Zakładając, że PEM został zainstalowany już podczas wstępnej instalacji EDB, to w celu uruchomienia tego narzędzia wystarczy uruchomić skrypt konfiguracyjny:
/usr/edb/pem/bin/configure-pem-server.sh
Skrypt grzecznie pyta o wszelkie opcje konfiguracyjne. Na moim testowym serwerze wyglądało to tak:
----------------------------------------------------- EDB Postgres Enterprise Manager ----------------------------------------------------- --> [Info] --> [Info] Found existing PEM configuration file, running in upgrade mode --> [Info] --> [Info] Existing Installion type 1 (Web Services and Database) will be used --> [Info] --> [Info] Existing local database server installation path /usr/edb/as13 will be used --> [Info] --> [Info] Existing database super user name enterprisedb will be used --> [Info] --> [Info] Existing database server port number 5444 will be used Enter database super user password [ ] : --> [Info] --> [Info] Existing CIDR formatted network address range that agents will connect to the server from, to be added to the server's pg_hba.conf file 0.0.0.0/0 will be used --> [Info] --> [Info] Existing database systemd unit file or init script name edb-as-13 will be used --> [Info] --> [Info] Existing agent certificate path /var/lib/edb/.pem/ will be used NOTICE: extension "sslutils" already exists, skipping CREATE EXTENSION --> [Info] --> [Info] Configuring database server. --> [Info] --> [Info] Database pem already exists. --> [Info] --> [Info] Skipping the generating certificates as already present. --> [Info] --> [Info] Executing systemctl stop edb-as-13 --> [Info] --> [Info] Skipping - configurations for /var/lib/edb/as13/data/pg_hba.conf and /var/lib/edb/as13/data/postgresql.conf file --> [Info] --> [Info] Executing systemctl start edb-as-13 --> [Info] --> [Info] Enable pemagent service. --> [Info] --> [Info] Executing systemctl enable pemagent --> [Info] --> [Info] Stop pemagent service --> [Info] --> [Info] Executing systemctl stop pemagent --> [Info] --> [Info] Start pemagent service. --> [Info] --> [Info] Executing systemctl start pemagent --> [Info] --> [Info] Configuring httpd server --> [Info] --> [Info] Executing systemctl stop httpd --> [Info] --> [Info] Taking backup of /usr/edb/pem/web/pem.wsgi --> [Info] --> [Info] Creating /usr/edb/pem/web/pem.wsgi --> [Info] --> [Info] Taking backup of /usr/edb/pem/web/config_local.py. --> [Info] --> [Info] Generating PEM Cookie Name. --> [Info] --> [Info] Creating /usr/edb/pem/web/config_local.py --> [Info] --> [Info] Taking backup of /etc/httpd/conf.d/edb-pem.conf --> [Info] --> [Info] Creating /etc/httpd/conf.d/edb-pem.conf --> [Info] --> [Info] Configuring httpd server sslconf --> [Info] --> [Info] Taking backup of /etc/httpd/conf.d/edb-ssl-pem.conf --> [Info] --> [Info] Taking backup of /etc/httpd/conf.d/edb-ssl-pem.conf --> [Info] --> [Info] Executing /usr/edb/pem/web/setup.py Postgres Enterprise Manager - Application Initialisation ======================================================== --> [Info] --> [Info] Check and Configure SELinux security policy for PEM getenforce found, now executing 'getenforce' command Configure the httpd to work with the SELinux Allow the httpd to connect the database (httpd_can_network_connect_db = on) Allow the httpd to connect the network (httpd_can_network_connect = on) Allow the httpd to work with cgi (httpd_enable_cgi = on) Allow to read & write permission on the 'pem' user home directory SELinux policy is configured for PEM --> [Info] --> [Info] Executing systemctl start httpd --> [Info] --> [Info] Configured the webservice for EDB Postgres Enterprise Manager (PEM) Server on port '8443'. --> [Info] --> [Info] PEM server can be accessed at https://127.0.0.1:8443/pem at your browser
Serwer, na którym wykonywałem instalację nie ma interfejsu graficznego, nie mogłem więc po prostu zweryfikować, czy stona działa w przeglądarce, ale miałem wget-a:
[root@dbserv10 ~]# wget https://127.0.0.1:8443/pem > pem.html 2>&1 [root@dbserv10 ~]# ll total 1872 -rw-r--r--. 1 root root 252292 Jul 30 2019 centos-indexhtml-8.0-0.el8.noarch.rpm -rw-r--r--. 1 root root 1655704 Jul 2 2019 lynx-2.8.9-2.el8.x86_64.rpm -rw-r--r--. 1 root root 286 Jun 20 16:04 pem.html [root@dbserv10 ~]# more pem.html --2021-06-20 16:04:13-- https://127.0.0.1:8443/pem Connecting to 127.0.0.1:8443... connected. ERROR: The certificate of ‘127.0.0.1’ is not trusted. ERROR: The certificate of ‘127.0.0.1’ hasn't got a known issuer. The certificate's owner does not match hostname ‘127.0.0.1’
Ten etap instalacji mi wystarczył, bo w następnym kroku zdefiniowałem tunel przekierowujący port 8443 z mojego komputera na serwer zdalny i PEM się załadował!
Problemy z jakimi się spotkałem:
- domyślnie użytkownik enterprisedb nie miał zdefiniowanego hasła, ale co to za problem…
alter role enterprisedb with password '472FajnychMaili!';
- domyślnie nie można było się zalogować kontem z hasłem do serwera PG, tutaj pomogłamodyfikacja pliku pg_hba.conf
host all all 0.0.0.0/0 md5
Przed uruchomieniem konfiguracji można samodzielnie testować połączenie do Postgresql (domyślnie powinno pojawić się pytanie o hasło, a gdyby go nie było, to można dodać parametr –password):
psql --host 127.0.0.1 --port 5444 edb enterprisedb