Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:server_preparation_tmp [2020/03/10 09:55]
urbanl created 		tutorial:adm:server_preparation_tmp [2020/03/11 13:07]
urbanl [DB server configuration -!CHANGED]
Line 45: Line 45:
 </code> </code>
  
 +-!CHANGED
 When installing to centos8, check and install these packages: When installing to centos8, check and install these packages:
 <code> <code>
 +# check installed packages. It's recommanded to have them installed.
 yum list installed  net-tools nano wget  vim-enhanced bzip2 bash-completion lsof zip unzip psmisc policycoreutils-python-utils yum list installed  net-tools nano wget  vim-enhanced bzip2 bash-completion lsof zip unzip psmisc policycoreutils-python-utils
-yum install -y mc haveged nmap screen sysstat telnet OpenSMTPD+# other recommended packages installation 
 +yum install -y mc haveged nmap screen sysstat telnet
 </code> </code>
  
Line 55: Line 58:
 screen dnsutils sysstat lsof haveged nmap tcpdump traceroute tcptraceroute curl iptables-persistent screen dnsutils sysstat lsof haveged nmap tcpdump traceroute tcptraceroute curl iptables-persistent
 </code> </code>
-===== PostgreSQL =====+===== PostgreSQL -!CHANGED =====
 <note tip>If you are install CzechIdM on Sql server, please follow [[tutorial:adm:mssql_database_support|this tutorial]].</note> <note tip>If you are install CzechIdM on Sql server, please follow [[tutorial:adm:mssql_database_support|this tutorial]].</note>
-CentOS7 default repository version of PostgreSQL is 9.2 but IdM not support that version. In our tutorial, we will install newer version 9.6. Moreover, we install database data into /data not /var/lib which is the default option. +CentOS8 default repository version of PostgreSQL is 10 but IdM not support that version. In our tutorial, we will install newer version 12. Moreover, we install database data into /data not /var/lib which is the default option. 
-==== Database server installation - CentOS7 ==== +==== Database server installation - CentOS8 -!CHANGED ==== 
-  * Software installation (versions can vary):+  * Software installation on CentOS8(versions can vary): 
 <code bash> <code bash>
-yum install -y https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm +# enable module postgres 12 
-yum install -y postgresql96-server postgresql96-contrib pgstat2_96 pg_top96  postgresql96-libs+yum module enable postgresql:12 
 +yum install -y postgresql-server postgresql-contrib postgresql-libs
 </code> </code>
 +
   * create new system directory:   * create new system directory:
-<code> + 
-mkdir -p /data/pgsql/9.6/data/+<code bash
 +mkdir -p /data/pgsql/12/data/ 
 +mkdir -p /data/pgsql/12/data/
 chown -R postgres:postgres /data/pgsql/ chown -R postgres:postgres /data/pgsql/
 chmod 700 /data/pgsql chmod 700 /data/pgsql
 </code> </code>
 +
   * Copy of the configuration file for systemd, in which we will make change of directory for data:   * Copy of the configuration file for systemd, in which we will make change of directory for data:
 +
 <code bash> <code bash>
-cp /usr/lib/systemd/system/postgresql-9.6.service /etc/systemd/system/+cp /usr/lib/systemd/system/postgresql.service /etc/systemd/system/
 </code> </code>
-In the file ''/etc/systemd/system/postgresql-9.6.service'' change the directory for data as follows:+ 
 +In the file ''/etc/systemd/system/postgresql.service'' change the directory for data as follows:
 <code> <code>
 # Location of database directory # Location of database directory
-Environment=PGDATA=/data/pgsql/9.6/data/+Environment=PGDATA=/data/pgsql/12/data/
 </code> </code>
  
Line 83: Line 94:
  
 <code> <code>
-PGDATA=/data/pgsql/9.6/data+PGDATA=/data/pgsql/12/data
 </code> </code>
  
Line 97: Line 108:
  
 <code bash> <code bash>
-/usr/pgsql-9.6/bin/postgresql96-setup initdb+/usr/bin/postgresql-setup --initdb --unit postgresql
 </code> </code>
  
 +Change SELINUX labels: 
 +<code> 
 +chcon -Rt postgresql_db_t pgsql/ 
 +chcon -Rt postgresql_log_t /data/pgsql/12/data/log/ 
 +</code>
  
   * Enable and start database:   * Enable and start database:
  
 <code bash> <code bash>
-systemctl start postgresql-9.6.service +systemctl start postgresql.service 
-systemctl enable postgresql-9.6.service+systemctl enable postgresql.service
 </code> </code>
  
Line 112: Line 127:
  
 <code bash> <code bash>
-[root@tomcat1 system]# systemctl status postgresql-9.6.service -l +[root@HOSTNAME data]# systemctl status postgresql.service -l 
-● postgresql-9.6.service - PostgreSQL 9.6 database server +● postgresql.service - PostgreSQL database server 
-   Loaded: loaded (/etc/systemd/system/postgresql-9.6.service; enabled; vendor preset: disabled) +   Loaded: loaded (/etc/systemd/system/postgresql.service; enabled; vendor preset: disabled) 
-   Active: active (running) since Pá 2016-11-18 23:50:06 CET; 2min 57s ago +   Active: active (running) since Wed 2020-03-11 10:48:06 CET; 1min 8s ago 
- Main PID: 2626 (postmaster) + Main PID: 25715 (postmaster) 
-   CGroup: /system.slice/postgresql-9.6.service +    Tasks: 8 (limit: 52428) 
-           ├─2626 /usr/pgsql-9.6/bin/postmaster -D /data/pgsql/9.6/data/ +   Memory: 19.8M 
-           ├─2628 postgres: logger process                               +   CGroup: /system.slice/postgresql.service 
-           ├─2630 postgres: checkpointer process                         +           ├─25715 /usr/bin/postmaster -D /data/pgsql/12/data/ 
-           ├─2631 postgres: writer process                               +           ├─25716 postgres: logger    
-           ├─2632 postgres: wal writer process                           +           ├─25718 postgres: checkpointer    
-           ├─2633 postgres: autovacuum launcher process                  +           ├─25719 postgres: background writer    
-           2634 postgres: stats collector process                     +           ├─25720 postgres: walwriter    
 +           ├─25721 postgres: autovacuum launcher    
 +           25722 postgres: stats collector    
 +           └─25723 postgres: logical replication launcher   
  
