Configuring the PEM server on Linux v9

The PEM server package includes a script (configure-pem-server.sh) to help automate the configuration process for Linux platform installations. The script is installed in the /usr/edb/pem/bin directory. To invoke the script, use the command:

/usr/edb/pem/bin/configure-pem-server.sh
Note

If you're using the SSL certificates, then make sure that all the SSL certificates are in the data directory in the backend database server. If the certificates aren't in the data directory, then the PEM server's configure script might fail because it looks into the data directory while configuring the PEM server.

When invoking the script, you can include command line options to specify configuration properties. The script prompts you for values that you omit on the command line. The accepted options are:

OptionDescription
-acp or --pemagent-certificate-pathDefines PEM agent certificate path. The default is /root/.pem.
-ci or --cidr-addressCIDR-formatted network address range that agents connect to the server from, to be added to the server's pg_hba.conf file, for example, 192.168.1.0/24. The default is 0.0.0.0/0.
-dbi or --db-install-pathDirectory for the database server installation, for example, /usr/edb/as12 for EDB Postgres Advanced Server or /usr/pgsql-12 for PostgreSQL.
-ds or --db-unitfileUnit file name of the PEM database server. For EDB Postgres Advanced Server, the default file name is edb-as-12. For PostgreSQL, it's postgresql-12.
-ho or --hostHost address of the PEM database server.
-p or --portPort number of the PEM database server.
-ps or --pemagent-servicenameService name of the pemagent. The default value is pemagent.
-sp or --superpasswordSuperuser password of the PEM database server. This value is required.
-su or --superuserSuperuser name of the PEM database server.
-au or --use-agent-userPEM agent user name.
-t or --typeInstallation type: Specify 1 if the configuration is for web services and backend database, 2 if you're configuring web services, or 3 if you're configuring the backend database. If you specify 3, the database must reside on the local host.
-un or --uninstall-pem-serverUninstalls the PEM server.
-nhc or --no-hba-changeSkips the changes done to pg_hba.conf and pg_config files.
-uac or --use-agent-sslcertReuses the existing agent SSL certificate while configuring the PEM server.
-uak or --use-agent-sslkeyReuses the existing agent SSL key while configuring the PEM server.
-scs or --server-certificate-subjectProvides the custom web server certificate subject. The format is /C=CountryCode/ST=StateName/L=CityName/O=CompanySelectionName/CN=CommonNameorHostname/emailAddress=user@company.com. Provide the C=CountryCode as Alpha-2 code.
-h or --helpLists all the available options while configuring the PEM server.

If you don't provide configuration properties on the command line, the script prompts you for values. When you invoke the script, choose from:

  1. Web Services and Database Select this option if the web server and database both reside on the same host as the PEM server.

  2. Web Services Select this option if the web server resides on a different host from the PEM server.

  3. Database Select this option to configure the PEM backend database for use by the PEM server. The specified database must reside on the local host.

Note

If the web server and the backend database (PEM server) reside on separate hosts, configure the database server first (option 3) and then web services (option 2). The script proceeds only if the backend database is configured before web services.

After selecting a configuration option, the script prompts you for configuration properties. When the script finishes, it creates the objects required by the PEM server or performs the configuration steps required. To view help for the script, use the command:

/usr/edb/pem/bin/configure-pem-server.sh --help

Post-configuration steps when web server and PEM backend database are installed separately

If you choose to run the web application server on a separate host to the backend database, you need to perform some additional manual steps before PEM is fully operational.

Make sure that the backend Postgres database accepts the connections from any user permitted to log in to PEM from the web application server. To achieve this, add this entry to pg_hba.conf:

host pem +pem_user <web_app_ip>/32 md5

Where <web_app_ip> is the IP address of the web application server.

Additionally, if the IP address of the web application server isn't within the network address range specified when the script is executed, you must add two entries to allow the PEM agent on this server to connect:

host pem +pem_agent <web_app_ip>/32 md5
host pem +pem_agent <web_app_ip>/32 cert

Where <web_app_ip> is the IP address of the web application server.

Accessing the PEM application

After configuring the PEM server, you can access the PEM web interface in your browser. Navigate to:

https://<ip_address_of_PEM_server>:8443/pem

By default, the web services listen on port 8443. To change the port, see Changing the default port.