The server only needs to be set up on one machine where you want the database to reside. Theatre Manager can be set up on as many machines as you wish.
|
|
Replication is a feature of Postgres and is automatically set up for venues using AMS Cloud. Self service venues may set this up if they wish - the support team is unable to help you. | |
If you are using PCI schedule 'A", 'B', or 'C' compliance, credit card information will never pass through the database and it can effectively be taken out of PCI scope. |
Refer to Postgres security notices for list of security issues addressed in each version.
The server needs to be set up on one machine and the application can be set up on as many machines as you wish.
Follow these steps if you are using the Theatre Manager TMPostgresSetup installer program; you may want to bookmark this page in your browser in case you want to refer to these installation steps. If you are only installing a demo, refer to the last column for required steps.
task | Description | Full Install | Demo |
1 | download the PostgreSQL installer for Mac | yes | yes |
2 | the installation of the PostgreSQL SQL server | yes | yes |
3 | configuration of the server parameters for maximizing performance in a production database | yes | no |
4 | creating a daily backup job using TM Server | yes | no |
5 | Turn off energy saving, airport and other energy saving features | yes | no |
6 | (Optional) Implement hot database standby server depending on load and other considerations. | no | no |
The actual Postgres install process is part of the install process. If you cancel the setup of Postgres, you can always start it again by repeating the process from the start.
Before starting the install, please check that the computer date and timezone settings are correct. Failure to do so may cause Postgres to think it is in a different timezone. | |
If you are unable to install, you might need to use the following commands in terminal before running the installer More info is under disable power saving settings - Step 1:
sudo spctl --master-disable
|
1. |
|
2. |
Click Continue on the Licence Agreement screen after reading it.
|
3. |
Click Install to begin the actual install.
|
4. |
You will need to enter an administrator user ID and password to continue
|
5. |
You will see the installation progress as the Postgres database engine is installed
|
5. |
When the isntaller is finished successfully, click the Close button
|
The general steps are:
An easy way to determine key config parameters is to use pgtune and paste the results at the bottom of the postgresql.conf file (don't forget to add ssl=on and Bonjour=on to the results). |
In order for clients to connect to the server, their IP address must be in the allowed list of users. The two common authentication methods that you will see being used for Theatre Manager clients are MD5 and trust.
1. |
The first changes to make involve the pg_hba.conf file and the postgres.conf file. To do so, you'll need to use VI (a text editor) and be the postgres user in Terminal. To do this, start Terminal and type
su - postgres enter the password |
2. | Go to the postgres data directory by typing
cd data |
3. | Edit the postgres pg_hba.conf file that contains the addresses to listen on. Type
VI pg_hba.conf (full pathname is /Library/Postgresql/[version]/data/pg_hba.conf) You should see a page of information. If you do not, then type 'Shift Q' and then just a 'q', after which you can start the process over. If you see the list of text similar to the right, then: Use the down arrow on your keyboard to go to the very end of the file.
|
4. | When you are at the end of the file, use the up arrow on your keyboard so that you are right after the first line in the IPv4 settings, where it says 'host all all 127.0.0.1/32 trust'. In the example the cursor is on the '#' on the line after. type the
key and the message at the bottom will change to Insert. |
5. | Edit the pg_hba.conf so that its final settings are similar to the window on the right. Type directly into Terminal so the data looks like the window above. Use the Delete key to get rid of characters. You will likely end up typing the following lines where the first one is your subnet. This is the most typical example we've seen at venues NOTE: For the 127.0.0.1/32 option, edit the handshaking to be TRUST at the end of the line to allow backups to run unaided. NOTE: If your machine uses IPv6 (the new internet IP setting standard), you may also need to set ::1/128 to be TRUST instead of md5. If so, edit that line to look like:
NOTE: If you are running version 9.0 or higher of Postgres in a Mac environment the local all all line should be set to TRUST. NOTE: You may also need to edit the local all all line from md5 to TRUST. This can be determined if the backup script will not run without a password after changing the settings above for 127.0.0.1 and ::1/128. The line you added (or need to add) are for:
At the end of the subnet, the /24 refers to a complete subnet when you want any machine on the subnet to access the database as per CIDR rules. This is what is used most often. The /32 refers to a particular machine. If you use this option, you will need to provide the exact computer IP that you want to allow to access the database. |
6. | At the end, type, in this order: hit the esc key (the insert mode will dissappear) Shift Q (the window will show the 'Entering Ex mode' message) wq and the window will clear.
