Installing pgAdmin4 on Centos 7

12. marec 2018 - Avtor Tadej Borovšak

12. marec 2018
Avtor Tadej Borovšak

In this post, we will install pgAdmin 4 on a CentOS 7 server using ansible.


In this post, we will assume that we have access to CentOS 7 machine/VM with proper credentials that can be fed to ansible through inventory. Most of the steps will also assume that we have SELinux set to enforcing.

Installing Apache web server

Before we can start installing pgAdmin, we need to install and configure Apache that will serve the application. On CentOS 7, we need to install httpd and mod_wsgi packages and then start the server. Ansible tasks that achieve this would look something like this:

- name: Install Apache
    name: "{{ item }}"
    - httpd
    - mod_wsgi

- name: Start Apache
    name: httpd
    enabled: yes
    state: started

Running this through ansible will install and start the server that can be used to serve static files and wsgi apps. But by default, wsgi applications will not be allowed to connect to database, which means that we need to fix some SELinux stuff.

Fortunately for us, fixing this error just means setting httpd_can_network_connect_db SELinux boolean to true. And in ansible language, this means adding the following task to the playbook:

- name: Allow apache to access db
    name: httpd_can_network_connect_db
    state: yes
    persistent: yes

Note that we marked the boolean flag change as persistent in order to, well, persist it;) This way the flag setting will not be lost during system reboot.

Now we are ready to install the pgAdmin onto this server.

Installing pgAdmin

We start the installation by adding PostgreSQL 10 yum repository. Please note that the version in the next task was latest stable at the time of the post creation. Always use the latest stable version from the PostgreSQL RPM build project in order to keep your installation secure.

- name: Add PostgreSQL 10 repo

pgAdmin will also require some packages that are only available in EPEL repo, so we will go ahead and add that repository too:

- name: Add EPEL
    name: epel-release

Now we can actually install pgAdmin web package that contains the wsgi application our Apache will serve:

- name: Install pgAdmin4
    name: pgadmin4-v2-web

Before we can start using the pgAdmin, we must create the required folder layout on disk and add first admin user. pgAdmin comes bundled with script that does this for us, all we have to do is run it with proper environment variables set.

- name: Initialize pgAdmin4
  command: python /usr/lib/python2.7/site-packages/pgadmin4-web/
    creates: /var/lib/pgadmin/pgadmin4.db
    PGADMIN_SETUP_EMAIL: [email protected]
    PGADMIN_SETUP_PASSWORD: correct horse battery staple

Please do note that we used creates argument for the command ansible module here in order to avoid inadvertently running over the existing pgAdmin configuration. This does not matter much for the initial installation, but we should try getting into a habit of always thinking about our end-users and how not to delete their data.

All that is left for us to do now is inform Apache about our latest and greatest pgAdmin installation. And thanks to the pgAdmin authors and packagers that prepared Apache configuration for us, we can do this with a simple copy command:

- name: Install pgAdmin4 site config
    src: /etc/httpd/conf.d/pgadmin4-v2.conf.sample
    dest: /etc/httpd/conf.d/pgadmin4-v2.conf
    remote_src: yes
  notify: Restart apache

Taking care of the notify stuff is left as an exercise for the reader. And we are done, right? Wrong. Navigating to the, we will be greeted by big fat Internal Server Error. We need to fix permissions for the pgAdmin runtime stuff. And here is how we do this:

- name: Fix pgAdmin permissions
    path: "{{ item }}"
    setype: httpd_sys_content_rw_t
    owner: apache
    group: apache
    recurse: yes
    - /var/log/pgadmin
    - /var/lib/pgadmin

Note that we are fixing two problems at once here:

  1. we are setting the ownership bits to something that will allow Apache to read and write those files, and
  2. notifying SELinux that it is OK to let Apache write to those files.

And now we are done. Stay sharp and see you next time.

Družbena omrežja

Ostanite v stiku z nami.