This series was originally going to be a more polished endeavour, but unfortunately time got in the way. A prod from James Kilby (@jameskilbynet) has convinced me to publish as is, as a series of lab notes. Maybe one day I’ll loop back and finish them…
The base OS for the PostgreSQL server is CentOS7, deployed from the same template and with the same preparation as detailed in the prerequisites post.
Add the correct repository (OS and processor) for the base VM - for my CentOS7 64-bit installation, based on the PostgreSQL web site. I used the following command:
rpm -Uvh https://yum.postgresql.org/10/redhat/rhel-7-x86_64/pgdg-centos10-10-2.noarch.rpm
Install PostgreSQL server and client tools:
yum install -y postgresql10-server postgresql10
Change the default postgres user password
passwd postgres
Then initialise PostgreSQL
/usr/pgsql-10/bin/postgresql-10-setup initdb
Finally, start, enable and validate the service:
systemctl start postgresql-10
systemctl enable postgresql-10
systemctl status postgresql-10
To create a database for vCloud Director to use, switch to the postgres user and open the psql command line:
sudo -u postgres -i
psql
Then create the databases and users required - one for vCloud Director, and one for the vRealize Orchestrator cluster:
create user vcloud;
alter user vcloud password ‘VMware1!’;
alter role vcloud with login;
create database vcloud;
grant all privileges on database vcloud to vcloud;
create user vro;
alter user vro password ‘VMware1!’;
alter role vro with login;
create database vro;
grant all privileges on database vro to vro;
Quit psql with \q, then exit back to the root prompt.
In order to allow remote access from the vCloud Director Cells, and vRealize Orchestrator, we need to add some configuration to the PostgreSQL configuration files.
These two commands add a line to the pg_hba.conf file, allowing the user vcloud access to the database vcloud, and the user vro to access the database vro from the vcd-sql subnet. You could specify individual hosts to increase security, but I’m going to be using the NSX distributed firewall to secure these connections too, so the subnet will suffice.
echo “host vcloud vcloud 10.12.0.64/27 md5” » /var/lib/pgsql/10/data/pg_hba.conf
echo “host vro vro 10.12.0.64/27 md5” » /var/lib/pgsql/10/data/pg_hba.conf
By default, PostgreSQL will be listening on it’s internal loopback address. To configure PostgreSQL to listen on all addresses, the following lines need to be added to the postgresql.conf file:
echo “listen_addresses = ‘*’” » /var/lib/pgsql/10/data/postgresql.conf
echo “port = 5432” » /var/lib/pgsql/10/data/postgresql.conf
Finally, open the host-based firewall to allow in-bound connections from the same two IP subnets:
firewall-cmd -permanent -zone=trusted -add-source=10.12.0.64/27
firewall-cmd -permanent -zone=trusted -add-port=5432/tcp
firewall-cmd -reload
Restart PostgreSQL
Systemctl restart postgresql-10
For production deployments, there are some recommended tuning settings specified in the following KB. These settings are specifically tuned for the size of PostgreSQL server deployed in my lab, so I have implemented them - https://kb.vmware.com/s/article/2151464
In order to validate the PostgreSQL configuration, database setup, network, and firewall configuration, connect to the PostgreSQL database from one of the vCloud Director cell VMs to ensure access: