Database Creation

Automatic Database Creation

When starting the application for the first time on a workstation without an existing PostgreSQL-based project database, the application will offer to create a local database in the trust authentication mode.

A dialog is shown at application startup, offering the following options:

Skip: do not create a database for the current host
Disable: turn off local database check. This is a good option to use if you are not ready to create a local database and plan to use the database of a remote host (Project server or remote Flame Family hosts available in your workgroup)
Create: use this option to create a local database in trust authentication mode. Administrator privilege is required^*
Restart: use this option if you already created a local database but the application cannot access it

Note: The Restart button is highlighted when the application is started and an existing database is not running.

^*Important: When asked for administrator privileges, the expected credentials will vary depending on the operating system:

Linux: you must enter the password of an administrator (that is, a user which is a member of the wheel group):

if the current user is an administrator, their password is expected

if there are other users on that system who are administrator, the password for the first administrator in the list of users is expected

when no administrator is found on the system, the root password is expected

MacOS: you must enter the username and password of an administrator (that is, a user which is a member of the admin group):

if the current user is an administrator, they can use their own username and password

otherwise, the username and password of another administrator must be provided

Manual Database Creation (Trust mode)

Follow these steps to manually create a database on your host or Project server in trust authentication mode.

Install the application.
Open a console on the host on which you want to configure the database (administrator privilege is required).
Login as the flame_db user:
```
sudo -u flame_db -i
```
Navigate to the database tool folder:
```
cd /opt/Autodesk/bin
```

To create a new database, use igniter (see Igniter Command-Line Tool):

./igniter --init --auth=trust

DBMS started.
DBMS enabled.
Running Migration 1...
Migration 1 completed.
Running Migration 2...
Migration 2 completed.
Successfully created and configured database.

DBMS stopped.
DBMS started.
DBMS successfully initialized.

Manual Database Creation (Certificate mode)

Certificate Authority

The Certificate Authority is, for the purpose of this document, a set of files, including a cryptographic key and a certificate. The Certificate Authority is used to create and validate database server and user keys and certificates. These files are used, against the Certificate Authority, to authenticate that users and servers are who they are and to encrypt communication between them. Without them, access to remote servers is not possible. They must be kept safe.

The creation of the Certificate Authority is done before the creation of the database and is managed by the flame_db user. The Certificate Authority is created at this location: /var/opt/Autodesk/pgsql/.openssl/

The following files are created in this location:

Certificate Authority Private Key: CA.key
Certificate Authority Certificate: CA.crt

The Certificate Authority has a unique identifier and is used to create user certificates. Studios must back-up the Certificate Authority. All users and databases within a workgroup must be created with the same Certificate Authority.

Studios that already have a Certificate Authority can use it when configuring a database for Flame Family products.

Creating A Database

The workflow is the following:

Create the Certificate Authority for your studio and perform a secured back-up
For studios who need to control the access to content, use a user identity management solution for users and groups
Create the database
Add users and groups to the database to limit access
Run Flame Family products

Follow these steps to create a database on your host or Project server in certificate authentication mode.

Install the application
Open a console on the host on which you want to configure the database (administrator privilege is required)
Login as the flame_db user:
```
sudo -u flame_db -i
```
Navigate to the folder for the igniter command-line tool:
```
cd /opt/Autodesk/bin
```
To create a new Certificate Authority, type the following command:
```
./igniter --new-ca
```
You should observe an output similar to this in the shell:
```
 New Certificate Authority created
 CA key:          /var/opt/Autodesk/pgsql/.openssl/CA.key
 CA certificate:  /var/opt/Autodesk/pgsql/.openssl/CA.crt
 keydir:          /var/opt/Autodesk/pgsql/.openssl   
```
Note: This is a one time action. If you need to create a database in the future, you do not need to re-create a Certificate Authority. For convenience, you may want to move this folder to a centrally accessible yet secured location.

To create a new database, type the following command:

./igniter --init --auth=cert

You should observe an output similar to this in the shell:

 DBMS enabled.
 New server certificate created
 Server key:          /var/opt/Autodesk/pgsql/17/data/server.key
 Server certificate:  /var/opt/Autodesk/pgsql/17/data/server.crt

 DBMS not running.
 DBMS started.
 Running Migration 1...
 Migration 1 completed.
 Running Migration 2...
 Migration 2 completed.
 Successfully created and configured database.

 DBMS stopped.
 DBMS started.
 DBMS successfully initialized.

Add users to the database
- You need to add every user who will use the application. Without the next step, they will not be able to see the database content:
```
./igniter --user-new=<username>
```
This step adds a certificate in the user home (inside the .postgresql folder) so they can access the database.

Expect an ouput similar to this in the shell:
```
New certificate for <user> created
Certificate installed

User key:          /home/<user>/.postgresql/postgresql.key
User certificate:  /home/<user>/.postgresql/postgresql.crt
Database user '<user>' created.
```
Note: An alternate workflow using a centralized Certificate Authority would require the following command:
```
 ./igniter --user-new=<username> --keydir <location of the Certificate Authority>
```
Warning: By default, user certificates expire after 365 days. When the user certificate is expired, system administrators need to recreate it to ensure database access. Refer to Igniter Command-Line Tool.

Repeat the same process for all users who need to have access to Flame Family products. Alternatively, if you want to use a secured workflow based on users and groups as defined in your identity management solution, you will need to also add the groups and users to the database. The following section shows how to add users and groups for small studios. For studios with a lot of users and groups, refer to the Igniter Command-Line Tool.

Add groups to the database
```
./igniter --group-new <groupname>
```
Add users to their group
```
./igniter --group-add-user -g <groupname> -u <username>
```
To validate all your users and groups have been correctly added to the database, type the following command:
```
./igniter --group-list
```
The existing groups and users are listed:
```
   Group    | Users
------------+-------
 finishing  | {slabrie, fred, andre}
 admin      | {andre}
```

Database Creation

Automatic Database Creation

Manual Database Creation (Trust mode)

Manual Database Creation (Certificate mode)

Certificate Authority

Creating A Database

Add groups to the database

Add users to their group

Was this information helpful?