9.7. Working with PostgreSQL#
This section of the appendix documents administrative tasks for the embedded PostgreSQL database configured by the LOCKSS 2.x system.
9.7.1. Changing the PostgreSQL Database Password#
To change the password of the embedded PostgreSQL database, perform the following steps as the lockss
user [1] in the lockss
user's lockss-installer
directory:
Ensure the Kubernetes service definitions reflect the current state of the LOCKSS configuration by running:
scripts/assemble-lockss
Start the PostgreSQL database container by running:
k3s kubectl apply -n lockss --filename=config/configs/lockss-stack/svcs/lockss-postgres-service.yaml
Run the following command to store the name of the PostgreSQL database container into the variable
postgres_pod
:postgres_pod=$(k3s kubectl get pod -n lockss --selector=io.kompose.service=lockss-postgres-service --output=jsonpath="{.items[0].metadata.name}")
Run the following command to store the IP of the PostgreSQL database container into the variable
postgres_ip
:postgres_ip=$(k3s kubectl get pod -n lockss --selector=io.kompose.service=lockss-postgres-service --output=jsonpath="{.items[0].status.podIP}")
Execute the following command to alter the
LOCKSS
database user's password, taking care to replacenewpassword
with your new embedded PostgreSQL database password:echo "ALTER USER \"LOCKSS\" WITH PASSWORD 'newpassword'" | k3s kubectl exec $postgres_pod -n lockss -i -- psql --username=LOCKSS --dbname=postgres
Successful execution of the command results in the output
ALTER ROLE
.To verify that the password change worked, run the following command:
k3s kubectl exec $postgres_pod -n lockss -it -- psql --username=LOCKSS --dbname=postgres --host=$postgres_ip
and enter
newpassword
at the Password for user LOCKSS prompt. If the password change was successful and you enternewpassword
correctly, you will see a PostgreSQL prompt similar to:psql (9.6.12) Type "help" for help. postgres=#
which you can exit by entering q or hitting Ctrl + D. If the password change was unsuccessful or you do not enter
newpassword
correctly, you will see output similar to:psql: FATAL: password authentication failed for user "LOCKSS" command terminated with exit code 2
Stop the PostgreSQL database container by running this command:
k3s kubectl -n lockss delete service,deployment lockss-postgres-service && k3s kubectl -n lockss wait --for=delete pod $postgres_pod --timeout=60s
Re-run configure-lockss so that you can record the new embedded PostgreSQL database password into the configuration of the LOCKSS stack:
scripts/configure-lockss
See the PostgreSQL and Embedded PostgreSQL Database sections of Configuring the LOCKSS System for details.
Footnotes