Navigation :

DB Node Installation

Overall Installation Steps

The high-level steps for installing and configuring N2SCP DB nodes are:

Determine the server(s) that will supply the DB logical component, bearing in mind the supported operating systems and minimum server requirements.
Ensure the installation pre-requisites are met.
Install the DB package.
Perform any required post-installation steps.
Update the DB configuration as desired.

Installation Pre-requisites

OS-specific Setup

Refer to the specific Red Hat or Debian instructions for any pre-requisites as required.

PostgreSQL Server

The PostgreSQL database server must be installed and configured. Follow the installation procedure for this, noting any prerequisites.

At least version 10 of the PostgreSQL server is required for the N2SCP platform.

In order to perform the database initialisation steps, the PostgreSQL server must be running on the database instance and must be listening and able to be connected to from the command line, i.e. assuming that the PostgreSQL default user is used, this should succeed:

su - postgres
psql

DBMaintain

N2SCP DB nodes use the third-party tool DBMaintain to manage the database over time.

This tool can be obtained by:

Installation from the N-Squared RPM repository for Red Hat 8 or Red Hat 7. Contact N-Squared Support to discuss access to this if required.
Direct download of binaries from the official DBMaintain website.

If you are using an N-Squared packaged installation, DBMaintain will be installed in /usr/share/dbmaintain. For direct download, it may be placed in any convenient location. Commands for using DBMaintain are listed below, but may require updating the path appropriately for your environment.

Java

Usage of the DBMaintain tool requires a JDK or JRE of at least Java 5 to be available on the system. The default Java installation is acceptable in most cases.

To find the local java version, execute:

java -version

If Java is not installed or the version is not at least 5.x, install a new Java version as follows. The commands to execute will depend on your operating system type and version.

RHEL 8

On Red Hat Enterprise Linux 8 or similar platforms, execute:

sudo dnf install java-11-openjdk
sudo alternatives --install /usr/bin/java java /usr/java/latest/bin/java 1
sudo alternatives --config java

RHEL 7

On Red Hat Enterprise Linux 7 or similar platforms, execute:

sudo yum install java-11-openjdk
sudo alternatives --install /usr/bin/java java /usr/java/latest/bin/java 1
sudo alternatives --config java

Ubuntu

On Ubuntu or similar platforms, execute:

sudo apt install default-jdk

Perl

The N2SCP DB node requires several Perl packages to be available prior to installation. The package names may vary depending on your OS type:

RPM-based Systems	DEB-based Systems
`perl` or `perl-interpreter` >= 1:5.12 `postgresqlXX-plperl` * `perl(IO)` `perl(POSIX)` `perl(strict)` `perl(warnings)`	`perl` >= 5.12 `perl-base` `perl-modules` `libdbd-pg-perl` `postgresql-plperl-XX` *

Note that packages marked with an asterisk must have the XX in their name changed to match your installed PostgreSQL version number.

For each of these packages (or with all as one command), execute the instructions specific to your operating system:

RHEL 8	Other RPM-based Systems	DEB-based Systems
`dnf install <package(s)>`	`yum install <package(s)>`	`apt-get install <package(s)>`

Installation Steps

Follow the appropriate installation steps depending on your installation sources.

Note that the packages only need to be installed on nodes where a database schema needs to be created and maintained. This will generally only be the primary database instance.

From N-Squared Repository

Execute the instructions specific to your operating system:

RHEL 8	Other RPM-based Systems	DEB-based Systems
`dnf install n2scp-db`	`yum install n2scp-db`	`apt-get install n2scp-db`

As Manual Installation

Transfer the provided package file to the target node, then follow the instructions specific to your operating system.

Execute (adjusting as appropriate for package location and version details) the following:

RPM-based Systems	DEB-based Systems
`sudo rpm -Uvh /path/to/n2scp-db-M.m.p-b.noarch.rpm`	`sudo dpkg -i /path/to/n2scp-db_M.m.p-b_all.deb`

Post-Installation Steps

Database Initialisation

N2SCP uses the database maintenance tool DBMaintain to upgrade and manage its database automatically.

N2SCP uses the following (unchangeable) database schemas and users:

CUG data schema: n2cug
Audit information schema: audit

These instructions assume that you will use the following values for N2SCP database storage:

Database name: n2in

These values may be modified as required for your installation by updating the installation steps below accordingly.

Database Preparation

The commands in this section must be executed as the OS user that is running the PostgreSQL server. By default, this is postgres.

