Set Password for Internal PostgreSQL Instances¶
These steps require a Server Admin with server-side access to the Alation application.
Alation uses two internal PostgreSQL (Postgres) databases:
the internal Alation server database (Rosemeta)
the built-in Alation Analytics V1 database (alation_analytics) that powers the Alation Analytics V1 feature. The alation_analytics database is only in use if the Alation Analytics V1 feature is enabled on the Alation instance.
It is possible to set a password on either or both of these internal Postgres databases.
Set a password if the database security policy at your organization requires it and change it at regular intervals as prescribed by the policy.
Important
On HA instances, the Postgres password should be set on the Primary instance only.
Set Password on the Internal Postgres Databases¶
To set the password on the internal Postgres databases:
On the Alation host, enter the Alation shell and set user to
alation
:sudo /etc/init.d/alation shell sudo su alation
You can choose to set the password using either the noecho or interactive mode. The noecho mode does not print the password to the console. The interactive mode shows the password string. You can set the password on both Postgres databases or just one of them.
Noecho¶
To set the password in the noecho mode, run the script below and follow the prompts in the console to complete the setup. Note that you will be prompted to enter a password for the Alation Analytics V1 database only if this feature is enabled on your Alation instance:
/opt/alation/bin/alation_set_pg_password noecho
![]()
Interactive¶
To use the interactive mode, run the following script substituting the placeholder value <password> with your real value:
/opt/alation/bin/alation_set_pg_password interactive --rosemeta=<password> --analytics=<password>![]()
If you only wish to set a password on one of the databases, use the respective database name only, for example:
/opt/alation/bin/alation_set_pg_password interactive --rosemeta=<password>
Important
The alation_set_pg_password
script will restart Postgres after the password is changed from an empty password to an actual password value in either mode. When you change an existing password to a new password, the restart is not required and will not be performed.
When a password is set, you will need to enter it when accessing the Postgres instance for troubleshooting.
Check if Password is Set on Internal Postgres Databases¶
To check if the internal Postgres databases currently have a password set:
On the Alation host, enter the Alation shell:
sudo /etc/init.d/alation shell
To check if a password for set for the server database (Rosemeta), run the following command:
alation_conf pgsql.config.password
This will output the value of the pgsql.config.password parameter. If a password is set, the value will be an encrypted password string. If not, there will be no value.
To check if a password for set for the Alation Analytics V1 database, run the following command:
alation_conf alation_analytics.pgsql.password
This will output the value of the alation_analytics.pgsql.password parameter. If a password is set, the value will be an encrypted password string. If not, there will be no value.
Change the Postgres Password¶
To change the password, set a new password using the steps in Set Password on the Internal Postgres Databases.
Clear the Postgres Password¶
Note that clearing PostgreSQL passwords requires a restart of the corresponding internal PostgreSQL instance.
On the Alation host, enter the Alation shell:
sudo /etc/init.d/alation shell
To clear the password from the internal server database (Rosemeta), run the following command:
alation_conf pgsql.config.password -c
To clear the password from the Alation Analytics V1 database, run the following command:
alation_conf alation_analytics.pgsql.password -c
Deploy the configuration:
alation_action deploy_conf_all
If you cleared the Rosemeta password, restart the Postgres service for Rosemeta:
alation_action stop_postgres alation_action start_postgres
If you cleared the Alation Analytics V1 password, restart the Postgres service for Alation Analytics V1:
alation_action stop_alation_analytics_postgres alation_action start_alation_analytics_postgres
To check that the password has been cleared:
alation_conf pgsql.config.password alation_conf alation_analytics.pgsql.password
The parameter(s) should display an empty value.
Exit the Alation shell:
exit
.