Prerequisites to install the PEM server on Linux v9

Suggest edits

To install a Postgres Enterprise Manager server on Linux, you may need to perform some preliminary configuration:

  1. Configure authentication on the Postgres server by updating the pg_hba.conf file. The pg_hba.conf file manages connections. Verify that the pg_hba.conf file allows connections from the PEM server, the monitoring PEM agent, and the host of the Apache web server server. Pointers for configuring access:

    • PEM server connects to the PEM backend database as a superuser using password authentication. On Linux platforms, this requires you to add a new superuser that authenticates using a password.

    • To allow the new superuser to connect using password authentication, add a line pg_hba.conf that allows host connections using md5 or scram-sha-256 authentication.

    • If you're using EDB Postgres Advanced Server, see Modifying the pg_hba.conf file.

    • If you're using PostgreSQL, see Client Authentication.

  2. Verify that the sslutils extension and hstore contrib module are installed on your Postgres server.

    • If you're using EDB Postgres Advanced Server, the hstore contrib module is installed by default. You can install the sslutils extension:

      For RHEL/AlmaLinux/Rocky Linux 8:

      dnf install edb-as<x>-server-sslutils

      Where <x> is the EDB Postgres Advanced server version.

      For RHEL/OL/CentOS 7:

      yum install edb-as<x>-server-sslutils

      Where <x> is the EDB Postgres Advanced server version.

      For Debian/Ubuntu:

      apt install edb-as<x>-server-sslutils

      Where <x> is the EDB Postgres Advanced server version.

      For SLES:

      zypper install edb-as<x>-server-sslutils

      Where <x> is the EDB Postgres Advanced server version.

    • If you're using PostgreSQL, make sure you have access to the PostgreSQL community repository (yum, apt), and then install the sslutils extension and the hstore contrib module:

      For RHEL/AlmaLinux/Rocky Linux 8:

      dnf install sslutils_<x> postgresql<x>-contrib

      Where <x> is the Postgres server version.

      For RHEL/OL/CentOS 7:

      yum install sslutils_<x> postgresql<x>-contrib

      Where <x> is the Postgres server version.

      For Debian/Ubuntu:

      apt install postgresql-<x>-sslutils

      Where <x> is the Postgres server version.

      For SLES:

      zypper install sslutils_<x> postgresql<x>-contrib

      Where <x> is the Postgres server version.

    For Debian and Ubuntu users

    The postgres community repository for apt (used by Debian and Ubuntu) does not include sslutils and therefore this must be installed from the EDB repository along with PEM.

    Debian 10 and Ubuntu 20 changed the requirements for accepting certificates.

    • If you want to install the PEM agent on a machine with an old version of sslutils, then you must upgrade sslutils to 1.3. Version 1.3 has a 4096-bit RSA key and sha256 signature algorithm support added to it.
    • If you don't upgrade sslutils to 1.3, then PEM agent might fail to connect to the PEM backend database server, and it might log the error "ca md too weak."

  3. If you're using a firewall, allow access to port 8443 on the Postgres server:

    For RHEL/Rocky Linux/AlmaLinux/OL/CentOS/SLES:

    firewall-cmd --permanent --zone=public --add-port=8443/tcp
     
firewall-cmd --reload

    For Debian/Ubuntu:

    iptables -t filter -A INPUT -p TCP --dport 8443 -j ACCEPT

  4. Make sure the components Postgres Enterprise Manager depends on, such as python3, libboost, openssl (1.0.2k or later), snmp++, and libcurl, are up to date:

    For RHEL/AlmaLinux/Rocky Linux 8:

    dnf upgrade

    For RHEL/OL/CentOS 7:

    yum upgrade

    For Debian/Ubuntu:

    apt-get update

    For SLES:

    zypper update
← Prev

Installing Postgres Enterprise Manager server

Next →

Installing Postgres Enterprise Manager server on x86