Create the required users for database administration, runtime data retrieval, and GUI access. You will be prompted to enter a password for each user.

createuser -P -l n2cug_owner
createuser -P -l n2cug_web
createuser -P -l n2cug_ro

If the database does not already exist, create it.

createdb -O n2cug_owner n2in

If the database schemas do not already exist, create them.

psql n2in
CREATE SCHEMA IF NOT EXISTS audit AUTHORIZATION n2cug_owner;
CREATE SCHEMA IF NOT EXISTS n2cug AUTHORIZATION n2cug_owner;
\q

Confirm database login as n2cug_owner works, and set the schema search path.

psql -h localhost -U n2cug_owner n2in
ALTER ROLE n2cug_owner SET search_path TO n2cug,public;
\q

Confirm database login as n2cug_web works, and set the schema search path.

psql -h localhost -U n2cug_web n2in
ALTER ROLE n2cug_web SET search_path TO n2cug,public;
\q

Confirm database login as n2cug_ro works, and set the schema search path.

psql -h localhost -U n2cug_ro n2in
ALTER ROLE n2cug_ro SET search_path TO n2cug,public;
\q

Grant specific permissions to the non-administrative users (each command must be executed separately).

psql -h localhost -d n2in -U n2cug_owner
GRANT USAGE ON SCHEMA n2cug TO n2cug_web;
GRANT USAGE ON SCHEMA n2cug TO n2cug_ro;
ALTER DEFAULT PRIVILEGES IN SCHEMA n2cug GRANT SELECT ON TABLES TO n2cug_ro;
\q

Install the extensions to enable the use of Perl for functions.

psql n2in
CREATE EXTENSION plperl;
\q

Database Creation

Before executing the commands to put the N2SCP database elements into the database, edit the file:

/usr/share/n2scp/db/dbmaintain.properties

In the file, locate the following section:

database.url=jdbc:postgresql://localhost:5432/n2in
database.userName=n2cug_owner
database.password=n2cug_owner

Ensure these values match the commands executed during database preparation and that the correct database listening port is used (if not the PostgreSQL default).

To automatically install the database elements, execute the following commands:

cd /usr/share/n2scp/db
export DBMAINTAIN_JDBC_DRIVER=/usr/share/dbmaintain/postgresql-42.3.1.jar
/usr/share/3rdparty/dbmaintain/dbmaintain.sh updateDatabase -config dbmaintain.properties
cd -

Additional Users

The instructions in this section include the creation of three database users, as described in database initialisation:

n2cug_owner, who owns and has full permissions on everything in the N2SCP schema. This user is also used during database initialisation and any future updates.
n2cug_web, who is granted individual, targeted permissions for screens operations.
n2cug_ro, who has read-only access to the N2SCP schema.

It is highly recommended that an additional user be created for platform-specific configuration and day-to-day maintenance tasks in order to leave the n2cug_owner user and its wide-ranging permissions alone as much as practicable.

The instructions below set out how to create a suitably-privileged operational database user. They assume that you have assigned the username n2cug_oper, but this name can be altered as required.

All instructions below are intended to be executed as the database superuser (normally postgres).

Create the new user. You will be prompted for a password:

createuser -P n2cug_oper

Update the user’s role and grants, updating the database name if necessary:

psql -d n2in

-- Update initial permissions.
ALTER ROLE n2cug_oper LOGIN;
ALTER ROLE n2cug_oper SET search_path TO n2cug,public;
GRANT USAGE ON SCHEMA n2cug TO n2cug_oper;

-- Grant permission for sequence creation.
GRANT ALL ON SEQUENCE n2cug.cug_group_cug_group_id_seq TO n2cug_oper;
GRANT ALL ON SEQUENCE n2cug.cug_group_number_list_status_group_status_id_seq TO n2cug_oper;
GRANT ALL ON SEQUENCE n2cug.cug_user_cug_user_id_seq TO n2cug_oper;
GRANT ALL ON SEQUENCE n2cug.cug_user_number_list_status_user_status_id_seq TO n2cug_oper;
GRANT ALL ON SEQUENCE n2cug.number_entry_number_entry_id_seq TO n2cug_oper;
GRANT ALL ON SEQUENCE n2cug.number_list_number_list_id_seq TO n2cug_oper;

-- Grant premission on tables.
GRANT INSERT ON TABLE audit.n2cug_audit TO n2cug_oper;
GRANT ALL ON TABLE n2cug.cug_group TO n2cug_oper;
GRANT ALL ON TABLE n2cug.cug_user TO n2cug_oper;
GRANT ALL ON TABLE n2cug.number_list TO n2cug_oper;
GRANT ALL ON TABLE n2cug.number_entry TO n2cug_oper;
GRANT ALL ON TABLE n2cug.cug_group_number_list_status TO n2cug_oper;
GRANT ALL ON TABLE n2cug.cug_user_number_list_status TO n2cug_oper;
\q

Refer to the documentation on CUG functionality for further information.

Firewall

The firewall (if any) on the DB node must be updated to allow:

Inbound database requests on the listening PostgreSQL port(s).
If more than one database instance is planned, outbound database requests to all other DB instance(s).

The exact commands to do this will depend both on the firewall on your platform and also which port(s) are in use. For example, to allow the default PostgreSQL port when using firewalld, the commands might be:

firewall-cmd --zone=public --add-port=5432/tcp --permanent
service firewalld restart