Deployment and Operations

Installing and Configuring TimescaleDB for Storing Audit Events

Learn how to install and configure TimescaleDB for storing Cloudentity Audit Events.

What Is TimescaleDB

TimescaleDB is a relational database for time-series data that Cloudentity uses to store Audit Data.

Install TimescaleDB in Kubernetes Cluster

  1. Create a namespace for timescaledb.
kubectl create namespace acp-db

Prepare configmap

  1. Create create_extra_dbs.sh that will create database for Cloudentity to use. Write the following content to the file:

    #!/bin/bash
    
    psql -d "$1" <<__SQL__
    CREATE ROLE acp WITH LOGIN SUPERUSER;
    CREATE DATABASE acpdb OWNER acp;
    GRANT ALL PRIVILEGES ON DATABASE acpdb TO acp;
    __SQL__
    
  2. Upload create_extra_dbs.sh to kubectl.

    kubectl create configmap timescale-post-init --from-file=create_extra_dbs.sh --namespace acp-db
    

Prepare passwords setup

  1. Create set_passwords.sh file (remember to replace password with your own).

    #!/bin/bash
    psql -d "$1" --file=- --set ON_ERROR_STOP=1 << __SQL__
    SET log_statement TO none;      -- prevent these passwords from being logged
    ALTER USER acp WITH PASSWORD 'PaSsW0rD';
    __SQL__
    
  2. Create a secret.

    kubectl create secret generic timescale-post-init-pw --from-file=set_passwords.sh --namespace acp-db
    

Install timescaleDB

  1. Prepare the configuration file i.e. config.yaml.

    postInit:
      - configMap:
          name: timescale-post-init
      - secret:
          name: timescale-post-init-pw
    
  2. To install the TimescaleDB database, execute the following command in your terminal:

    helm repo add timescale 'https://charts.timescale.com'
    helm repo update
    helm upgrade --install timescaledb --namespace acp-db timescale/timescaledb-single -f config.yaml --version 0.13.1
    

Configure TimescaleDB

To configure your TimescaleDB, add your configuration to the values.yaml file and apply the changes:

config:
  create: true
  data:
    timescale:
      enabled: true
      url: postgres://acp:PaSsW0rD@timescaledb.acp-db.svc.cluster.local/acpdb

Verify

After acp starts succesfuly, login to Cloudentity UI and check if the analytics dashboard for your tenant is displayed.

Analytics dashboard

Troubleshooting

If, after the installation, you get the following error message in Cloudentity:

{"error":"FATAL: pg_hba.conf rejects connection for host \"10.244.0.34\", user \"acp\", database \"acpd\", no encryption (SQLSTATE 28000)","level":"fatal","msg":"failed to run ./migrations/timescale migrations","time":"2022-09-29T08:47:09Z"}

Check pg_hba.conf in your timescaledb and add sslmode=require in Cloudentity config to your timescaledb connection string (config.data.timescale.url). Your URL should then look similar to the one below:

url: postgres://acp:PaSsW0rD@timescaledb.acp-db.svc.cluster.local/acpdb?sslmode=require