Reference for settings in the pg hba.conf file https://www.postgresql.org/docs/current/auth-pg-hba-conf.html |
7. |
In the command line, type the following to reload the configuration:
pg_ctl reload Terminal will say 'server signalled' |
Note: you can also use pgadmin as described in the Windows setup to make these changes if you prefer.
Another was to get the key config parameters is to use pgtune and paste the results at the bottom of the postgresql.conf file (don't forget to add ssl=on and Bonjour=on to the results).
1. |
You will need to start by changing to the postgres user in Terminal. To do this, start Terminal and type
su - postgres enter the password |
||||||||||||||||
2. | Go to the Postgres data directory by typing
cd data |
||||||||||||||||
3. |
This will use VI to edit it. Type when the list appears, type to go into insert mode and use the up and down arrows to find the options below
Find and edit the parameters in the list below and change them to the suggested values, if they are not already set to that value.
For any setting that is about disk space or memory, you can type 1GB, 1000MB, or 1000000KB - they are all equivalent. Do not leave a space between the number and the memory amount at the GB, MB or KB; otherwise, Postgres will not start. |
||||||||||||||||
4. |
use pgtune to get some optimized parameters for your machine and replace the values below. It is probably better to append the results from pgtune at the end and filling any missing settings at the bottom.
Reference for postgres.conf file parameters https://www.postgresql.org/docs/current/static/runtime-config.html |
||||||||||||||||
5. | Once the changes are made, type, in this order:
hit the ' ' key(the insert mode will disappear) (the window will show the 'Entering EX mode' message) and the window will clear and you will be back at terminal |
It is generally best to create your own certificate. It takes about 30 seconds to do, and has the advantage that the certificate is unique to your database.
Start a terminal session, type the following 2 commands, and then follow the instructions as prompted. You can copy/paste the command.
cd /Users/Shared openssl req -newkey rsa:4096 -nodes -keyout server.key -x509 -days 365 -out server.crt |
Answer all the questions you are asked and when done, find the files in the /Users/Shared directory called:
We have created a 4094 bit TLS certificate and included it with the installer. While it is better to create your own, if you need one fast to get started, you can use ours and create your own later (per the step above).
Go to the /Users/Shared folder and find the files called:
You will need to copy the files to the Postgres User directory as the postgres user. Do the following commands in Terminal:
su - postgres (and enter the password when asked)
cd data pwd |
Make sure the results of the pwd command says that the directory is /Library/PostgreSQL/x/data where 'x' is the version of PostgreSQL you have installed. It if does not, do not go any further. and call for assistance. |
cp /Users/Shared/server.crt server.crt cp /Users/Shared/server.key server.key chown postgres:daemon server.* chmod 600 server.* ls -la |
In the listing, the two files should now be in the postgres data directory and all that needs to occur is to stop and restart the database.
pg_ctl stop -m fast pg_ctl start |
Venues with databases on the AMS Cloud do not need to set up or manage backups - other than to request a special backup before running year end rollover |
Once the database is set up, you will need to establish a back up frequency that is appropriate for your venue.
There are two steps to configuring the backup:
From then on, backups occur automatically. If they do not, you will receive a message on login that a backup has not been run for the past 24 hours.
Update to the latest version of macOS (macOS 12 Monterey or later).
It's free. The highest version you can update to will depend on how old your machine is. |
The following settings should be made on all servers (Postgres, Apache and web listeners) that are installed on Macintosh.
1 | If the Security and Privacy System Preference in MacOS does not show 'Anywhere' which allows applications to run from 'Anywhere', open Terminal and copy/paste the following two commands:
You may have to close System Preferences and open it again in order to see the change. If Anywhere is not selected, please select it - as it should allow TM to run when the user is not an administrator. Installers from TM should make this option visible in system preferences per the image below. if not, run the above command.
Big Sur/Sonoma and later
Earlier versions of MacOS
|
2 |
Make sure to
|
3 | Make sure to turn Airport OFF if the Mac comes with it. Airport will cause the Mac to temporarily freeze while it looks for a network to connect to - and will lock out sales while it does that.
