Preparing the GDPR Database

Important: You must create the GDPR application database before deploying the GDPR application.

The GDPR application requires a database to store information about the users and accounts whose personal data was erased. You can deploy the GDPR application database in one of these ways:

• Scenario 1. Deploy the database to the Operations database node.
• Scenario 2. Deploy the database using the PostgreSQL database service in Azure.

Scenario 1. Deploying the GDPR Application Database to the Operations Database Node

To deploy the GDPR application database to the Operations database node:

1. Connect to the Operations database node under the root user.

2. Create the create_db.sql script file with the commands required for database creation. To do this, run the following command:

   cat << EOF > /tmp/create_db.sql
   DO
   \$\$
   BEGIN
   	IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'mservice_login') THEN
   	   CREATE ROLE mservice_login LOGIN;
   	   RAISE NOTICE 'Group mservice_login created';
   	END IF;
   END
   \$\$;
   CREATE USER :name PASSWORD :'password';
   \echo User :name created
   GRANT mservice_login to :name;
   \echo User is a member of mservice_login group
   GRANT :name to CURRENT_USER;
   CREATE DATABASE a8n_:name OWNER :name;
   \echo Database a8n_:name created
   REVOKE :name from CURRENT_USER;
   SELECT pg_reload_conf();
   EOF

3. Add the connect permissions for all the mservice_login group members by adding the following lines to the pg_hba.conf configuration file:

   host    all     mservice_login      <gdpr_app_host_ip>/32       reject
   host    all     +mservice_login      <gdpr_app_host_ip>/32       md5

   where:

   • <gdpr_app_host_ip> is the BackNet IP address of the node where you deployed the Kubernetes cluster.

4. Create the database by running the following command:

   su - postgres -c "psql -f /tmp/create_db.sql --set ON_ERROR_STOP=on -q -o /dev/null -v name='gdpr' -v password='<db_user_password>'"

   where:

   • <db_user_password> is the password of the GDPR database user

GDPR Application Database Connection Parameters

To connect to the GDPR application database, provide the following parameters:

Parameter	Value
BackNet IP address of the database host	The BackNet IP of the Operations database host
Database	a8n_gdpr
Database user (name)	gdpr
Password of the database user (password)	<db_user_password> - the password you specified in step 4

Scenario 2. Deploying the GDPR Application Database Using the PostgreSQL Database Service in Azure

Prerequisites

• You have a corresponding Azure subscription.
• You have a configured PostgreSQL database service in Azure.
• The PostgreSQL client on Operations management node has access to the PostgreSQL database service in Azure.

Deployment Procedure

To deploy the GDPR application database using the PostgreSQL database service in Azure:

1. Connect to the Operations management node under the root user.

2. Create the create_db.sql script file with the commands required for database creation by running the following command:

   cat << EOF > /tmp/create_db.sql
   DO
   \$\$
   BEGIN
   	IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'mservice_login') THEN
   	   CREATE ROLE mservice_login LOGIN;
   	   RAISE NOTICE 'Group mservice_login created';
   	END IF;
   END
   \$\$;
   CREATE USER :name PASSWORD :'password';
   \echo User :name created
   GRANT mservice_login to :name;
   \echo User is a member of mservice_login group
   GRANT :name to CURRENT_USER;
   CREATE DATABASE a8n_:name OWNER :name;
   \echo Database a8n_:name created
   REVOKE :name from CURRENT_USER;
   SELECT pg_reload_conf();
   EOF

3. Create the database by running the following command:

   psql \
   -h <db_postgresql_service_name_in_azure> \
   -U <db_admin_login> \
   -d postgres \
   -f /tmp/create_db.sql \
   --set ON_ERROR_STOP=on \
   -v name='gdpr' \
   -v password='<db_user_password>'

   where:

   • <db_postgresql_service_name_in_azure> is the PostgreSQL database service name in Azure (provided by Azure as a result of the PostgreSQL database service configuration)
   • <db_admin_login> is the admin login to the PostgreSQL database service in Azure (provided by Azure as a result of the PostgreSQL database service configuration)

GDPR Application Database Connection Parameters

To connect to the GDPR application database in Azure, provide the following parameters:

Parameter	Value
The PostgreSQL database service name in Azure	<db_postgresql_service_name_in_azure>, provided by Azure as a result of the PostgreSQL database service configuration
Database	a8n_gdpr
Database user (name)	gdpr
Password of the database user (password)	<db_user_password> - the password you specified in step 3