Author : Sanjeev Gupta
Novell Archive and Version Services uses PostgreSQL database for storing detailed information about the archived files. By default the database is configured not to accept any other connections except from the local-host and the user who owns the database.
For administrators it's sometimes important to view the database, backup it remotely, and even use the same database for some other purposes, say a web application or something else. In such cases, the administrator needs to configure the database and allow remote access. Such details have not been provided with the service and it's documentation.
In this article, I am providing the details to edit configuration files related to the database and allow remote access on it.
- First we need to find out the path where the database files are running. By default Archive and Version configures the database at "/var/opt/novell/archivemanager/data". In some scenarios you may have manually configured the database at some other location. The best and east way to find out the location of the database is to run ps –ef | postmaster on a terminal screen as root user.
# ps –ef | grep postmaster
The marked area in the above screenshot is the path where the current instance of the postgreSQL database configured by Archive and Version server is running.
- PostgreSQL server stores its access related details in two files, namely pg_hba.conf and postgresql.conf. To enable postgreSQL database for remote access, we need to edit these configuration files. To start doing this, go to the folder where the database is currently stored.
# cd /var/opt/novell/arkmanager/data
- Open the file postgresql.conf in your favorite editor and look for the line "listen_addresses = `localhost`". The line is commented by default.
Remove the character "#" from start of the line and replace the word "localhost" with "*". "*" allows all the i.p addresses on the network to connect the database. For increased security, you can use the i.p address of the specific machine which you wish to enable for this database connection. You can even list several i.p address separated by a "comma" which would be initiating a connection to this database.
Save the file and exit the editor.
- PostgreSQL stores its client authentication related information in the file "pg_hba.conf". We would need to enter details of the client machine, database we want it to connect to, type of allowed connection, and the method of authentication in the file. The entry is generally made in a single line and carries the below mentioned format.
"CONNECTION-TYPE DATABASE USER CIDR-ADDRESS METHOD"
- The first field is the connection type: "local" is a Unix-domain socket, "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.
- DATABASE can be "all", "sameuser", "samerole", a database name, or a comma-separated list thereof. USER can be "all", a user name, a group name prefixed with "+", or a comma-separated list thereof. In both the DATABASE and USER fields you can also write a file name prefixed with "@" to include names from a separate file.
- CIDR-ADDRESS specifies the set of hosts the record matches. It is made up of an IP address and a CIDR mask that is an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies the number of significant bits in the mask. Alternatively, you can write an IP address and netmask in separate columns to specify the set of hosts.
- METHOD can be "trust", "reject", "md5", "crypt", "password", "krb5", "ident", or "pam". Note that "password" sends passwords in clear text; "md5" is preferred since it sends encrypted passwords.
In your favorite editor load the file "pg_hba.conf" for edit and add the following line at the end of the file.
" host all all 126.96.36.199 255.255.254.0 password "
This entry line authorizes TCP/IP connections on all databases from all users but only from i.p address 188.8.131.52 and subnet mask
Instead if the i.p address and mast in the above entry, you can also use "0.0.0.0/0 md5" to enable anybody to login in from any address if he can provide a valid password (the md5 keyword). You can use needed network/mask instead of 0.0.0.0/0.
- We have now configured the PostgreSQL configuration files for remote access over TCP/IP network. To make the PostgreSQL server use the changed files, we need to restart the database, As we are using the database in use by Archive and Version service, it's best to restart the Archive-Version service which internally restarts the database also. Run the following command to restart archive-version and related services.
# rcnovell-ark restart
It will take a few moments for the command to restart Archive Version and PostgreSQl database.
- To remotely connect to the above configured database, you can use a variety of GUI tools and different types of connection options. To verify that the connection works, let's use a software "Navicat 8.0 for PostgreSQL".
- On a allowed machine/i.p in the database configuration files above, install a trial version of "Navicat 8.0 for PostgreSQL" on windows. Launch the application and when asked for connect database option, provide the required details.
- Hostname /i.p address: i.p address of the machine hosting PostgreSQl server.
- Port: port number used by PostgreSQL server. "5432" by default or use the post you configured while installing and configuring Archive-Version service.
- User name: Owner of database or user authorized to connect to database. For archive-version service, it's "arkuser" by default or use the one you opted for while configuring archive-version service.
- Database: Use "archive_database" for this field. This is the database name created and used by Archive-Version service internally.
- Password: password of the database user.
Click on OK to initiate a connection. If you are able to see the database tables, your connection is successful.
If the connection fails, verify that the port is not blocked by firewall
on the server hosting the postgreSQl server.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.