This is done by opening the control panel, clicking on the Airport interface, and then clicking on the 'gear' at the bottom to select the option 'make service inactive'. Doing this will change the status from 'off' to 'inactive'.
|
4 | Make sure to force the Mac Mini to use the built-in Graphics Processor Unit (GPU) when displaying screen shots instead of CPU. This prevents remote access from using up a CPU core to display the screen. You can do one of the following:
Disconnecting a monitor from the Mac will cause the computer to unnecessarily waste CPU cycles on display - when it should use the GPU. |
5 | Turn off Spotlight Indexing (mdsworker) using Terminal and typing sudo mdutil -a -i off On Lion and later, also use the following command sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.metadata.mds.plist This will prevent the operating system from doing unnecessary work while serving web pages. To recognize if Spotlight is running on a server, look for an 'mds' application running. It can use a lot of CPU resources. If you receive Operation not permitted while System Integrity Protection is engaged while doing this, you may wish to disable System Integrity Protection note: If any mdworker messages are in the console logs (or if mdworker pops up in activity logs), then Spotlight is not turned off. |
6 | Using Terminal, disable Time Machine for the database folder (optionally, completely disable and local Time Machine files)
Alternatively, you can disable Time Machine through System Preferences. If you must use time machine on the database server, see the next step for options |
7 | Do not use Time Machine for the Postgres backups. Use the backup script and move the backups to another machine. If Time Machine must be used on the database server machine:
sudo defaults write /System/Library/LaunchDaemons/com.apple.backupd-auto StartInterval -int 43200
|
8 | Completely turn off any automatic Software Updates in the Mac's System Preferences. This is a database machine and should be manually updated on a periodic basis under controlled circumstances.
It may be either under 'Software Update' or 'App Store', depending on the version of macOS you have.
|
9 | Completely disable App Nap on the computer running the Classic Listener using the Terminal command below:
defaults write NSGlobalDomain NSAppSleepDisabled -bool YES |
10 | Update to the latest version of macOS. It is free. |
11 | Disable 'handoff' in general system preferences as well as disconnect from iCloud. |
12 | Disable Air Play Receiver on MacOS 11 Monterey in System Preferences->sharing setup. |
The server needs to be set up on one machine and the application can be set up on as many machines as you wish.
Follow these steps if you are using the TMPostgresSetup installer program and you may want to bookmark this page in your browser in case you want to refer to these installation steps. If you are only installing a demo, refer to the last column for the required steps.
task | Description | Full Install | Demo |
1 | Download the Postgres installer for Windows | yes | yes |
2 | The installation of the PostgreSQL server. Please make sure to read any caveats for the version of Windows you are using. | yes | yes |
3 | Installing the demo database and the main Theatre Manager User | optional | yes |
4 | Configuration of the server parameters for maximizing performance in a production database | yes | |
5 | Creating a daily backup job in TM Server | yes | |
6 | Considerations for installing virus protection on the PostgreSQL server - please do not include the Postgres data folder. | yes | |
7 | Turn off Microsoft disk indexing on the volume that the database is running on. | yes | |
8 | Turn off Microsoft Auto Updates on the database server so that it will not restart in the middle of sales. Applying Microsoft patches and updates should be done on a planned basis -- perhaps bi-weekly or monthly as a practice (or immediately if there is a current threat) | yes |
DO NOT set up the Postgres database server to also act as ACTIVE DIRECTORY or as a DOMAIN CONTROLLER.
While it is possible to do so, the reasons not to are:
|
We DO NOT recommend that the database server JOIN a windows DOMAIN CONTROLLER either. There is no need for it. If you wish to join a domain controller, please leave the database server login window pointing to the local machine (instead of the domain). It makes a user logging on for support and updates easier. Note that the machine should always be locked so sign-in is required - per PCI compliance. |
We DO NOT recommend installing virus software on the Postgres database server. Since access to the server is under very controlled access via port 5432 from the Theatre Manager application only, it should not be required. If you must install virus software on the database machine, set it to scan the machine daily and void the Postgres DB files. The best defence against any virus software is a backup of the database off machine and, even better, off premises. |
Windows Small Business Server | For Windows Small Business Server, you MUST turn off 'disk quota management' for all users prior to installing Postgres (and leave it off). Otherwise, you may run out of space for the installer and any databases that get installed. |
Windows 8 and higher | For Windows 8 and higher, you may need to turn off UAC (user access control) if it is acting as a server. You can run Theatre Manager on other workstations with UAC on. |
Windows 2012 Server and higher | With Windows Server, you will need to be a local administrator to install Postgres. |
When you run the installer for the database, accept all the defaults.
