Postgres Enterprise Manager 10.3.0 release notes v10.3

These Postgres versions can be monitored, or used as PEM backend servers.

The new Profile Management feature allows users to create, manage, and assign profiles with predefined probe and alert configurations to multiple agents and servers, streamlining monitoring setup.

The following new roles have been added:

• query_tool
• schema_diff_tool
• debugger_tool
• erd_tool
• grant_wizard
• backup_tool
• restore_tool
• import_export_data_tool
• search_objects_tool
• maintenance_tool

Implemented a new cryptographic module using SHA256 for encryption of stored passwords, deprecating the old SHA1-based crypto. New installations of PEM 10.3 will use the new module only. Systems that are upgraded to 10.3 will use the new module to encrypt passwords, and the old module to decrypt existing ones. A future release of PEM will provide a mechanism to migrate existing passwords to the new module.

A new alert template, 'EFM Fewer Than N Nodes Active', has been added to monitor the number of active nodes in an EFM cluster. The new alert template is not set to auto-create, so users should create alerts from them as required. The server replication solution must be set to EFM to use this alert.

If you are installing PEM in an environment where SSL certificates are provided externally, you can suppress generation of SSL certificates by PEM using these new options when invoking configure_pem_server.sh. The --skip-db-certificate option has the following effects:

• Prevents the creation of a server certification for Postgres.
• Disables the check for the sslutils extension and the creation of a CA certificate
• and Sets -o check_server_certificate_expiry=false and -o skip_db_certificate=true during local agent registration meaning no client certificates will be generated and the certificate renewal system job will be disabled.

The --skip-web-certificate option prevents the creation of a self-signed web server certificate.

The --use-trusted-ssl-db-certificates option is a convenience flag which is equivalent to both --skip-db-certificate and --no-hba-change.

Tab preservation has been implemented for PEM-related panels, ensuring that your open tabs remain active when navigating or restarting the application.

Event History Tracking has been implemented for the Manage Profile feature to track all profile-related changes for audit purposes.

A new role, pem_manage_profile, has been added for profile management. This role inherits permissions from pem_probe_config and pem_alert_config.

A scheduled job runs hourly to check the server/agent heartbeat against the server_contact_timeout configuration. If unreachable for 48 hours, the object is blacked out; if reachable again, the blackout is undone.

These new alert templates are not set to auto-create, so users should create alerts from them as required. The server replication solution must be set to EFM to use these alerts.

Contextual logging has been added for PEM agent jobs to provide more detailed and relevant information for troubleshooting in worker.log.

The HOST variable used for the PEM DB server host address during PEM installation in web mode has been changed to PEM_HOST to avoid conflicts with existing environment variables.

In previous versions, PEM would create a Postgres user for every registered agent, even if an existing user was specified with --pem-agent-user. This is no longer the case in PEM 10.3. A Postgres user will only be created if it is not specified.

In Performance Diagnostic, the purple selection bar now defaults to full width to ensure the query list is populated immediately, improving usability.

In previous versions, the Barman probes were disabled by default and had to be enabled before any data would be collected from registered by any instances. Since the Barman probes do nothing when there are no Barman instances, and are essential for all Barman functionality, we now enable them by default when PEM is configured.

Resolved an issue where the configure-pem-server.sh script would overwrite the pg_hba.conf file, even when --no-hba-change was specified, due to an overly strict regular expression for checking existing HBA entries.

The PEM Agent requires the libcurl package in order to send SMTP to a mail server. We found that the package-level requirement for libcurl was met by a package libcurl-minimal, frequently found in RHEL 9 builds. However this package does not provide the libraries needed for SMTP, so PEM 10.3 now depends on libcurl-full. When installing PEM 10.3 packages on a system with libcurl-full you must pass the --allow-erasing option to allow dnf to remove libcurl-minimal.

A new PEM configuration flag, --asb-host-name, has been added to explicitly specify the host address for the monitored server's ASB, resolving an issue where multi-host strings were incorrectly used for the ASB host.

Added missing UI validation in Manage Alerts and Probe Configurations, resolving issues such as the lack of warning on the frontend when the alert interval was set to 0 minutes.

The column types for user_name, component, operation, message, and details in the pem.event_history table have been modified from character varying(255) to TEXTto remove string length restrictions, resolving `value too long" errors.

The Barman chart rendering has been updated to be compatible with dynamic changes to the devicePixelRatio, resolving issues where chart candles were not visible at certain browser resolutions.

The log manager component has been updated to correctly support and handle log configurations for EPAS/PG/PGE 18 and above.

Resolved an issue where email notification data was not being saved when the 'Default Email group' was selected for low, high, or medium alert notifications. The backend now correctly defaults to the default email group when no selection is sent.

Rewrite rules have been moved to edb-ssl-pem.conf to ensure these methods return a 403 Forbidden response.

The unregister-agent command has been fixed to correctly accept comma-separated lists of hosts or ports, resolving a previous limitation where it only expected a single integer for pem_port.

The pemworker registration process for servers now correctly includes the Replication Solution and its corresponding options.

Fixed the issue where an inappropriate web server address was displayed at the end of configure_pem_server.sh output when --host was specified with multiple hosts.

Explicitly provided column information when inserting a row into the pem.alert_status table from the pem.process_one_alert() function, resolving an exception (like ERROR: column "state_change_count" is of type integer but expression is of type interval) that occurred after upgrading.