Lab Notes – vCloud Director 9.1 for Service Providers – Part 2: PostgreSQL Installation

Written by Sam McGeown
Published on 10/7/2018 - Read in about 3 min (509 words)

This series was originally going to be a more polished endeavour, but unfortunately time got in the way. A prod from James Kilby (@jameskilbynet) has convinced me to publish as is, as a series of lab notes. Maybe one day I’ll loop back and finish them…

Installing PostgreSQL 10 Server

The base OS for the PostgreSQL server is CentOS7, deployed from the same template and with the same preparation as detailed in the prerequisites post.

Install PostgreSQL and configure

Add the correct repository (OS and processor) for the base VM - for my CentOS7 64-bit installation, based on the PostgreSQL web site. I used the following command:

rpm -Uvh

Install PostgreSQL server and client tools:

yum install -y postgresql10-server postgresql10

Change the default postgres user password

passwd postgres

Then initialise PostgreSQL

/usr/pgsql-10/bin/postgresql-10-setup initdb

Finally, start, enable and validate the service:

systemctl start postgresql-10

systemctl enable postgresql-10

systemctl status postgresql-10

Create the vCloud Director and vRO Database

To create a database for vCloud Director to use, switch to the postgres user and open the psql command line:

sudo -u postgres -i


Then create the databases and users required - one for vCloud Director, and one for the vRealize Orchestrator cluster:

create user vcloud;

alter user vcloud password ‘VMware1!’;

alter role vcloud with login;

create database vcloud;

grant all privileges on database vcloud to vcloud;

create user vro;

alter user vro password ‘VMware1!’;

alter role vro with login;

create database vro;

grant all privileges on database vro to vro;

Quit psql with \q, then exit back to the root prompt.

Configure remote PostgreSQL access

In order to allow remote access from the vCloud Director Cells, and vRealize Orchestrator, we need to add some configuration to the PostgreSQL configuration files.

These two commands add a line to the pg_hba.conf file, allowing the user vcloud access to the database vcloud, and the user vro to access the database vro from the vcd-sql subnet. You could specify individual hosts to increase security, but I’m going to be using the NSX distributed firewall to secure these connections too, so the subnet will suffice.

echo “host vcloud vcloud md5” » /var/lib/pgsql/10/data/pg_hba.conf

echo “host vro vro md5” » /var/lib/pgsql/10/data/pg_hba.conf

By default, PostgreSQL will be listening on it’s internal loopback address. To configure PostgreSQL to listen on all addresses, the following lines need to be added to the postgresql.conf file:

echo “listen_addresses = ‘*’” » /var/lib/pgsql/10/data/postgresql.conf

echo “port = 5432” » /var/lib/pgsql/10/data/postgresql.conf

Finally, open the host-based firewall to allow in-bound connections from the same two IP subnets:

firewall-cmd -permanent -zone=trusted -add-source=

firewall-cmd -permanent -zone=trusted -add-port=5432/tcp

firewall-cmd -reload

Restart PostgreSQL

Systemctl restart postgresql-10

Configure PostgreSQL Performance Tuning

For production deployments, there are some recommended tuning settings specified in the following KB. These settings are specifically tuned for the size of PostgreSQL server deployed in my lab, so I have implemented them -

Testing Remote Access

In order to validate the PostgreSQL configuration, database setup, network, and firewall configuration, connect to the PostgreSQL database from one of the vCloud Director cell VMs to ensure access:

Share this post