Click OK | Right click on the TMPostgresSetup.exe application and use Run As to begin the install. Select a LOCAL administrator as the user ID to use for the install. If a checkbox that implies "Protect My Computer" or "Run with Restrictions" is available and enabled, uncheck the box to allow the installer to run with full install privileges. |
Click Next | |
Click Next | |
Click Next | |
Click Yes | At the end of the TM PostGres installer, you are asked if you want to install the PostGreSQL database in the dialog (as in below).
If you say yes, postgres will install automatically for you and you can SKIP the next section describing how to install it manually and proceed to the step where the installer asks about installing a demo database
Alternatively, you can install them later manually by:
|
Do not do this step if you elected to let the Theatre Manager Postgres installer automatically install Postgres for you. Only reference these instructions if you are running the actual Postgres installer from the Postgres web site manually. |
Accept all the defaults on the screens that follow except the last one that references 'stackbuilder'.
Before starting the install, please check that the computer date and timezone settings are correct. Failure to do so may cause postgres to think it is in a different timezone. | |||||
Click Next | |||||
Click Next |
|
||||
Click Next |
Enter a hardened ' Account Password' for the postgres user. If you do not supply one, we will generate one automatically. However, if this is a demo. In that case, please pick a user password that you remember - we suggest 'Master'.
|
||||
Click Next |
Leave the Port Number as 5432 (if you change the standard port, you will also have to change it in Theatre Manager login window) |
||||
Click Next |
Leave both these settings as shown. |
||||
Click Next | |||||
Click Next | You will need to wait for a bit while the database server is installed |
||||
Click Finish |
At this time, the database should have installed successfully and should be runnning. |
Click Yes | |
Wait | Wait while a DOS window pops up and shows the progress of the demo database being imported. Depending on the performance and RAM in your machine, this could take a few minutes to finish. |
When the DOS window closes, the database server is installed, and the TheatreManagerDemo database is imported. |
Only perform this step if you did not install the demo database when installing server. |
After the database server is installed, You need to create a specific user called TheatreManager and give them privileges. You also want to import a demo database. This step assumes that you have installed into C:\BoxOffice. If you did not, then you will need to edit the .bat files and do this step manually.
1. | Go to C:\BoxOffice directory. You will see some files and folders with names similar to below.
|
||
2. | Double click on the 'ImportDemo' bat file. This starts a DOS prompt and start the bat file running.
If you have altered the install directory, you will need to change the path name to point to the location that Postgres was installed in. Often, this is just changing the drive letter. |
||
3. | You are asked for the password to create the 'TheatreManager' user. Type the password you used for the installation of the database in the preceding section. If this is a demo database install, this may have been 'master' you used when installing the server.
|
||
4. | You are asked for the password to create a 'TheatreManagerDemo' database. Type the same password used above and elsewhere in the install instructions. | ||
5. | You are asked again for the password to import data into the TheatreManagerDemo database. Type the same password again and you will see a lot of lines displayed to you after that point as the demo database is imported.
|
Another way to get the key config parameters is to use pgtune and paste the results at the bottom of the postgresql.conf file
1. | Configuring postgres entails editing two files in the 'data' folder of the current postgres installation as highlighted below:
|
||||||||||||||||||||||||||
2. |
edit the pg_hba.conf file using Notepad++
|
||||||||||||||||||||||||||
3. |
Edit the postgesql.conf file. Some notes about editing:
|
||||||||||||||||||||||||||
4. |
Reload or restart the postgres server to cause the new settings to be used.
All changes to the pg_hba.conf and many changes to postgresql.conf can be reloaded. That put the parameters in place without restarting the server, so any services (like web sales) that are running, continue to run. A reload is done by:
A few changes to the postgresql.conf file will require the postgres server to be completely restarted. This is usually noted in the comments beside the parameter. If this is required, the general steps are below. It is very rare that these parameters are changed after installation - so it might be best to ask support to help you with a complete server restart if you are not familiar:
|
It is generally best to create your own certificate. It takes about 30 seconds to do, and has the advantage that the certificate is unique to your database.
Start a CMD prompt, type the following 3 commands, and then follow the instructions as prompted. You can copy/paste the commands.
cd C:\OpenSSL-Win32 cd bin openssl req -newkey rsa:4096 -nodes -keyout server.key -x509 -days 365 -out server.crt |
Answer all the questions you are asked and when done, find the files in the C:\OpenSSL-Win32\bin directory called:
We have created a 4094 bit TLS certificate and included it with the installer. While it is better to create your own, if you need one fast to get started, you can use ours and create your own later (per the step above).
