Set Password for Internal PostgreSQL Instances

Customer Managed Applies to customer-managed instances of Alation

These steps require a Server Admin with access to the Alation server. You can set a password on the internal PostgreSQL databases if the database security policy at your organization requires it. Change the passwords at regular intervals as prescribed by the policy.

Alation uses two internal PostgreSQL databases:

  • the internal Alation server database (Rosemeta)

  • the built-in Lineage database that powers the Lineage Service

It is possible to set a password on either or both of these internal databases.

Important

On High Availability instances, the Postgres password should be set on the Primary instance only.

Set Passwords

To set a password on the internal Postgres databases:

  1. On the Alation host, enter the Alation shell and switch the user to alation.

    sudo /etc/init.d/alation shell
sudo su alation

  2. You can choose to set a password using either the noecho or interactive mode. The noecho mode does not print the password to the console. The interactive mode shows the password string. You can set the password on both Postgres databases or just one of them.

    To set the password in the noecho mode:

    1. Run the script below and follow the prompts in the console to complete the setup:

      /opt/alation/bin/alation_set_pg_password noecho
      ../../_images/PostgresPassword_01.png

    2. Run the following Alation action:

      alation_action enable_datadog

    Important

    The alation_set_pg_password script will restart Postgres after the password is changed from an empty password to an actual password value in either mode. When you change an existing password to a new password, the restart is not required and will not be performed.

  3. To exit from the alation user, use exit.

  4. To exit from the Alation shell, use exit.

After passwords have been set, you will need to enter them when accessing the internal databases for troubleshooting.

Check if Passwords Are Set

To check if the internal Postgres databases currently have passwords:

  1. On the Alation host, enter the Alation shell:

    sudo /etc/init.d/alation shell

  2. To check if a password is set for the server database (Rosemeta), run the following command:

    alation_conf pgsql.config.password

    This command will output the value of the pgsql.config.password parameter. If a password is set, the value will be an encrypted password string. If not, there will be no value.

  3. To check if a password is set for the Lineage database, run the following command:

    alation_conf lineage-service.pgsql.password

    This command will output the value of the lineage-service.pgsql.password parameter. If a password is set, the value will be an encrypted password string. If not, there will be no value.

Change the Postgres Passwords

To change the passwords, set a new password using the steps in Set Passwords.

Clear the Postgres Passwords

Clearing the Postgres passwords requires a restart of the corresponding internal Postgres instance.

To clear the passwords:

  1. On the Alation host, enter the Alation shell:

    sudo /etc/init.d/alation shell

  2. To clear the password from the internal server database (Rosemeta), run the following command:

    alation_conf pgsql.config.password -c

  3. To clear the password from the Lineage database, run the following command:

    alation_conf lineage-service.pgsql.password -c

  4. Deploy the configuration:

    alation_action deploy_conf_all

  5. If you cleared the Rosemeta password, restart the Postgres service:

    alation_action stop_postgres
alation_action start_postgres

  6. If you cleared the Lineage password, restart the Postgres service for Lineage:

    alation_supervisor restart lineage

  7. To check that the passwords have been cleared:

    alation_conf pgsql.config.password
alation_conf lineage-service.pgsql.password

    The parameter(s) should display an empty value.

  8. To exit from the Alation shell, use exit.