Configure ADCM to use an external database
ADCM supports operations with external databases. In particular, PostgreSQL databases are supported. If no external database is specified, the built-in SQlite database is used by default.
IMPRORTANT
PostgreSQL database is recommended for use in the product environment. SQLite database is intended for experimental purposes.
|
The prerequisites to use the external PostgreSQL database are:
-
The user, the database, and the user password must be created (
DATABASE_USERNAME
,DATABASE_NAME
,DATABASE_USER_PASSWORD
in the example below). -
The user must be the owner of the external PostgreSQL database.
CREATE USER <DATABASE_USERNAME> with encrypted password '<DATABASE_USER_PASSWORD>';
CREATE DATABASE <DATABASE_NAME> OWNER <DATABASE_USERNAME>;
To run ADCM using PostgreSQL as a database, use the following command:
$ sudo docker run -d --restart=always -p 8000:8000 -v /opt/adcm:/adcm/data
-e DB_HOST="<DATABASE_HOSTNAME_OR_IP_ADDRESS>" -e DB_PORT="<DATABASE_TCP_PORT>"
-e DB_USER="<DATABASE_USERNAME>" -e DB_NAME="<DATABASE_NAME>"
-e DB_PASS="<DATABASE_USER_PASSWORD>" --name adcm hub.arenadata.io/adcm/adcm:<version>
-e DB_OPTIONS="<DATABASE_OPTIONS>"
where <version>
is a desired ADCM image version in one of the following formats:
-
<major>.<minor>.<patch>
— if you need a specific ADCM patch. For example,2.0.0
. -
<major>.<minor>
— if you need the last patch within the selected ADCM version. For example,2.0
.
You can use DB_OPTIONS
to establish an SSL connection to the database. The following parameters are available for DB_OPTIONS
.
Parameter | Description |
---|---|
sslmode |
A flag that is used for establishing an SSL connection. Possible values:
|
sslcert |
This parameter specifies the file name of the client SSL certificate. This parameter is ignored if an SSL connection is not made |
sslkey |
This parameter specifies the location for the secret key used for the client certificate. This parameter is ignored if an SSL connection is not made |
sslrootcert |
This parameter specifies the name of a file containing SSL certificate authority certificate(s). If the file exists, the server’s certificate will be verified to be signed by one of these authorities. The special value system may be specified instead, in which case the system’s trusted CA roots will be loaded. The exact locations of these root certificates differ by SSL implementation and platform |
Prepare the SSL certificate and secret key files and place them into <data_volume>/conf/ssl/. Then, list the DB_OPTIONS
parameters in JSON format:
DB_OPTIONS='{"sslmode": "verify-full", "sslcert": "/adcm/data/conf/ssl/client.crt", "sslkey": "/adcm/data/conf/ssl/client.key", "sslrootcert": "/adcm/data/conf/ssl/server.crt"}'
IMPORTANT
|
Use -v /opt/adcm:/adcm/data:Z
for SELinux.