-lis 18 23:50:06 tomcat1.localdomain systemd[1]: Starting PostgreSQL 9.6 database server... +Mar 11 10:48:06 HOSTNAME systemd[1]: Starting PostgreSQL database server... 
-lis 18 23:50:06 tomcat1.localdomain postmaster[2626]: < 2016-11-18 23:50:06.608 CET LOG:  redirecting log output to logging collector process +Mar 11 10:48:06 HOSTNAME postmaster[25715]: 2020-03-11 10:48:06.255 CET [25715] LOG:  starting PostgreSQL 12.1 on x86_64-redhat-linux-gnu, compiled by gcc (G> 
-lis 18 23:50:06 tomcat1.localdomain postmaster[2626]: < 2016-11-18 23:50:06.608 CET HINT:  Future log output will appear in directory "pg_log". +Mar 11 10:48:06 HOSTNAME postmaster[25715]: 2020-03-11 10:48:06.256 CET [25715] LOG:  listening on IPv6 address "::1", port 5432 
-lis 18 23:50:06 tomcat1.localdomain systemd[1]: Started PostgreSQL 9.6 database server.+Mar 11 10:48:06 HOSTNAME postmaster[25715]: 2020-03-11 10:48:06.256 CET [25715] LOG:  listening on IPv4 address "127.0.0.1", port 5432 
 +Mar 11 10:48:06 HOSTNAME postmaster[25715]: 2020-03-11 10:48:06.285 CET [25715] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432" 
 +Mar 11 10:48:06 HOSTNAME postmaster[25715]: 2020-03-11 10:48:06.300 CET [25715] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432" 
 +Mar 11 10:48:06 HOSTNAME postmaster[25715]: 2020-03-11 10:48:06.330 CET [25715] LOG:  redirecting log output to logging collector process 
 +Mar 11 10:48:06 HOSTNAME postmaster[25715]: 2020-03-11 10:48:06.330 CET [25715] HINT:  Future log output will appear in directory "log". 
 +Mar 11 10:48:06 HOSTNAME systemd[1]: Started PostgreSQL database server.
 </code> </code>
  
Line 164: Line 187:
 systemctl enable postgresql systemctl enable postgresql
 </code> </code>
-==== DB server configuration ====+==== DB server configuration -!CHANGED ====
  
 First of all, enable the password authentication. First of all, enable the password authentication.
  
-In the file ''/data/pgsql/9.6/data/pg_hba.conf'' find lines:+In the file ''/data/pgsql/12/data/pg_hba.conf'' find lines:
 <code> <code>
 host    all             all             127.0.0.1/32            ident host    all             all             127.0.0.1/32            ident
Line 181: Line 204:
  
 Now we can do DB sizing. We presume the system has 3GB dedicated for the db. We can also log the queries logging (those over 200ms). **For particular sizing, use a [[https://pgtune.leopard.in.ua/#/|calculator]]**. Now we can do DB sizing. We presume the system has 3GB dedicated for the db. We can also log the queries logging (those over 200ms). **For particular sizing, use a [[https://pgtune.leopard.in.ua/#/|calculator]]**.
-In a file ''/data/pgsql/9.6/data/postgresql.conf'' edit (add those if not exist) lines:+In a file ''/data/pgsql/12/data/postgresql.conf'' edit (add those if not exist) lines:
 <code> <code>
 max_connections = 100 # (change requires restart) max_connections = 100 # (change requires restart)
Line 200: Line 223:
 </code> </code>
  
-Restart DB: ''systemctl restart  postgresql-9.6.service''+Restart DB: ''systemctl restart  postgresql.service''
  
 For Debian installation, edit those configuration files instead: For Debian installation, edit those configuration files instead:
 <code> <code>
-/etc/postgresql/9.6/main/pg_hba.conf +/etc/postgresql/12/main/pg_hba.conf 
-/etc/postgresql/9.6/main/postgresql.conf+/etc/postgresql/12/main/postgresql.conf
 </code> </code>
  
 <note>If you install the database to a different server than the CzechIdM application itself (Tomcat etc.), don't forget to configure PostgreSQL to allow remote SSL connection from that server.</note> <note>If you install the database to a different server than the CzechIdM application itself (Tomcat etc.), don't forget to configure PostgreSQL to allow remote SSL connection from that server.</note>
  
-===== Java - CentOS7 =====+===== Java - CentOS8 -! CHANGED =====
  
-Java must be installed before Tomcat start. It is recommended to use OpenJDK (at least 1.8) from standard OS repository.+Java must be installed before Tomcat start. It is recommended to use OpenJDK (at least 1.11) from standard OS repository.
  
 Installation: Installation:
 <code bash> <code bash>
-yum install -y java-1.8.0-openjdk-headless java-1.8.0-openjdk-devel+yum install -y java-11-openjdk-headless java-11-openjdk-devel
 </code> </code>