Installing the PEM Server on Linux¶
When installing a PEM server on a RHEL, CentOS, SLES, Debian, or Ubuntu host, you must ensure the following:
When using an RPM package to install the PEM server, you must first manually install a backing database and create the database cluster. The server’s backing database must be installed via an RPM package or via BitRock. The database must be one of the following versions:
EDB Postgres Advanced Server version 9.6 or above
PostgreSQL version 9.6 or above
For detailed information about installing an Advanced Server or PostgreSQL database, please see the product documentation.
pg_hba.conffile on the backing database must be configured to use trust authentication for connections. For information about modifying the pg_hba.conf file, visit:
If you are using a PostgreSQL database, you must also install the
hstore contribmodule; for more information, visit:
If you are using a firewall, you must allow access to port
8443; use the commands:
firewall-cmd --permanent --zone=public --add-port=8443/tcp
Additional Prerequisites for RHEL or CentOS HOST¶
In addition to the above listed prerequisites, the following prerequisites are applicable if you are using a RHEL or CentOS host:
You must install the
epel-releasepackage on the host by running any one of the following commands:
yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install epel-release
You may need to enable the
[extras]repository definition in the
CentOS-Base.repofile (located in
If you are a Red Hat Network user you must also enable the
rhel-<x>-server-optional-rpmsrepository to use EPEL packages, where x specifies the version of RHEL on the host. You can make the repository accessible by enabling the
RHEL optional subchannelfor
RHN-Classic. If you have a certificate-based subscription, please see the
Red Hat Subscription Management Guide.
You must also enable the
rhel-<x>-server-extras-rpmsrepository, where x specifies the version of the RHEL on the host.
You must also have credentials that allow access to the EnterpriseDB repository. For information about requesting credentials, visit:
After receiving your repository credentials you can:
Create the repository configuration file.
Modify the file, providing your user name and password.
edb-pemon RHEL or CentOS host.
Creating a Repository Configuration File
To create the repository configuration file, assume superuser privileges, and invoke the following command:
yum -y install https://yum.enterprisedb.com/edb-repo-rpms/edb-repo-latest.noarch.rpm
The repository configuration file is named
edb.repo. The file resides in
Modifying the file, providing your user name and password
After creating the
edb.repo file, use your choice of editor to ensure that the value of the enabled parameter is
1, and replace the
password placeholders in the
baseurl specification with the name and password of a registered EnterpriseDB user.
[edb] name=EnterpriseDB RPMs $releasever - $basearch baseurl=https://<username>:<password>@yum.enterprisedb.com/edb/redhat/rhel-$releasever-$basearch enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/ENTERPRISEDB-GPG-KEY
Installing the PEM Server on a CentOS or RHEL Host¶
You can use yum to install the PEM server:
yum install edb-pem
When you install an RPM package that is signed by a source that is not recognized by your system, yum may ask for your permission to import the key to your local server. If prompted, and you are satisfied that the packages come from a trustworthy source, enter
y, and press
Return to continue.
During the installation, yum may encounter a dependency that it cannot resolve. If it does, it will provide a list of the required dependencies that you must manually resolve.
If you want to install PEM server on a machine that is in isolated network, you must first create PEM repository on that machine. For more information about creating PEM repository on an isolated network, see Creating a PEM repository in an Isolated Network.
Installing the PEM Server on a Debian or Ubuntu Host¶
To install PEM on a Debian or Ubuntu host, you must have credentials that allow access to the EnterpriseDB repository. To request credentials for the repository, contact EnterpriseDB .
The following steps will walk you through using the EnterpriseDB apt repository to install a Debian package. When using the commands, replace the username and password with the credentials provided by EnterpriseDB.
Go to https://apt.enterprisedb.com/ and log in as root:
sudo su -
Configure the EnterpriseDB repository:
sh -c 'echo "deb https://username:firstname.lastname@example.org $(lsb_release - cs)-edb/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/edb-$(lsb_release -cs).list'
Add support to your system for secure APT repositories:
apt-get install apt-transport-https
Add the EBD signing key:
wget -q -O -https://username:email@example.com/edb-deb.gpg.key | apt-key add –
Update the repository metadata:
Use the following command to install the Debian package for the PEM server:
apt-get install edb-pem
Installing PEM Server on a SLES Host¶
For detailed information about installing Advanced Server and supporting components on a SLES host, please consult the EDB Postgres Advanced Server Installation Guide,available at:
- SLES packages are available from:
Before installing PEM, you must install prerequisite packages. Invoke the following commands, replacing sp_no with the service pack that you are using (i.e. SP4):
SUSEConnect -p sle-module-legacy/12/x86_64
SUSEConnect -p sle-sdk/12/x86_64
zypper addrepo https://download.opensuse.org/repositories/Apache:Modules/SLE_12_<sp_no>/Apache:Modules.repo
zypper addrepo http://download.opensuse.org/repositories/Cloud:/OpenStack:/Newton:/cisco-apic:/2.3.1/SLE_12_<sp_no>/ pem_opensuse_boost
zypper install edb-pem
Configuring the PEM Server¶
Before configuring the PEM server, ensure that the
sslutils extension is installed for your backing database.
For an Advanced Server backing database, enable the repository that corresponds to your server version, and use the command:
yum install edb-as<x>-server-sslutils
If you are using a PostgreSQL backing database, ensure you have access to the PostgreSQL community repository, and use the command:
yum install sslutils_<x> postgresql<X>-contrib
Where, x is the server version.
The PEM server installer includes a script (
configure-pem-server.sh) to help automate the configuration process for RPM installations. The script is installed in the
/usr/edb/pem/bin directory. To invoke the script, use the command:
When invoking the script, you can include command line options to specify configuration properties; the script will prompt you for values that you omit on the command line. The accepted options are:
Defines PEM Agent certificate path. The default is
CIDR formatted network address range that agents will connect to the server from, to be added to the server’s
The directory for the database server installation. For example,
The unit file name of the PEM database server. For Advanced Server, the default file name is
The host address of the PEM database server.
The port number of the PEM database server.
The service name of the pemagent; the default value is
The superuser password of the PEM database server. This value is required.
The superuser name of the PEM database server.
The installation type: Specify 1 if the configuration is for web services and backing database, 2 if you are configuring web services, or 3 if you are configuring the backing database. If you specify 3, please note that the database must reside on the local host.
If you do not provide configuration properties on the command line, you will be prompted for values by the script. When you invoke the script, choose from:
1. Web Services and Database- Select this option if the web server and database both reside on the same host as the PEM server.
2. Web Services- Select this option if the web server resides on a different host than the PEM server.
3. Database- Select this option to configure the PEM backing database for use by the PEM server. Please note that the specified database must reside on the local host.
If the web server and the backing database reside on separate hosts, configure the database server first (option 3), and then web services (option 2). The script will exit if the backing database is not configured before web services.
After selecting a configuration option, the script will proceed to prompt you for configuration properties. When the script completes, it will create the objects required by the PEM server, or perform the configuration steps required.
To view script-related help, use the command:
After configuring the PEM server, you can access the PEM web interface in your browser. Navigate to: