The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter provides information about installing and setting up PostgreSQL.
Read the security recommendations for the PostgreSQL database in section About Security Recommendations.
Note | This section is optional configuration. |
By default, the Postgresql database listens on port 5432. If you want to change this port, you must edit the PGPORT environment variable in /etc/rc.d/init.d/postgresql with the new port number.
Note | The PGPORT environment variable overrides the ‘Port’ parameter value in the /var/lib/pgsql/data/postgresql.conf file, so you must edit the PGPORT environment variable if you want the Postgresql database to listen on a new port number. |
Step 1 | Edit the PGPORT environment variable in
/etc/rc.d/init.d/postgresql with the new port, for example:
IE: PGPORT=5555 |
Step 2 | Enter these commands to stop and start the PostgreSQL service:
# /etc/rc.d/init.d/postgresql start # /etc/rc.d/init.d/postgresql stop |
Step 3 | Confirm that the Postgresql database is listening on the new port
using this command:
'lsof -i -n -P | grep postg' postmaste 5754 postgres 4u IPv4 1692351 TCP *:5555 (LISTEN) |
Step 4 | To connect to the database after you have changed the port, you
must specify the new port number in the command using the -p argument. If you
do not include the -p argument in the command, the Postgresql database attempts to use the default port of 5432, and the connection to the database
fails.
For example: psql tcmadb -p 5555 -U tcuser |
We strongly recommend that you restrict user access to the external database to only the particular user and database instance that the IM and Presence Serivce uses. You can restrict user access to the PostgreSQL database in the pg_hba.conf file located in the <install_dir>/data directory.
Caution | Do not configure 'all' for the user and database entries because potentially this could allow any user access to any database. |
When you configure user access to the external database, we also recommend that you configure password protection for the database access using the 'password' method.
Note | You are required to enter a password for the database user when you configure a database entry on IM and Presence Service. |
The following are examples of a secure user access configuration, and a less secure user access configuration, in the pg_hba.conf file.
Example of a secure configuration:
# TYPE |
DATABASE |
USER |
CIDR-ADDRESS |
METHOD |
host |
dbinst1 |
tcuser1 |
10.89.99.0/24 |
password |
host |
dbinst2 |
mauser1 |
10.89.99.0/24 |
password |
Example of a less secure configuration:
# TYPE |
DATABASE |
USER |
CIDR-ADDRESS |
METHOD |
host |
dbinst1 |
tcuser1 |
10.89.99.0/24 |
trust |
host |
dbinst2 |
all |
10.89.99.0/24 |
password |
Notes on the example of a less secure configuration: