Installation
PostgreSQL version 16.9 or higher is required.
To install PostgreSQL in an air-gapped environment, download the required packages on a preparation machine and then transfer them to the air-gapped server. The preparation machine should have internet access and run the same operating system version as the target server.
Prerequisites
Before installing the PostgreSQL service, ensure the following requirements are met.
| Requirement | Description |
|---|---|
| Operating System | Debian 12+, Ubuntu 22.04+, Rocky Linux 9+, or RHEL 9+. |
| Privileges | root or sudo privileges on both the preparation machine and the air-gapped server. |
| Hardware | Minimum 8 vCPU and 16 GB RAM. |
| Disk space | At least 1 TB of available storage on SSD or NVMe for optimal performance. Approximately 4 GB of storage is required per 1 million scanned objects for a deployment with 5 MD Core instances running 8 AV engines each. |
| Network access | Required port is open (default port: 5432). A minimum network bandwidth of 1 Gbps is required. A bandwidth of 5 Gbps or higher is strongly recommended for production deployments. |
| Offline Package Transfer | A USB drive or other secure transfer medium is required to move the packages to the air-gapped server. |
Debian, Ubuntu
Prepare packages
- On the preparation machine, run commands.
xxxxxxxxxx# Set PostgreSQL version, replace "16" by the version you wantPOSTGRESQL_VERSION=16 # Install apt-rdependssudo apt install -y apt-rdepends # Automated repository configurationsudo apt install -y postgresql-commonecho "" | sudo /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh # Automated get VERSION_CODENAMEsource /etc/os-releaseecho "Using VERSION_CODENAME: $VERSION_CODENAME" # Add PostgreSQL software repositorysudo tee /etc/apt/sources.list.d/pgdg.sources <<EOFTypes: deb deb-srcURIs: https://apt.postgresql.org/pub/repos/aptSuites: $(echo $VERSION_CODENAME)-pgdgArchitectures: amd64Components: mainSigned-By: /usr/share/postgresql-common/pgdg/apt.postgresql.org.ascEOF sudo apt update # Download packagemkdir -p postgresql-$POSTGRESQL_VERSION-offline && cd postgresql-$POSTGRESQL_VERSION-offlineapt-get download postgresql-$POSTGRESQL_VERSION postgresql-contrib # Download dependencies tooapt-rdepends -p postgresql-$POSTGRESQL_VERSION \ | grep -v "^ " \ | grep -v "^debconf" \ | xargs -I {} bash -c 'apt-get download "{}" || true' cd ..- Copy the
postgresql-<version>-offlinefolder to a USB drive or secure transfer medium. - Move it to the air-gapped server.
Install PostgreSQL
- On the target server, insert the USB drive or secure transfer medium.
- Run the commands below in the
postgresql-<version>-offlinefolder.
xxxxxxxxxx# Installsudo dpkg -i ./*.deb # Configures PostgreSQL to start automatically whenever the system bootssudo systemctl enable --now postgresql # Setup login passwordsudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '<your_password>';"Open connection
- Locate the PostgreSQL data directory on your server.
xxxxxxxxxx/etc/postgresql/<version>/main/- To allow remote connections, open the
postgresql.conffile and configure the following setting:
xxxxxxxxxxlisten_addresses = '*'- To allow MetaDefender Cluster services to access the database, open the
pg_hba.conffile and add the following rule.
xxxxxxxxxxhostssl all all 0.0.0.0/0 scram-sha-256- Restart the PostgreSQL service to apply the changes.
xxxxxxxxxxsudo systemctl restart postgresqlRocky, RHEL 9
Prepare packages
- On the preparation machine, run commands.
# Set PostgreSQL version, replace "16" by the version you wantPOSTGRESQL_VERSION=16 # Install the repository RPMsudo dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm # Disable the built-in PostgreSQL modulesudo dnf -qy module disable postgresql # download packages (not install)mkdir -p postgresql-$POSTGRESQL_VERSION-offline \ && cd postgresql-$POSTGRESQL_VERSION-offline \ && sudo dnf download --resolve --alldeps --downloaddir . postgresql$POSTGRESQL_VERSION-server \ && sudo dnf download --resolve --alldeps --downloaddir . postgresql$POSTGRESQL_VERSION-contrib \ && cd ..- Copy the
postgresql-<version>-offlinefolder to a USB drive or secure transfer medium. - Move it to the air-gapped server.
Install PostgreSQL
- On the target server, insert the USB drive or secure transfer medium.
- Run the commands below in the
postgresql-<version>-offlinefolder.
xxxxxxxxxx# Set PostgreSQL version, replace "16" by the version you wantPOSTGRESQL_VERSION=16 # Installsudo dnf install -y ./*.rpm --disablerepo * --nobest --skip-broken # Configures PostgreSQL to start automatically whenever the system bootssudo /usr/pgsql-$POSTGRESQL_VERSION/bin/postgresql-$POSTGRESQL_VERSION-setup initdbsudo systemctl enable --now postgresql-$POSTGRESQL_VERSION # Setup login passwordsudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '<your_password>';"Sometimes, other dependencies require upgrading. Example:
You should manually download the dependencies using the command dnf download --resolve --alldeps --downloaddir . <package_names> . Then copy them to the postgresql-<version>-offline folder and install again.
Open connection
- Locate the PostgreSQL data directory on your server.
xxxxxxxxxx/var/lib/pgsql/16/data- To allow remote connections, open the
postgresql.conffile and configure the following setting:
xxxxxxxxxxlisten_addresses = '*'- To allow MetaDefender Cluster services to access the database, open the
pg_hba.conffile and add the following rule.
xxxxxxxxxxhost all all 0.0.0.0/0 scram-sha-256- Restart the PostgreSQL service to apply the changes.
xxxxxxxxxxsudo systemctl restart postgresql-16Was this page helpful?