[Satellite 6] How to manage postgresql.conf and pg_hba.conf files with satellite

Solution Verified - Updated 6 Mar 2025

Environment

Red Hat Satellite 6.8 and later

Issue

The Security team would like to remotely connect to the postgreSQL 'foreman' database directly to collect per host errata stats. how to give access to external user from a specific server.
How to configure postgresql.conf and pg_hba.conf so that the modifications do not get overwritten by a Satellite installer run.

How to configure postgresql.conf and pg_hba.conf as below:

  postgresql.conf:
  listen_addresses = '*'
  
  pg_hba.conf:
  # Rule Name: allow access to external user
  # Description: Permit connection from 192.0.2.1 to foreman database
  # Order: 100
  #host   DATABASE        USER            ADDRESS         METHOD  [OPTIONS]
  host    foreman         externaluser        192.0.2.1/24              md5

Resolution

Unsupported Procedure: The following information has been provided by Red Hat, but is outside the scope of the posted Service Level Agreements and supported procedures. The information is provided as-is and any configuration settings or installed applications made from the information in this article could make the Operating System unsupported by Red Hat Global Support Services. The intent of this article is to provide information to accomplish the system's needs.

Disclaimer: Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.

Red Hat properties include, but are not limited to, the following:

redhat.com
openshift.com
www.jboss.org

Add the desired changes to /etc/foreman-installer/custom-hiera.yaml, e.g.:

  postgresql::server::pg_hba_rules:
   host externalUser:
     type: 'host'
     database: 'foreman'
     user: 'externaluser'
     address: '192.168.10.5/24'
     auth_method: 'md5'
     order: '100'
  
  postgresql::server::config_entries:
     listen_addresses: '*'

Run Satellite installer:
```
  satellite-installer --verbose
```
Review the Satellite managed files:
- /var/opt/rh/rh-postgresql12/lib/pgsql/data/postgresql.conf
- /var/opt/rh/rh-postgresql12/lib/pgsql/data/pg_hba.conf
For creating external user, you can follow the below kcs :
How to create a PostgreSQL Read-Only user for Satellite 6
Reference : Content from forge.puppet.com is not included.Content from forge.puppet.com is not included.https://forge.puppet.com/modules/puppetlabs/postgresql/reference#pg_hba_rules

Root Cause

The built in PostgreSQL database is not externally accessible by default.
Changes to the PostgreSQL database configuration are overwritten by satellite-installer.

SBR

SysMgmt

Product(s)

Red Hat Satellite

Components

postgresql

Category

Configure

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.