Install and Configure PostgreSQL 15 for Confluence on Centos/RHEL 8
It is just the 6th month in my journey in the Interbank Card Center , yet I have just figured out how to install, configure and maintain the Atlassian applications such as Bitbucket, Confluence and Jira… Altough, they share the same application logic, they also have great differences.
Each has a great list of dependencies and resources to maintain. Databases is one of them, of course.
In this paper, I will give you the instructions to setup a PostgreSQL 15 as an external database for your Confluence instance. Let’s get started…
PostgreSQL 15 Setup
First of all we need to install PostgreSQL to our DB server. I have already tested and implemented the instructions on KodeKloud’s Playgroud.
PostghreSQL are already added to the repos by default. However, when you use yum install postgresql command, this will install the default PostgreSQL version, which is PostgreSQL 10, as below,
[atlbender@db-server ~]# yum module list postgresql
CentOS Stream 8 - AppStream 16 MB/s | 28 MB 00:01
CentOS Stream 8 - BaseOS 5.7 MB/s | 10 MB 00:01
CentOS Stream 8 - Extras 5.2 kB/s | 18 kB 00:03
CentOS Stream 8 - Extras common packages 8.9 kB/s | 7.2 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 14 MB/s | 16 MB 00:01
Extra Packages for Enterprise Linux 8 - Next - x86_64 546 kB/s | 368 kB 00:00
CentOS Stream 8 - AppStream
Name Stream Profiles Summary
postgresql 9.6 client, server [d] PostgreSQL server and client module
postgresql 10 [d] client, server [d] PostgreSQL server and client module
postgresql 12 client, server [d] PostgreSQL server and client module
postgresql 13 client, server [d] PostgreSQL server and client module
postgresql 15 client, server PostgreSQL server and client module
postgresql 16 client, server [d] PostgreSQL server and client module
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled Enable PostgreSQL
This is why we need to change the default PostgreSQL for installation,
[atlbender@db-server ~]# yum module enable postgresql:15 -yInstall PostgreSQL
Now, we can install PostgreSQL Server 15,
[atlbender@db-server ~]# yum install postgresql-server -yInitialize Database
After installation, I would expected to be able start the postgresql service, we need to setup also the environment for postgresql to be operational,
[atlbender@db-server ~]# postgresql-setup --initdb
* Initializing database in '/var/lib/pgsql/data'
* Initialized, logs are in /var/lib/pgsql/initdb_postgresql.logYou can see the important directories to be taken into account.
Update Config File
In the below config file, we will use scram-sha-256since this is the safest authentication method in hand.
[atlbender@db-server ~]# cat /var/lib/pgsql/data/pg_hba.conf# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file. A short
# synopsis follows.
#
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access. Records take one of these forms:
#
# local DATABASE USER METHOD [OPTIONS]
# host DATABASE USER ADDRESS METHOD [OPTIONS]
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
# hostgssenc DATABASE USER ADDRESS METHOD [OPTIONS]
# hostnogssenc DATABASE USER ADDRESS METHOD [OPTIONS]
#
# (The uppercase items must be replaced by actual values.)
#
# The first field is the connection type:
# - "local" is a Unix-domain socket
# - "host" is a TCP/IP socket (encrypted or not)
# - "hostssl" is a TCP/IP socket that is SSL-encrypted
# - "hostnossl" is a TCP/IP socket that is not SSL-encrypted
# - "hostgssenc" is a TCP/IP socket that is GSSAPI-encrypted
# - "hostnogssenc" is a TCP/IP socket that is not GSSAPI-encrypted
#
# DATABASE can be "all", "sameuser", "samerole", "replication", a
# database name, or a comma-separated list thereof. The "all"
# keyword does not match "replication". Access to replication
# must be enabled in a separate record (see example below).
#
# USER can be "all", a user name, a group name prefixed with "+", or a
# comma-separated list thereof. In both the DATABASE and USER fields
# you can also write a file name prefixed with "@" to include names
# from a separate file.
#
# ADDRESS specifies the set of hosts the record matches. It can be a
# host name, or it is made up of an IP address and a CIDR mask that is
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
# specifies the number of significant bits in the mask. A host name
# that starts with a dot (.) matches a suffix of the actual host name.
# Alternatively, you can write an IP address and netmask in separate
# columns to specify the set of hosts. Instead of a CIDR-address, you
# can write "samehost" to match any of the server's own IP addresses,
# or "samenet" to match any address in any subnet that the server is
# directly connected to.
#
# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
# Note that "password" sends passwords in clear text; "md5" or
# "scram-sha-256" are preferred since they send encrypted passwords.
#
# OPTIONS are a set of options for the authentication in the format
# NAME=VALUE. The available options depend on the different
# authentication methods -- refer to the "Client Authentication"
# section in the documentation for a list of which options are
# available for which authentication methods.
#
# Database and user names containing spaces, commas, quotes and other
# special characters must be quoted. Quoting one of the keywords
# "all", "sameuser", "samerole" or "replication" makes the name lose
# its special character, and just match a database or username with
# that name.
#
# This file is read on server startup and when the server receives a
# SIGHUP signal. If you edit the file on a running system, you have to
# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
# or execute "SELECT pg_reload_conf()".
#
# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL
# listen on a non-local interface via the listen_addresses
# configuration parameter, or via the -i or -h command line switches.
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 scrum-sha-256
# IPv6 local connections:
host all all ::1/128 scrum-sha-256
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all scrum-sha-256
host replication all 127.0.0.1/32 scrum-sha-256
host replication all ::1/128 scrum-sha-256Update Daemon
Changes in the configuration files need to be recognized by the system,
[atlbender@db-server ~]# systemctl daemon-reloadStart the PostgreSQL Service
[atlbender@db-server ~]# systemctl start postgresqlAfter starting the service, we are done with the server side configurations. Except for the pg_hba.conf file!
Database Configurations
In this step we will enter the postgresql server and create our Confluence specific database.
Login to PostgreSQL as Admin
[atlbender@db-server ~]# su - postgresSwitch to PostgreSQL CLI
[postgres@db-server ~]$ psqlCreate Database Objects
Change the below parameters for your company. Confluence setup wizard will ask you to provide those information,
CREATE USER <confluence_user> WITH ENCRYPTED PASSWORD '<confluence_password>';
-- since postgres 15 (before db creation)
GRANT ALL ON SCHEMA public TO <confluence_user>;
-- now create objects
CREATE DATABASE <database_name> WITH TEMPLATE template0;
GRANT ALL PRIVILEGES ON DATABASE <database_name> TO <confluence_user>;
-- also needed for postgres 15
ALTER DATABASE <database_name> OWNER TO <confluence_user>;Before testing, change pg_hba.conf as below,
[atlbender@db-server ~]# cat /var/lib/pgsql/data/pg_hba.conf
.
.
.
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all md5
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5Test Connection
Go to your application nodes and run the below command to test your database connection,
curl -v telnet://<postgres_server>:5432
Finally, we have completed the PostgreSQL 15 setup on Centos/RHEL 8 for our Confluence instance.
Please share your comments and feel free to be in contact!
Together is better for growth!
