (‘) or backslash (\) character.
2.Enter the following command to become the postgres superuser:
su - postgres
The bash shell prompt (bash-4.1$) is displayed.
3.Enter the following command to start psql:
bash-4.1$ psql
The postgres=# prompt is displayed.
4.Enter the following command to create the lunadirector user and password:
postgres=# create user lunadirector encrypted PASSWORD '<password>';
Postgres returns CREATE ROLE.
For example:
postgres=# create user lunadirector encrypted PASSWORD 'CCCPa$$w0rd';
CREATE ROLE
5.Enter the following command to create the lunadirectordb database and assign ownership of the database to the lunadirector user:
postgres=# create database lunadirectordb owner lunadirector;
Postgres returns CREATE DATABASE.
6.Press CTRL-D to exit psql.
7.Enter exit to exit the postgres session.
NOTE Remember the password you specified for the lunadirector user. You will need it later when you configure CCC.
Testing Your PostgreSQL Configuration
Installing and configuring PostgeSQL is complex and error prone. Before proceeding, test your PostgreSQL configuration to ensure that it is working correctly.
To test your PostgreSQL configuration
1.Ensure that you are logged in as root.
2.Enter the following command to become the postgres superuser:
su - postgres
The bash shell prompt (bash-4.1$) is displayed.
3.Enter the following command to test your PostgreSQL configuration:
bash-4.1$ psql "sslmode=require host=<hostname> dbname=lunadirectordb user=lunadirector"
where <hostname> is the hostname you configured in the pg_hba.conf file in Configuring PostgreSQL to Allow Connections from CCC
If PostgreSQL is configured properly, you are prompted to enter the password for the lunadirector user (see Creating the CCC Database and User). After successfully entering the password, the lunadirectordb=> prompt is displayed. If it is not, proceed to the next step to repair your configuration.
4.If the lunadirectordb=> prompt is not displayed, PostgreSQL is not configured correctly. Repeat or verify the following procedures:
•Generate the SSL Key and Certificate
•Configuring PostgreSQL to Allow Connections from CCC
Viewing the PostgreSQL Server Logs
You can view the PostgreSQL server logs to audit database activity or to troubleshoot configuration issues. The logs are stored in the /var/log/postgres directory on the PostgreSQL server.
