Important: You must create the Identity Service database before deploying the Identity Service.
The Identity Service database stores information about user credentials and configuration settings. You can deploy the Identity Service database in one of these ways:
- Scenario 1. Deploy the database to the Operations database node.
- Scenario 2. Deploy the database using the PostgreSQL database service in Azure.
Scenario 1. Deploying the Identity Service Database to the Operations Database Node
To deploy the Identity Service database to the Operations database node:
- Connect to the Operations database node under the
rootuser. -
Create the create_db.sql script file with the commands required for database creation. To do this, run the following command:
cat << EOF > /tmp/create_db.sql DO \$\$ BEGIN IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'mservice_login') THEN CREATE ROLE mservice_login LOGIN; RAISE NOTICE 'Group mservice_login created'; END IF; END \$\$; CREATE USER :name PASSWORD :'password'; \echo User :name created GRANT mservice_login to :name; \echo User is a member of mservice_login group GRANT :name to CURRENT_USER; CREATE DATABASE a8n_:name OWNER :name; \echo Database a8n_:name created REVOKE :name from CURRENT_USER; SELECT pg_reload_conf(); EOF
-
Add the connect permissions for all the
mservice_logingroup members by adding the following lines to the/var/lib/pgsql/<PostgreSQL_Version>/data/pg_hba.confconfiguration file:host all mservice_login <idp_app_host_ip>/32 reject host all +mservice_login <idp_app_host_ip>/32 md5
where:
<idp_app_host_ip>is the BackNet IP address of the node where you deployed the Kubernetes cluster.
-
Create the database by running the following command:
su - postgres -c "psql -f /tmp/create_db.sql --set ON_ERROR_STOP=on -q -o /dev/null -v name='idp' -v password='<db_user_password>'"
where:
<db_user_password>is the password of the Identity Service database user
Identity Service Database Connection Parameters
To connect to the Identity Service database, provide the following parameters:
| Parameter | Value |
|---|---|
| BackNet IP address of the database host | The BackNet IP of the Operations database host |
| Database | a8n_idp |
Database user (name) |
idp |
Password of the database user (password) |
<db_user_password> - the password you specified in step 4 |
Scenario 2. Deploying the Identity Service Database Using the PostgreSQL Database Service in Azure
Prerequisites
- A corresponding Azure subscription.
- A configured PostgreSQL database service in Azure.
- The PostgreSQL client on Operations management node must have access to the PostgreSQL database service in Azure.
Deployment Procedure
To deploy the Identity Service database using the PostgreSQL database service in Azure:
-
Connect to the Operations management node under the
rootuser. -
Create the create_db.sql script file with the commands required for database creation by running the following command:
cat << EOF > /tmp/create_db.sql DO \$\$ BEGIN IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'mservice_login') THEN CREATE ROLE mservice_login LOGIN; RAISE NOTICE 'Group mservice_login created'; END IF; END \$\$; CREATE USER :name PASSWORD :'password'; \echo User :name created GRANT mservice_login to :name; \echo User is a member of mservice_login group GRANT :name to CURRENT_USER; CREATE DATABASE a8n_:name OWNER :name; \echo Database a8n_:name created REVOKE :name from CURRENT_USER; SELECT pg_reload_conf(); EOF
-
Create the database by running the following command:
psql \ -h <db_postgresql_service_name_in_azure> \ -U <db_admin_login> \ -d postgres \ -f /tmp/create_db.sql \ --set ON_ERROR_STOP=on \ -v name='idp' \ -v password='<db_user_password>'
where:
<db_postgresql_service_name_in_azure>is the PostgreSQL database service name in Azure (provided by Azure as a result of the PostgreSQL database service configuration)<db_admin_login>is the admin log-in name to the PostgreSQL database service in Azure (provided by Azure as a result of the PostgreSQL database service configuration)
Identity Service Database Connection Parameters
To connect to the Identity Service database in Azure, provide the following parameters:
| Parameter | Value |
|---|---|
| The PostgreSQL database service name in Azure | <db_postgresql_service_name_in_azure>, provided by Azure as a result of the PostgreSQL database service configuration |
| Database | a8n_idp |
Database user (name) |
idp |
Password of the database user (password) |
<db_user_password> - the password you specified in step 3 |