9.7. Working with PostgreSQL

This section of the appendix documents administrative tasks for the embedded PostgreSQL database configured by the LOCKSS 2.x system.

9.7.1. Changing the PostgreSQL Database Password

To change the password of the embedded PostgreSQL database, perform the following steps as the lockss user [1] in the lockss user's lockss-installer directory:

1. Ensure the Kubernetes service definitions reflect the current state of the LOCKSS configuration by running:

   scripts/assemble-lockss
   

2. Start the PostgreSQL database container by running:

   k3s kubectl apply -n lockss --filename=config/configs/lockss-stack/svcs/lockss-postgres-service.yaml
   

3. Run the following command to store the name of the PostgreSQL database container into the variable postgres_pod:

   postgres_pod=$(k3s kubectl get pod -n lockss --selector=io.kompose.service=lockss-postgres-service --output=jsonpath="{.items[0].metadata.name}")
   

4. Run the following command to store the IP of the PostgreSQL database container into the variable postgres_ip:

   postgres_ip=$(k3s kubectl get pod -n lockss --selector=io.kompose.service=lockss-postgres-service --output=jsonpath="{.items[0].status.podIP}")
   

5. Execute the following command to alter the LOCKSS database user's password, taking care to replace newpassword with your new embedded PostgreSQL database password:

   echo "ALTER USER \"LOCKSS\" WITH PASSWORD 'newpassword'" | k3s kubectl exec $postgres_pod -n lockss -i -- psql --username=LOCKSS --dbname=postgres
   

   Successful execution of the command results in the output ALTER ROLE.

6. To verify that the password change worked, run the following command:

   k3s kubectl exec $postgres_pod -n lockss -it -- psql --username=LOCKSS --dbname=postgres --host=$postgres_ip
   

   and enter newpassword at the Password for user LOCKSS prompt. If the password change was successful and you enter newpassword correctly, you will see a PostgreSQL prompt similar to:

   psql (9.6.12)
   Type "help" for help.
   
   postgres=#
   

   which you can exit by entering q or hitting Ctrl + D. If the password change was unsuccessful or you do not enter newpassword correctly, you will see output similar to:

   psql: FATAL:  password authentication failed for user "LOCKSS"
   command terminated with exit code 2
   

7. Stop the PostgreSQL database container by running this command:

   k3s kubectl -n lockss delete service,deployment lockss-postgres-service &&
       k3s kubectl -n lockss wait --for=delete pod $postgres_pod --timeout=60s
   

8. Re-run configure-lockss so that you can record the new embedded PostgreSQL database password into the configuration of the LOCKSS stack:

   scripts/configure-lockss
   

   See the PostgreSQL and Embedded PostgreSQL Database sections of Configuring the LOCKSS System for details.

---

Footnotes

[1]

See Running Commands as the lockss User.