# Installing pgAdmin4 on Centos 7

WORDS BY   Tadej Borovšak

POSTED IN   postgresql | pgadmin4 | centos | ansible

In this post, we will install pgAdmin 4 on a CentOS 7 server using ansible.

## Prerequisites

In this post, we will assume that we have access to CentOS 7 machine/VM with proper credentials that can be fed to ansible through inventory. Most of the steps will also assume that we have SELinux set to enforcing.

## Installing Apache web server

Before we can start installing pgAdmin, we need to install and configure Apache that will serve the application. On CentOS 7, we need to install httpd and mod_wsgi packages and then start the server. Ansible tasks that achieve this would look something like this:

- name: Install Apache
package:
name: "{{ item }}"
with_items:
- httpd
- mod_wsgi

- name: Start Apache
service:
name: httpd
enabled: yes
state: started


Running this through ansible will install and start the server that can be used to serve static files and wsgi apps. But by default, wsgi applications will not be allowed to connect to database, which means that we need to fix some SELinux stuff.

Fortunately for us, fixing this error just means setting httpd_can_network_connect_db SELinux boolean to true. And in ansible language, this means adding the following task to the playbook:

- name: Allow apache to access db
seboolean:
name: httpd_can_network_connect_db
state: yes
persistent: yes


Note that we marked the boolean flag change as persistent in order to, well, persist it;) This way the flag setting will not be lost during system reboot.

Now we are ready to install the pgAdmin onto this server.

## Installing pgAdmin

We start the installation by adding PostgreSQL 10 yum repository. Please note that the version in the next task was latest stable at the time of the post creation. Always use the latest stable version from the PostgreSQL RPM build project in order to keep your installation secure.

- name: Add PostgreSQL 10 repo
package:
name: https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-centos10-10-2.noarch.rpm


pgAdmin will also require some packages that are only available in EPEL repo, so we will go ahead and add that repository too:

- name: Add EPEL
yum:
name: epel-release


Now we can actually install pgAdmin web package that contains the wsgi application our Apache will serve:

- name: Install pgAdmin4
yum:
name: pgadmin4-v2-web


Before we can start using the pgAdmin, we must create the required folder layout on disk and add first admin user. pgAdmin comes bundled with setup.py script that does this for us, all we have to do is run it with proper environment variables set.

- name: Initialize pgAdmin4
command: python /usr/lib/python2.7/site-packages/pgadmin4-web/setup.py
args:
creates: /var/lib/pgadmin/pgadmin4.db
environment:
PGADMIN_SETUP_EMAIL: admin@xlab.si
PGADMIN_SETUP_PASSWORD: correct horse battery staple


Please do note that we used creates argument for the command ansible module here in order to avoid inadvertently running over the existing pgAdmin configuration. This does not matter much for the initial installation, but we should try getting into a habit of always thinking about our end-users and how not to delete their data.

All that is left for us to do now is inform Apache about our latest and greatest pgAdmin installation. And thanks to the pgAdmin authors and packagers that prepared Apache configuration for us, we can do this with a simple copy command:

- name: Install pgAdmin4 site config
copy:
src: /etc/httpd/conf.d/pgadmin4-v2.conf.sample
dest: /etc/httpd/conf.d/pgadmin4-v2.conf
remote_src: yes
notify: Restart apache


Taking care of the notify stuff is left as an exercise for the reader. And we are done, right? Wrong. Navigating to the webserver.name/pgAdmin4, we will be greeted by big fat Internal Server Error. We need to fix permissions for the pgAdmin runtime stuff. And here is how we do this:

- name: Fix pgAdmin permissions
file:
path: "{{ item }}"
setype: httpd_sys_content_rw_t
owner: apache
group: apache
recurse: yes
with_items:
- /var/log/pgadmin
- /var/lib/pgadmin


Note that we are fixing two problems at once here:

1. we are setting the ownership bits to something that will allow Apache to read and write those files, and
2. notifying SELinux that it is OK to let Apache write to those files.

And now we are done. Stay sharp and see you next time.