Go to the C:\BoxOffice folder and find the files called:
Venues with databases on the AMS Cloud do not need to set up or manage backups - other than to request a special backup before running year end rollover |
Once the database is set up, you will need to establish a backup frequency that is appropriate for your venue.
There are two steps to configuring the backup:
From then on, backups occur automatically. If they do not, you will receive a message on login that a backup has not been run for the past 24 hours.
On Windows machines:
These are something to be done manually and on a periodic scheduled basis. You do not want servers restarting in the middle of the night, nor do you want downloading to affect performance of your servers.
NOTE: if using windows 10 pro, you need to permanently disable windows defender using one of the methods in the link. In win 10 Pro, use gpedit.msc to disable by group policy editor since windows 10 turns it back on later if you only temporarily disable it (Another stupid idea form Microsoft)
Note: turn off any virus scanning against the database directory which is usually
C:\Program Files\PostgreSQL
or
D:\Program Files\PostgreSQL (if there are two drives)
Leaving any of those on will affect performance of the server for the database
Windows Automatic Updates is now found in Services in Windows 10.
How to locate:
We suggest disabling power management on the ethernet card.
In addition, please make sure to disable power management except for monitors.
Make sure to also turn off power saving on your ethernet card on all servers and workstations. |
Create a custom Power Plan
You can usually turn of most indexing by clicking on the properties of the device. However, it seems windows 10 doesn't fully listen, so it may be best to approach this task via the control panel.
It may take several minutes for Indexing to complete. If a message pops up indicating Administrator permissions are required click Ok. If the current user is not the Administrator a prompt for the Administrator password will appear. Enter the password and continue. If a prompt appears indicating select folders cannot be altered it may be they are already open. Click Ignore All and let the process continue.
Repeat this setting on the Web Listener computer, and the Apache server as well
To check if the setting is turned on:
If Folder Versions reads "There are no previous versions available" this option is turned off. However, if backups are listed with date and time stamps, the feature is enabled and needs to be turned off.
As of July 1, 2018, the most recent version of Postgres is 10.4 (or later) - we recommend the latest production version be installed on new machines.
The server needs to be set up on one machine and the application can be set up on as many machines as you wish.
Follow these steps and you may want to bookmark this page in your browser in case you want to refer to these installation steps. If you are only installing a demo, refer to the last column for required steps.
task | Description | Full Install | Demo |
1 | download the PostGres installer for Linux from Postgresql.org | yes | yes |
2 | the installation of the PostGres SQL server | yes | yes |
3 | installing the demo database and the main TheatreManager User | optional | yes |
4 | configuration of the server parameters for maximizing performance in a production database | yes | |
5 | creating a daily backup job in using cronnix to run the backup | yes |
Before starting the install, please check that the computer date and timezone settings are correct. Failure to do so may cause postgres to think it is in a different timezone. | |
1. | Install the latest production version of PostgreSQL application using apt-get or yum as per the flavour of unix you are using. |
The database server needs a specific user called TheatreManager with specific privileges that will be assigned as the owner of each database. We also want to import a demo database. This step assumes that you have installed things into the /Users/Shared directory. If you did not, then you will need to edit the script and do this step manually
1. | Go to /Users/Shared directory. You should see some files and folders with names that look like below. |
2. | Start terminal and change the user to 'postgres' by typing: su - postgres Press RETURN and then type the postgres user's password (password will not display anything) |
3. | Drag the script '/Users/Shared/CreateDemoDB.sql onto the terminal window. This shortcut saves typing anything. Click into the terminal window and then press RETURN to start the command. If it does not run, then possible issues are:
|
4. | The script will run and load up the TheatreManagerDemo database. You can modify this script to load up a customer database if necessary by editing it in BBedit or in textedit (make sure to save it as text if you use textedit - its preference, unfortunately, is to save as an rtf document). Note, any WARNING messages from the TheatreManagerDemo database creation can be ignored. These warnings are normal.
|
Download the latest postgres installer from the Artsman web site. Once you have it, make sure you have done the following steps:
Remember, do not attempt to try this unless you just made a backup of your database. Preferably, you should also have restored that backup on another machine for safety, logged into it using Theatre Manager to prove that you can restore a backup and that it has 100% integrity.
|
If you have postgres 9.4.x (or older), the upgrade process involves some extra steps and can be done by Arts Management Support team if you are not comfortable following the steps below.
Remember, do not attempt to try this unless you just made a backup of your database. Preferably, you should also have restored that backup on another machine for safety, logged into it using Theatre Manager to prove that you can restore a backup and that it has 100% integrity.
|