Installing the PEM Server on Linux

When installing a PEM server on a Linux host, you must first install a backing database and create the pem database cluster. The server’s backing database may be installed via an RPM package for Linux. The database must be one of the following versions:

  • EDB Postgres Advanced Server version 9.6 or above

  • PostgreSQL version 9.6 or above

For detailed information about installing an Advanced Server or PostgreSQL database, please see the product documentation at the EnterpriseDB website.

The pg_hba.conf file on the backing database must be configured to use trust authentication for connections. For information about modifying the pg_hba.conf file, see the PostgreSQL core documentation.

If you are using a PostgreSQL database, you must also install the hstore contrib module.

If you are using a firewall, you must allow access to port 8443 on the PEM backing database; use the commands:

firewall-cmd --permanent --zone=public --add-port=8443/tcp

firewall-cmd --reload

Installing the PEM Server on a CentOS or RHEL Host

In addition to the above considerations, the following prerequisites are applicable if you are using a RHEL or CentOS host:

  1. You must install the epel-release package:

yum install epel-release

Note

You may need to enable the [extras] repository definition in the CentOS-Base.repo file (located in /etc/yum.repos.d).

If you are a Red Hat Network user you must also enable the rhel-<x>-server-optional-rpms repository to use EPEL packages, where x specifies the version of RHEL on the host. You can make the repository accessible by enabling the RHEL optional subchannel for RHN-Classic. If you have a certificate-based subscription, then you must also enable rhel-<x>-server-eus-optional-rpms repository to use EPEL packages or please see the Red Hat Subscription Management Guide for the required repository.

  1. You must also enable the rhel-<x>-server-extras-rpms repository, where x specifies the version of the RHEL on the host.

  2. You must also have credentials that allow access to the EnterpriseDB repository. To request credentials, visit:

  3. Create a repository configuration file; assume superuser privileges, and invoke the following command:

yum -y install https://yum.enterprisedb.com/edb-repo-rpms/edb-repo-latest.noarch.rpm

The repository configuration file is named edb.repo. The file resides in /etc/yum.repos.d.

  1. After creating the edb.repo file, use your choice of editor to ensure that the value of the enabled parameter is 1, and replace the username and password placeholders in the baseurl specification with the name and password of a registered EnterpriseDB user.

[edb]
name=EnterpriseDB RPMs $releasever - $basearch
baseurl=https://<username>:<password>@yum.enterprisedb.com/edb/redhat/rhel-$releasever-$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/ENTERPRISEDB-GPG-KEY
  1. Use yum to install the PEM server:

yum install edb-pem

When you install an RPM package that is signed by a source that is not recognized by your system, yum may ask for your permission to import the key to your local server. If prompted, and you are satisfied that the packages come from a trustworthy source, enter y, and press Return to continue.

During the installation, yum may encounter a dependency that it cannot resolve. If it does, it will provide a list of the required dependencies that you must manually resolve.

If you want to install PEM server on a machine that is in isolated network, you must first create PEM repository on that machine. For more information about creating PEM repository on an isolated network, see Creating a PEM repository in an Isolated Network.

Installing the PEM Server on a Debian or Ubuntu Host

To install PEM on a Debian or Ubuntu host, you must have credentials that allow access to the EnterpriseDB repository. To request credentials for the repository, contact EnterpriseDB .

The following steps will walk you through using the EnterpriseDB apt repository to install a Debian package. When using the commands, replace the username and password with the credentials provided by EnterpriseDB.

  1. Go to https://apt.enterprisedb.com/ and log in as root:

    sudo su -

  2. Configure the EnterpriseDB repository:

    sh -c 'echo "deb https://username:password@apt.enterprisedb.com $(lsb_release - cs)-edb/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/edb-$(lsb_release -cs).list'

  3. Add support to your system for secure APT repositories:

    apt-get install apt-transport-https

  4. Add the EBD signing key:

    wget -q -O -https://username:password@apt.enterprisedb.com/edb-deb.gpg.key | apt-key add

  5. Update the repository metadata:

    apt-get update

  6. Use the following command to install the Debian package for the PEM server:

    apt-get install edb-pem

Installing PEM Server on a SLES Host

For detailed information about installing Advanced Server and supporting components on a SLES host, please consult the EDB Postgres Advanced Server Installation Guide,available at:

SLES packages are available from:

Before installing PEM, you must install prerequisite packages. Invoke the following commands, replacing sp_no with the service pack that you are using (i.e. SP4):

SUSEConnect -p sle-module-legacy/12/x86_64

SUSEConnect -p sle-sdk/12/x86_64

zypper addrepo  https://download.opensuse.org/repositories/Apache:Modules/SLE_12_<sp_no>/Apache:Modules.repo

zypper addrepo http://download.opensuse.org/repositories/Cloud:/OpenStack:/Newton:/cisco-apic:/2.3.1/SLE_12_<sp_no>/ pem_opensuse_boost

zypper refresh

zypper install edb-pem

Configuring the PEM Server

Before configuring the PEM server, ensure that the sslutils extension is installed for your backing database.

  • For an Advanced Server backing database, sslutils extension is by default installed along with Advanced Server.

  • If you are using a PostgreSQL backing database, ensure you have access to the PostgreSQL community repository, and use the command:

    yum install sslutils_<x> postgresql<X>-contrib

Where, x is the server version.

The PEM server installer includes a script (configure-pem-server.sh) to help automate the configuration process for RPM installations. The script is installed in the /usr/edb/pem/bin directory. To invoke the script, use the command:

/usr/edb/pem/bin/configure-pem-server.sh

When invoking the script, you can include command line options to specify configuration properties; the script will prompt you for values that you omit on the command line. The accepted options are:

Option

Description

-acp

Defines PEM Agent certificate path. The default is /root/.pem.

-ci

CIDR formatted network address range that agents will connect to the server from, to be added to the server’s pg_hba.conf file. For example, 192.168.1.0/24. The default is 0.0.0.0/0.

-dbi

The directory for the database server installation. For example, /usr/edb/as10 for Advanced Server or /usr/pgsql-10 for PostgreSQL.

-ds

The unit file name of the PEM database server. For Advanced Server, the default file name is edb-as-10; for PostgreSQL, it is postgresql-10.

-ho

The host address of the PEM database server.

-p

The port number of the PEM database server.

-ps

The service name of the pemagent; the default value is pemagent.

-sp

The superuser password of the PEM database server. This value is required.

-su

The superuser name of the PEM database server.

-t

The installation type: Specify 1 if the configuration is for web services and backing database, 2 if you are configuring web services, or 3 if you are configuring the backing database. If you specify 3, please note that the database must reside on the local host.

If you do not provide configuration properties on the command line, you will be prompted for values by the script. When you invoke the script, choose from:

1. Web Services and Database - Select this option if the web server and database both reside on the same host as the PEM server.

2. Web Services - Select this option if the web server resides on a different host than the PEM server.

3. Database - Select this option to configure the PEM backing database for use by the PEM server. Please note that the specified database must reside on the local host.

Note

If the web server and the backing database reside on separate hosts, configure the database server first (option 3), and then web services (option 2). The script will exit if the backing database is not configured before web services.

After selecting a configuration option, the script will proceed to prompt you for configuration properties. When the script completes, it will create the objects required by the PEM server, or perform the configuration steps required.

To view script-related help, use the command:

/usr/edb/pem/bin/configure-pem-server.sh -help

After configuring the PEM server, you can access the PEM web interface in your browser. Navigate to:

https://<ip_address_of_PEM_server>:8443/pem