Configuring the PEM agent v9
Prerequisites
You have installed the PEM agent.
Note
Do not configure PEM agents with enable_smtp
, enable_snmp
, or enable_webhook
set to true
in the agent.cfg
file to connect through PgBouncer. SNMP, SMTP, and Webhook spoolers use the LISTEN/NOTIFY mechanism provided by Postgres to send notifications asynchronously. Since PgBouncer doesn’t support the LISTEN/NOTIFY mechanism in transaction mode, connecting the agent to PgBouncer can cause notifications to be delayed or not delivered at all. Instead, connect the PEM agent directly to the PEM backend database.
Now you can choose to configure a new PEM agent or use an existing PEM agent for PgBouncer.
Configuring a new PEM agent
After installing the PEM agent, configure it to work with a particular PEM database server. Use the following command:
In this command, the --pem-agent-user
argument instructs the agent to create an SSL certificate and key pair for the pem_agent_user1 database user in the /root/.pem
directory.
For example:
The PEM agent uses the keys to connect to the PEM database server as pem_agent_user1. It also creates an agent configuration file named /usr/edb/pem/agent/etc/agent.cfg
.
A line mentioning the agent-user to use appears in the agent.cfg
configuration file. For example:
Configuring an existing PEM agent
If you're using an existing PEM agent, you can copy the SSL certificate and key files to the target machine and reuse the files. You must modify the files, adding a new parameter and replacing some parameters in the existing agent.cfg
file.
Add a line to use agent_user as the agent:
Update the port to specify the PgBouncer port:
Update the certificate and key path locations:
As an alternative, you can run the agent self-registration script. However, that process creates a new agent id. If you run the agent self-registration script, you must replace the new agent id with the existing id and disable the entry for the new agent id in the pem.agent
table. For example:
Note
Keep a backup of the existing SSL certificate, key file, and agent configuration file.