...
Install PostgreSQL from yum repository
Code Block language bash yum install -y postgresql postgresql-server
Initialize a new PostgreSQL installation
Code Block language bash postgresql-setup initdb
By default PostgreSQL server is only accessible via Unix Domain Sockets or loopback IP interface (127.0.0.1) to the local users, the users are authenticated by the operating system, i.e. the OS user postgres can connect as PostreSQL user postgres without any additional authentication from the PostgreSQL server side. To allow PgAdmin4 and FIXICC H2 to work we need to enable access via a network
To enable network access to PostgreSQL server edit file /var/lib/pgsql/data/pg_hba.conf and add the following lines:
Code Block language css host all all 0.0.0.0/0 md5 host all all ::0/0 md5
It allows all users to connect from any host via TCP or SSL socket using hashed passwords.
Remove lines that enable ident connection to localhost:
Code Block language css # IPv4 local connections: host all all 127.0.0.1/32 ident # IPv6 local connections: host all all ::1/128 ident
To enable listening of all network interfaces edit file /var/lib/pgsql/data/postgresql.conf , replace line:
Code Block language css # listen_addresses = 'localhost'
with
Code Block language css listen_addresses = '*'
Enable auto-start and start postgresql server (check service status)
Code Block language bash systemctl enable --now postgresql systemctl restatusstatus postgresql
Consul installation and configuration
Add HashiCorp repository:
Code Block language bash yum install -y yum-utils yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
Install consul from yum repository
Code Block language bash yum -y install consul
Generate Consul certificate and private key
Code Block language bash openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /etc/consul.d/consul.key -out /etc/consul.d/consul.crt -subj '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.consul' chown consul:consul /etc/consul.d/*
Note title NOTE! - replace '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.consul' with your company identity Configure consul as follows (/etc/consul.d/consul.json)
Note title NOTE! Create consul.json file if missing in the directory. Code Block language css { "bind_addr": "{{GetInterfaceIP \"ens5\"}}", "bootstrap": true, "server": true, "addresses": { "https": "0.0.0.0" }, "ports": { "http": -1, "https": 8501 }, "auto_encrypt": { "allow_tls": true, "tls": true }, "client_addr": "0.0.0.0", "ui": true, "data_dir": "/var/lib/consul", "log_level": "INFO", "disable_update_check": true, "disable_anonymous_signature": true, "verify_server_hostname": false, "cert_file": "/etc/consul.d/consul.crt", "key_file": "/etc/consul.d/consul.key", "auto_encrypt": { "allow_tls": true } }
Note title NOTE! - replace ens5 with your server's network interface
- you can find your network interface id with `ifconfig` commandRemove or backup /etc/consul.d/consul.hcl
Create consul data directory
Code Block language bash mkdir /var/lib/consul chown consul:consul /var/lib/consul
Remove ConditionFileNotEmpty in /usr/lib/systemd/system/consul.service
Code Block language css ConditionFileNotEmpty=/etc/consul.d/consul.hcl
Enable auto-start and start consul server :(check service status)
Code Block language bash systemctl enable --now consul systemctl startstatus consul
Consul UI should be available on https://server_ip:8501/ui/
...