During the creation of a LifeKeeper PostgreSQL resource, the user must enter a PostgreSQL administrative username for that database cluster. No password is requested for this username by the PostgreSQL recovery kit. Therefore, for the connection tests performed during health checking to be successful one of two configuration methods must be used:
- Trust configuration (no password)
- Credentials supplied via pgpass.conf
To configure trusted connections for the PostgreSQL database cluster modifications to the pg_hba.conf file are required. The authentication method for the administrative user for the database cluster must be set to ‘trust’. The following is an example entry for the administrative user pgsql:
|# IPv4 local connections:|
|# IPv6 local connections:|
Credentials via pgpass.conf
To supply credentials for the PostgreSQL database cluster administrative user and password, creation of a pgpass.conf file for the logon account specified for the LifeKeeper service is required. This file must be created in the user’s APPDATA folder. Login as the user account used to start LifeKeeper, and follow these steps:
- Change directories to appdata
- Create the directory postgresql if it does not exist
- Change directories to postgresql
- Create the file pgpass.conf with the following format:
If the PostgreSQL database cluster administrative user password changes, then the pgpass.conf file will need to be updated with the password setting.
If a non-login user account (such as the built-in accounts “Network Service” or “Local System”) is used to start LifeKeeper on a node, the APPDATA folder can be determined by running the following LifeKeeper command on a different node in the LifeKeeper cluster.
lcdremexec -d <node> — echo $APPDATA
The pgpass.conf file can be created by a system administrator in that folder. Be sure to add read permissions for the LifeKeeper login account user to the pgpass.conf file that is created.
Post your comment on this topic.