Installing the PEM Server on Linux

When installing a PEM server on a RHEL, CentOS, SLES, Debian, or Ubuntu host, you must ensure the following:

  1. When using an RPM package to install the PEM server, you must first manually install a backing database and create the database cluster. The server’s backing database must be installed via an RPM package or via BitRock. The database must be one of the following versions:

  • EDB Postgres Advanced Server version 9.6 or above

  • PostgreSQL version 9.6 or above

For detailed information about installing an Advanced Server or PostgreSQL database, please see the product documentation.

  1. The pg_hba.conf file on the backing database must be configured to use trust authentication for connections. For information about modifying the pg_hba.conf file, visit:

  2. If you are using a PostgreSQL database, you must also install the hstore contrib module; for more information, visit:

  3. If you are using a firewall, you must allow access to port 8443; use the commands:

    firewall-cmd --permanent --zone=public --add-port=8443/tcp

    firewall-cmd --reload

Additional Prerequisites for RHEL or CentOS HOST

In addition to the above listed prerequisites, the following prerequisites are applicable if you are using a RHEL or CentOS host:

  1. You must install the epel-release package on the host by running any one of the following commands:

  • yum -y install

  • yum install epel-release


You may need to enable the [extras] repository definition in the CentOS-Base.repo file (located in /etc/yum.repos.d).

If you are a Red Hat Network user you must also enable the rhel-<x>-server-optional-rpms repository to use EPEL packages, where x specifies the version of RHEL on the host. You can make the repository accessible by enabling the RHEL optional subchannel for RHN-Classic. If you have a certificate-based subscription, please see the Red Hat Subscription Management Guide.

  1. You must also enable the rhel-<x>-server-extras-rpms repository, where x specifies the version of the RHEL on the host.

  2. You must also have credentials that allow access to the EnterpriseDB repository. For information about requesting credentials, visit:

After receiving your repository credentials you can:

  1. Create the repository configuration file.

  2. Modify the file, providing your user name and password.

  3. Install edb-pem on RHEL or CentOS host.

Creating a Repository Configuration File

To create the repository configuration file, assume superuser privileges, and invoke the following command:

yum -y install

The repository configuration file is named edb.repo. The file resides in /etc/yum.repos.d.

Modifying the file, providing your user name and password

After creating the edb.repo file, use your choice of editor to ensure that the value of the enabled parameter is 1, and replace the username and password placeholders in the baseurl specification with the name and password of a registered EnterpriseDB user.

name=EnterpriseDB RPMs $releasever - $basearch

Installing the PEM Server on a CentOS or RHEL Host

You can use yum to install the PEM server:

yum install edb-pem

When you install an RPM package that is signed by a source that is not recognized by your system, yum may ask for your permission to import the key to your local server. If prompted, and you are satisfied that the packages come from a trustworthy source, enter y, and press Return to continue.

During the installation, yum may encounter a dependency that it cannot resolve. If it does, it will provide a list of the required dependencies that you must manually resolve.

If you want to install PEM server on a machine that is in isolated network, you must first create PEM repository on that machine. For more information about creating PEM repository on an isolated network, see Creating a PEM repository in an Isolated Network.

Installing the PEM Server on a Debian or Ubuntu Host

To install PEM on a Debian or Ubuntu host, you must have credentials that allow access to the EnterpriseDB repository. To request credentials for the repository, contact EnterpriseDB .

The following steps will walk you through using the EnterpriseDB apt repository to install a Debian package. When using the commands, replace the username and password with the credentials provided by EnterpriseDB.

  1. Go to and log in as root:

    sudo su -

  2. Configure the EnterpriseDB repository:

    sh -c 'echo "deb $(lsb_release - cs)-edb/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/edb-$(lsb_release -cs).list'

  3. Add support to your system for secure APT repositories:

    apt-get install apt-transport-https

  4. Add the EBD signing key:

    wget -q -O - | apt-key add

  5. Update the repository metadata:

    apt-get update

  6. Use the following command to install the Debian package for the PEM server:

    apt-get install edb-pem

Installing PEM Server on a SLES Host

For detailed information about installing Advanced Server and supporting components on a SLES host, please consult the EDB Postgres Advanced Server Installation Guide,available at:

SLES packages are available from:

Before installing PEM, you must install prerequisite packages. Invoke the following commands, replacing sp_no with the service pack that you are using (i.e. SP4):

SUSEConnect -p sle-module-legacy/12/x86_64

SUSEConnect -p sle-sdk/12/x86_64

zypper addrepo<sp_no>/Apache:Modules.repo

zypper addrepo<sp_no>/ pem_opensuse_boost

zypper refresh

zypper install edb-pem

Configuring the PEM Server

Before configuring the PEM server, ensure that the sslutils extension is installed for your backing database.

  • For an Advanced Server backing database, sslutils extension is by default installed along with Advanced Server.

  • If you are using a PostgreSQL backing database, ensure you have access to the PostgreSQL community repository, and use the command:

    yum install sslutils_<x> postgresql<X>-contrib

Where, x is the server version.

The PEM server installer includes a script ( to help automate the configuration process for RPM installations. The script is installed in the /usr/edb/pem/bin directory. To invoke the script, use the command:


When invoking the script, you can include command line options to specify configuration properties; the script will prompt you for values that you omit on the command line. The accepted options are:




Defines PEM Agent certificate path. The default is /root/.pem.


CIDR formatted network address range that agents will connect to the server from, to be added to the server’s pg_hba.conf file. For example, The default is


The directory for the database server installation. For example, /usr/edb/as10 for Advanced Server or /usr/pgsql-10 for PostgreSQL.


The unit file name of the PEM database server. For Advanced Server, the default file name is edb-as-10; for PostgreSQL, it is postgresql-10.


The host address of the PEM database server.


The port number of the PEM database server.


The service name of the pemagent; the default value is pemagent.


The superuser password of the PEM database server. This value is required.


The superuser name of the PEM database server.


The installation type: Specify 1 if the configuration is for web services and backing database, 2 if you are configuring web services, or 3 if you are configuring the backing database. If you specify 3, please note that the database must reside on the local host.

If you do not provide configuration properties on the command line, you will be prompted for values by the script. When you invoke the script, choose from:

1. Web Services and Database- Select this option if the web server and database both reside on the same host as the PEM server.

2. Web Services- Select this option if the web server resides on a different host than the PEM server.

3. Database- Select this option to configure the PEM backing database for use by the PEM server. Please note that the specified database must reside on the local host.


If the web server and the backing database reside on separate hosts, configure the database server first (option 3), and then web services (option 2). The script will exit if the backing database is not configured before web services.

After selecting a configuration option, the script will proceed to prompt you for configuration properties. When the script completes, it will create the objects required by the PEM server, or perform the configuration steps required.

To view script-related help, use the command:

/usr/edb/pem/bin/ -help

After configuring the PEM server, you can access the PEM web interface in your browser. Navigate to: