Community
Select to view content in your preferred language

EGDB Postgres Azure Flexible Server - SuperUser privileges

274
3
09-30-2024 12:06 AM
Bernd_Loigge
by
Occasional Contributor
‎09-30-2024 12:06 AM

We are currently in the process of moving our Enterprise Postgres Single Server Geodatabase to Postgres Flexible Server as Single Server will retire soon. We found an older blog post where an issue is described that on flexible server no SuperUser rights will be available anymore. 

So far with adopting a few things we managed to test the migration using Azure functionality on our staging system and we were able to migrate roles, permissions and data tables. A clone of the DB was created.

But we are unsure if there will be other limitations in the future using flexible server where the SDE user will not have SuperUser privileges.

Has anyone else experienced any limitations using Postgres Azure flexible Server  and running an Enterprise Geodatabase?

3 Replies
Geoeki
by
Regular Contributor
‎09-30-2024 03:47 AM

I would also like to know this as we're planning upgrading to ArcGIS Enterprise 11.3! According to this help ressource, from ArcGIS Enterprise 11.2 onwards Microsoft Azure Database for PostgreSQL Flexible Server should be supported. Can someone confirm that he/she hasn't run into issues when the SDE user doesn't have superuser privilages anymore?

0 Kudos
ChristopherThompson3
by
New Contributor
a week ago

I've had mixed results with this. I'm also attempting to create egdbs in Azure Postgres Flexible Server. Until very recently, I could create a egdb by following this process:

  1. Connect to the database as administrator
    1. psql -U <admin user> -h <hostname> -d postgres
  2. Create the database
    1. CREATE DATABASE "database_name";
  3. Create the sde role (user)
    1. CREATE ROLE sde WITH LOGIN PASSWORD '<password>';
  4. Grant all privileges on the database to the sde role
    1. GRANT ALL PRIVILEGES ON DATABASE "database_name" TO sde;
  5. Connect to the database as administrator
    1. \c "database_name"
  6. Create the sde schema
    1. CREATE SCHEMA sde;
  7. Grant all rights on the sde schema to the sde role
    1.  GRANT ALL ON SCHEMA sde TO sde;
  8. Enable the POSTGIS extension in Azure Database for PostgreSQL flexible server
    1. Settings > Server Parameters
    2. Search for "azure.extensions"
    3. Enable POSTGIS (for enterprise geodatabase) extension and Save
  9. Create the extension
    1. CREATE EXTENSION IF NOT EXISTS postgis;
  10. Grant usage on the sde schema to the public role
    1. GRANT USAGE ON SCHEMA sde TO public;
  11. Use the "Enable Enterprise Geodatabase" tool in ArcGIS Pro with your authorization file

This worked until just sometime within the last few days. Then, I started getting this error in my sde_setup.log:

[11:37:22.894] In SE_arcsde_schema_setupEx() ...
[11:37:22.894] Calling sdepgsrvr.dll::DB_arcsde_setup() ...
[11:37:22.932] ev.SQLstate = 42P01
SDE DBMS Error: -37 ERROR: relation "pg_dist_node" does not exist
LINE 1: SELECT nodename FROM pg_dist_node WHERE position('innovation...
^
[11:37:22.951] Current bytea_output setting in postgresql.conf is "hex".
Require 2 bytes of storage for each byte of input data.
[11:37:22.996] db_execute_sql Execute Error (-25).
[11:37:22.996] ERROR: CREATE EXTENSION POSTGIS SCHEMA PUBLIC failed (-25)
ERROR: Only members of "azure_pg_admin" are allowed to use CREATE EXTENSION
SQLSTATE=42501
[11:37:22.997] ERROR installing/upgrading ArcSDE, Error = -25
File: C:\Users\CJTHOM~1\AppData\Local\Temp\sde_setup.log
Mode:
GMT Time: 2024-10-23T16:47:28+00.00
Local Time: 2024-10-23T11:47:28-05:00

So I added my sde user to the "azure_pg_admin" role, and I'm able to create and then enable egdbs again. I'm desperately trying to figure out what's changed in the last week but haven't been able to figure it out. I think some backend update to Azure Postgres but I'm not sure.

0 Kudos
Bernd_Loigge
by
Occasional Contributor
a week ago

Hi @ChristopherThompson3 ,

As we needed to actually restore a EGDB that was already in use for several years and is already quite big with a lot of schemas we ultimately switched to a VM solution managing Postgre on our own. We managed to switch to the flexible server but upgrading to PG14 from 11 wasn't possible after trying for a whole week. Azure flexible server doesn't even provide good logging (although enabled) so we couldn't even figure out the issues during upgrading. Azure support was also not very helpful. We found this blog post  where a lot of issues are listed with flexible server. Additionally with the missing SuperUser rights on the flexible server and the complex structure of ESRI enterprise we decided that running / managing PG on our own is the only reliable solution.