Set Password for Internal PostgreSQL Instances

Customer Managed Applies to customer-managed instances of Alation

These steps require a Server Admin with server-side access to the Alation application.

Alation uses two internal PostgreSQL (Postgres) databases:

  • the internal Alation server database (Rosemeta)

  • the built-in Alation Analytics V1 database (alation_analytics) that powers the Alation Analytics V1 feature. The alation_analytics database is only in use if the Alation Analytics V1 feature is enabled on the Alation instance.

It is possible to set a password on either or both of these internal Postgres databases.

Set a password if the database security policy at your organization requires it and change it at regular intervals as prescribed by the policy.

Important

On HA instances, the Postgres password should be set on the Primary instance only.

Set Password on the Internal Postgres Databases

To set the password on the internal Postgres databases:

  1. On the Alation host, enter the Alation shell and set user to alation:

    sudo /etc/init.d/alation shell
    sudo su alation
    
  2. You can choose to set the password using either the noecho or interactive mode. The noecho mode does not print the password to the console. The interactive mode shows the password string. You can set the password on both Postgres databases or just one of them.

Noecho

To set the password in the noecho mode, run the script below and follow the prompts in the console to complete the setup. Note that you will be prompted to enter a password for the Alation Analytics V1 database only if this feature is enabled on your Alation instance:

/opt/alation/bin/alation_set_pg_password noecho
../../_images/PostgresPassword_01.png

Interactive

To use the interactive mode, run the following script substituting the placeholder value <password> with your real value:

/opt/alation/bin/alation_set_pg_password interactive --rosemeta=<password> --analytics=<password>
../../_images/PostgresPassword_02.png

If you only wish to set a password on one of the databases, use the respective database name only, for example:

/opt/alation/bin/alation_set_pg_password interactive --rosemeta=<password>

Important

The alation_set_pg_password script will restart Postgres after the password is changed from an empty password to an actual password value in either mode. When you change an existing password to a new password, the restart is not required and will not be performed.

When a password is set, you will need to enter it when accessing the Postgres instance for troubleshooting.

Check if Password is Set on Internal Postgres Databases

To check if the internal Postgres databases currently have a password set:

  1. On the Alation host, enter the Alation shell:

    sudo /etc/init.d/alation shell
    
  2. To check if a password for set for the server database (Rosemeta), run the following command:

    alation_conf pgsql.config.password
    

    This will output the value of the pgsql.config.password parameter. If a password is set, the value will be an encrypted password string. If not, there will be no value.

  3. To check if a password for set for the Alation Analytics V1 database, run the following command:

    alation_conf alation_analytics.pgsql.password
    

    This will output the value of the alation_analytics.pgsql.password parameter. If a password is set, the value will be an encrypted password string. If not, there will be no value.

    ../../_images/PostgresPassword_03.png

Change the Postgres Password

To change the password, set a new password using the steps in Set Password on the Internal Postgres Databases.

Clear the Postgres Password

Note that clearing PostgreSQL passwords requires a restart of the corresponding internal PostgreSQL instance.

  1. On the Alation host, enter the Alation shell:

    sudo /etc/init.d/alation shell
    
  2. To clear the password from the internal server database (Rosemeta), run the following command:

    alation_conf pgsql.config.password -c
    
  3. To clear the password from the Alation Analytics V1 database, run the following command:

    alation_conf alation_analytics.pgsql.password -c
    
  4. Deploy the configuration:

    alation_action deploy_conf_all
    
  5. If you cleared the Rosemeta password, restart the Postgres service for Rosemeta:

    alation_action stop_postgres
    alation_action start_postgres
    
  6. If you cleared the Alation Analytics V1 password, restart the Postgres service for Alation Analytics V1:

    alation_action stop_alation_analytics_postgres
    alation_action start_alation_analytics_postgres
    
  7. To check that the password has been cleared:

    alation_conf pgsql.config.password
    alation_conf alation_analytics.pgsql.password
    

    The parameter(s) should display an empty value.

  8. Exit the Alation shell: exit .