6 Tips for Configuring Firewall To Manage VCSA 6.5 Postgres Database Remotely (VMware UnSupported)

vSphere 6.5, the latest version of its industry-leading virtualization platform. vSphere 6.5 makes the vCenter Server Appliance the fundamental building block of a vSphere environment. . Since  most the new features such as vCenter 6.5 Native HA ,etc are only available with vCenter Server appliance. It is important to learn to manage and troubleshoot the VCSA 6.5 and VCSA 6.5 Embedded VPostgres Database.  In my previous article, I have explained how to interact with VCSA 6.5 Embedded VPostgres Database from the bash shell of VCSA 6.5. But we may also use some of the remote Database management tools to manage VCSA 6.5 Embedded VPostgres Database remotely. By default, Remotely managing VCSA 6.5 Embedded VPostgres Database is not allowed. We need to configure the VCSA firewall to enable the remote management of VCSA 6.5 Postgres database. In this article, I am going to explain in simple 6 steps to configure VCSA 6.5 firewall to Manage VCSA 6.5 Postgres Database Remotely using Postgres remote management tools such as pgAdmin.

NOTE: It is not recommended to Manage VCSA 6.5 Postgres Database Remotely. This is for LAB and Test Purposes. Kindly contact VMware Support for any assistance required to manage and troubleshoot VCSA Postgres database.

6 Steps for Configuring Firewall To Manage VCSA 6.5 Postgres Database Remotely

1.Connect to the SSH of VCSA 6.5 using root credentials and Open the /etc/vmware/appliance/firewall/vmware-vpostgres in a text editor using the below command.

vi /etc/vmware/appliance/firewall/vmware-vpostgres

Add the below lines in “/etc/vmware/appliance/firewall/vmware-vpostgres” and exit the VI editor.  Below firewall configuration allows the inbound connection  on TCP post using the port number “5432” Which will allow you to Manage VCSA 6.5 Postgres Database remotely.

{
  "firewall": {
    "enable": true,
    "rules": [
    {
      "direction": "inbound",
      "protocol": "tcp",
      "porttype": "dst",
      "port": "5432",
      "portoffset": 0
    }
  ]
},
  "internal-ports": {
  "rules": [
      {
        "name": "server_port",
        "port": 5432
      }
    ]
  }
}

 Manage VCSA 6.5 Postgres Database Remotely

2. Run the below command to reload the firewall for the above configuration entry to take effect

/usr/lib/applmgmt/networking/bin/firewall-reload

Configuring Firewall to Manage VCSA 6.5 Postgres Database Remotely_2

3. Navigate to /storage/db/vpostgres/ using the below command

cd /storage/db/vpostgres/

4. Backup the pg_hba.conf and postgresql.conf files using the below commands

cp pg_hba.conf pg_hba.conf.bak

cp postgresql.conf postgresql.conf.bak

 Manage VCSA 6.5 Postgres Database Remotely

5. Edit the pg_hba.conf using the text editor and add the below lines. The network subnet can be the remote subnet from where you want to Manage VCSA 6.5 Postgres Database Remotely. In my case, My subnet is 192.168.0.0/24. It will be based on your remote subnet network . Exit the text editor.

# IPv4 remote connections:
host   all    all       192.168.0.0/24 trust

Configuring Firewall to Manage VCSA 6.5 Postgres Database Remotely_4

6. Edit the postgresql.conf using the file editor and ensure the below line is present

listen_addresses = '*'

Configuring Firewall to Manage VCSA 6.5 Postgres Database Remotely_5

Once all the above steps are completed. Restart the Postgres service using the below command.

 Service-control --restart vmware-vpostgres

That’s it. We are done with configuring the VCSA firewall to Manage VCSA 6.5 Postgres Database Remotely using remote database management tools. In the next step, We will see how to manage VCSA Embedded database using remote database management tools. I hope this is informative for you. Thanks for Reading!!!. Be social and share it in social media, if you feel worth sharing it.