Configuring the PEM server on Linux v9
The PEM server package includes a script (configure-pem-server.sh) to help automate the configuration process for Linux platform installations. The script is installed in the /usr/edb/pem/bin directory. To invoke the script, use the command:
/usr/edb/pem/bin/configure-pem-server.sh
Note
If you're using the SSL certificates, then make sure that all the SSL certificates are in the data directory in the backend database server. If the certificates aren't in the data directory, then the PEM server's configure script might fail because it looks into the data directory while configuring the PEM server.
When invoking the script, you can include command line options to specify configuration properties. The script prompts you for values that you omit on the command line. The accepted options are:
| Option | Description |
|---|---|
-acp or --pemagent-certificate-path | Defines PEM agent certificate path. The default is /root/.pem. |
-ci or --cidr-address | CIDR-formatted network address range that agents connect to the server from, to be added to the server's pg_hba.conf file, for example, 192.168.1.0/24. The default is 0.0.0.0/0. |
-dbi or --db-install-path | Directory for the database server installation, for example, /usr/edb/as12 for EDB Postgres Advanced Server or /usr/pgsql-12 for PostgreSQL. |
-ds or --db-unitfile | Unit file name of the PEM database server. For EDB Postgres Advanced Server, the default file name is edb-as-12. For PostgreSQL, it's postgresql-12. |
-ho or --host | Host address of the PEM database server. |
-p or --port | Port number of the PEM database server. |
-ps or --pemagent-servicename | Service name of the pemagent. The default value is pemagent. |
-sp or --superpassword | Superuser password of the PEM database server. This value is required. |
-su or --superuser | Superuser name of the PEM database server. |
-au or --use-agent-user | PEM agent user name. |
-t or --type | Installation type: Specify 1 if the configuration is for web services and backend database, 2 if you're configuring web services, or 3 if you're configuring the backend database. If you specify 3, the database must reside on the local host. |
-un or --uninstall-pem-server | Uninstalls the PEM server. |
-nhc or --no-hba-change | Skips the changes done to pg_hba.conf and pg_config files. |
-uac or --use-agent-sslcert | Reuses the existing agent SSL certificate while configuring the PEM server. |
-uak or --use-agent-sslkey | Reuses the existing agent SSL key while configuring the PEM server. |
-scs or --server-certificate-subject | Provides the custom web server certificate subject. The format is /C=CountryCode/ST=StateName/L=CityName/O=CompanySelectionName/CN=CommonNameorHostname/emailAddress=user@company.com. Provide the C=CountryCode as Alpha-2 code. |
-h or --help | Lists all the available options while configuring the PEM server. |
If you don't provide configuration properties on the command line, the script prompts you for values. When you invoke the script, choose from:
Web Services and Database— Select this option if the web server and database both reside on the same host as the PEM server.Web Services— Select this option if the web server resides on a different host from the PEM server.Database— Select this option to configure the PEM backend database for use by the PEM server. The specified database must reside on the local host.
Note
If the web server and the backend database (PEM server) reside on separate hosts, configure the database server first (option 3) and then web services (option 2). The script proceeds only if the backend database is configured before web services.
After selecting a configuration option, the script prompts you for configuration properties. When the script finishes, it creates the objects required by the PEM server or performs the configuration steps required. To view help for the script, use the command:
/usr/edb/pem/bin/configure-pem-server.sh --helpPost-configuration steps when web server and PEM backend database are installed separately
If you choose to run the web application server on a separate host to the backend database, you need to perform some additional manual steps before PEM is fully operational.
Make sure that the backend Postgres database accepts the connections from any user permitted to log in to PEM from the web application server. To achieve this, add this entry to pg_hba.conf:
host pem +pem_user <web_app_ip>/32 md5
Where <web_app_ip> is the IP address of the web application server.
Additionally, if the IP address of the web application server isn't within the network address range specified when the script is executed, you must add two entries to allow the PEM agent on this server to connect:
host pem +pem_agent <web_app_ip>/32 md5 host pem +pem_agent <web_app_ip>/32 cert
Where <web_app_ip> is the IP address of the web application server.
Accessing the PEM application
After configuring the PEM server, you can access the PEM web interface in your browser. Navigate to:
https://<ip_address_of_PEM_server>:8443/pem
By default, the web services listen on port 8443. To change the port, see Changing the default port.