Skip to content

Single Node Docker Advanced Configuration

Audience: System Administrators

Content Summary: This page contains the advanced configuration options for a Single Node Docker.

Custom pg_hba.conf Rules

To support Query Engine Authentication, the Single Node Docker installation provides a method to configure your own pg_hba.conf rules. Custom pg_hba.conf rules are appended to the top of the default pg_hba.conf file. pg_hba.conf rules are evaluated from top to bottom, selecting the first match. See the instructions below for enabling custom pg_hba.conf rules:

Ensure ${IMMUTA_HOME} is configured

Prior to executing any of the advanced configuration commands below, ensure your ${IMMUTA_HOME} environment variable is properly set.

env | grep 'IMMUTA_'

If not set, re-source your immuta-env file as detailed in Single Node Docker Install, Step 2.

  1. Create a text-file containing your pg_hba.conf rules at ${IMMUTA_HOME}/volumes/db/custom_pg_hba.conf.

    custom_pg_hba.conf

    host immuta +<IAMID>_user 0.0.0.0/0 ldap ldapserver="<LDAP SERVER>" ldapbinddb="<BIND DN>" ldapbindpasswd="<BIND PASSWORD>" ldapbasedn="<BASE DN>" ldapsearchfilter="<LDAP SEARCH FILTER>"
    
  2. Set permissions for pg_hba.conf.

    chown 1000:1000 "${IMMUTA_HOME}/volumes/db/custom_pg_hba.conf"
    chmod 600 "${IMMUTA_HOME}/volumes/db/custom_pg_hba.conf"
    
  3. Add CUSTOM_PG_HBA_FILE environment variable to db service in docker-compose.yaml.

    services:
      db:
        # ...
        environment:
          CUSTOM_PG_HBA_FILE: "/var/run/immuta/custom_pg_hba.conf"
          # ...
    
  4. Add bind mount volume to db service in docker-compose.yaml.

    services:
      db:
        # ...
        volumes:
          - "<IMMUTA_HOME>/volumes/db/custom_pg_hba.conf:/var/run/immuta/custom_pg_hba.conf"
          # ...
    
  5. Stop, remove, and then restart containers.

    docker-compose down
    docker-compose up -d