Prerequisites to install the PEM server on Linux v8
You can install PEM on a single server, or you can install the web application server and the backend database on two separate servers. You must prepare your servers for PEM installation.
After completing the prerequisites, install and configure PEM. If you're using two servers, install and configure PEM on both servers.
To install a PEM server on Linux, perform this preliminary configuration:
Install a supported Postgres instance for PEM to use as a backend database. You can install this instance on the same server as you will use for the PEM web application or a separate server. You can also use an existing Postgres instance providing it is configured as detailed in steps 2 and 3 below.
Configure authentication on the Postgres backend database by updating the
pg_hba.conf
file.You must make the following changes manually, prior to configuration. (Additional changes are made to this file during configuration.)
To create the relations required for PEM, the PEM configuration script connects to the Postgres backend database as a superuser of your choice using password authentication. This requires you to permit your chosen superuser to authenticate using a password. This user must be able to connect from any location in which you run the configuration script. In practice, this means the server on which the backend database is located and the server on which the PEM web application is to be installed, if they're different.
To allow the chosen superuser to connect using password authentication, add a line to
pg_hba.conf
that allowshost
connections usingmd5
orscram-sha-256
authentication, for example,host all superusername 127.0.0.1/32 scram-sha-256
.
Note
If you're using EDB Postgres Advanced Server, see Modifying the pg_hba.conf file.
If you're using PostgreSQL, see Client Authentication.
Verify that the
sslutils
extension is installed on your Postgres server. If you're using PostgreSQL or EDB Postgres Extended Server on RHEL/AlmaLinux/Rocky Linux or SLES, you also need to install thehstore contrib
module.If you're using EDB Postgres Advanced Server, you can install the
sslutils
extension as follows, where<x>
is the EDB Postgres Advanced server version.For RHEL/AlmaLinux/Rocky Linux 8/9:
For RHEL/OL/CentOS 7:
For Debian/Ubuntu:
For SLES:
If you're using PostgreSQL, you can install the
sslutils
and, if required,hstore
modules as follows, where<x>
is the PostgreSQL version.For RHEL/AlmaLinux/Rocky Linux 8/9:
For RHEL/OL/CentOS 7:
For Debian/Ubuntu:
For SLES:
If you're using EDB Postgres Extended Server, you can install the
sslutils
and, if required,hstore
modules as follows, where<x>
is the EDB Postgres Extended Server version.For RHEL/AlmaLinux/Rocky Linux 8/9:
For RHEL/OL/CentOS 7:
For Debian/Ubuntu:
For SLES:
For Debian and Ubuntu users
Debian 10 and Ubuntu 20 changed the requirements for accepting certificates.
- If you want to install the PEM agent on a machine with an old version of sslutils, then you must upgrade sslutils to 1.3. Version 1.3 has a 4096-bit RSA key and sha256 signature algorithm support added to it.
- If you don't upgrade sslutils to 1.3, then PEM agent might fail to connect to the PEM backend database server, and it might log the error "ca md too weak."
If you're using a firewall, allow access to port 8443 on the server where the PEM web application will be located:
For RHEL/Rocky Linux/AlmaLinux/OL/CentOS/SLES:
For Debian/Ubuntu:
Make sure the components Postgres Enterprise Manager depends on, such as python3, libboost, openssl (1.0.2k or later), snmp++, and libcurl, are up to date on all servers:
For RHEL/AlmaLinux/Rocky Linux 8:
For RHEL/OL/CentOS 7:
For Debian/Ubuntu:
For SLES: