Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
© 2018 Percona 2
Building an Enterprise-grade PostgreSQL Server using Percona Distribution for PostgreSQL
Avinash Vallarapu (Avi)
13th August, 2020
PERCONA DISTRIBUTION FOR POSTGRESQL➤ Percona Distribution for PostgreSQL 11.5
➤ Percona Distribution for PostgreSQL 11.6
➤ Percona Distribution for PostgreSQL 11.7
➤ Percona Distribution for PostgreSQL 11.8
➤ Percona Distribution for PostgreSQL 12.2
➤ Percona Distribution for PostgreSQL 12.3
3
WHATS INCLUDED➤ PostgreSQL
➤ pg_repack
➤ pgaudit
➤ pgBackRest
➤ Patroni
4
USUAL MYTHS➤ Security is not free
➤ Cannot take a full backup that is good for PITR (Point-in-time-recovery)
➤ High Availability is a concern
➤ Not scalable
➤ Less options for Database maintenance
5
ENTERPRISE-GRADE POSTGRESQL➤ Satisfy enterprise features such as -
➤ Encryption
➤ User Management
➤ Ability to tune
➤ Connection pooling/load balancing
➤ Logging and auditing
➤ Monitoring
➤ Durable Replication methods
➤ High Availability and automatic failover
➤ Reliable Backups
➤ Tools for routine database maintenance tasks
➤ Partitioning
➤ Continuous bug fixes
➤ Fixing security vulnerabilities and many more …
6
TOPICS BEING COVERED ...➤ Securing your PostgreSQL database cluster
➤ High Availability and Automatic failover
➤ Preparing a Backup strategy and the tools available to achieve it
➤ Scaling PostgreSQL using connection poolers and load balancers
➤ Tools/extensions available for DBAs/Developers/Business requirements
➤ Detailed logging in PostgreSQL and
➤ Monitoring your PostgreSQL and real-time analysis.
7
https://www.percona.com/blog/2018/09/21/securing-postgresql-as-an-enterprise-grade-environment/https://www.percona.com/blog/2018/09/28/high-availability-for-enterprise-grade-postgresql-environments/https://www.percona.com/blog/2018/09/25/postgresql-backup-strategy-enterprise-grade-environment/https://www.percona.com/blog/2018/10/02/scaling-postgresql-using-connection-poolers-and-load-balancers-for-an-enterprise-grade-environment/https://www.percona.com/blog/2018/10/05/postgresql-extensions-for-an-enterprise-grade-system/https://www.percona.com/blog/2018/10/08/detailed-logging-for-enterprise-grade-postresql/https://www.percona.com/blog/2018/10/09/postgresql-monitoring-set-up-an-enterprise-grade-server-and-sign-up-for-webinar-weds-10-10/
SECURITY IN POSTGRESQL
8
SECURITY IN POSTGRESQL➤ Authentication
➤ Host based authentication
➤ SCRAM-SHA-256, PAM/LDAP, Kerberos, SSL
➤ Authorization
➤ User Management
➤ Row level security
➤ Data security using Encryption
➤ Accounting and Auditing
➤ Logging
➤ Auditing using pgaudit.
➤ Security Bug Fixes
➤ Subscribe to PostgreSQL mailing lists and Percona blog posts. 9
BACKUP STRATEGY
10
BACKUP STRATEGY➤ PostgreSQL
➤ pg_basebackup - Consistent Online backup - helps achieve PITR
➤ pg_dump/pg_restore - Logical Backups
➤ Archiving on WAL’s in Archive Mode
➤ PostgreSQL Umbrella projects
➤ pgBackRest
11
CONNECTION POOLING AND LOAD BALANCING
12
CONNECTION POOLING & LOAD BALANCING➤ PostgreSQL Connections
➤ Process-based (each connection is a process)
➤ Native application connection pooler (preferred)
➤ External Connection Poolers
➤ Open Source tools for Scaling PostgreSQL
➤ External Connection Poolers
➤ pgBouncer
➤ pgPool-II
➤ Load Balancer
➤ HAProxy 13
HIGH AVAILABILITY AND AUTOMATIC FAILOVER
14
HIGH AVAILABILITY AND AUTOMATIC FAILOVER➤ PostgreSQL - Replication methods
➤ Streaming Replication (preferred for HA)
➤ Cascaded Replication
➤ Synchronous and Asynchronous
➤ Hot standby
➤ Logical Replication
➤ Open Source Contributions for Automatic Failover
➤ Patroni
15
PATRONI
16
POSTGRESQL EXTENSIONS
17
POSTGRESQL EXTENSIONS➤ PostgreSQL
➤ Feature-rich and Community driven
➤ Capability of adding Extensions
➤ A few extensions among hundreds of extensions
➤ pg_stat_statements - Query stats
➤ pg_repack - Online table reorg (Included)
➤ pl/profiler - Profiling of Stored procedures
➤ Orafce - Oracle functions to port applications on Oracle to PostgreSQL easily
➤ Language extensions like - PL/PGSQL, PL/Python, PL/Perl, PL/Java, PL/R, etc ..
➤ Foreign Data Wrappers like - oracle_fdw, postgres_fdw, mysql_fdw, mongo_fdw, etc … 18
POSTGRESQL DETAILED LOGGING AND ANALYZER
19
POSTGRESQL DETAILED LOGGING AND ANALYZER➤ PostgreSQL
➤ Enable detailed logging of activity.
➤ Customizable logging
➤ Log DDLs
➤ Log statements running for more than log_min_duration_statement time.
➤ Open Source Log Analyzer
➤ PMM QAN (Query Analytics)
➤ pgBadger
20
MONITORING
21
MONITORING➤ Open Source tools
➤ PMM
➤ Nagios
➤ Grafana and postgres exporter
➤ PGObserver
➤ pgClu
➤ Munin
➤ Zabbix
➤ Cacti
22
ROBUST POSTGRESQL ARCHITECTURE
23
24
TOOLS INCLUDED IN PERCONA DISTRIBUTION FOR POSTGRESQL➤ pg_repack
➤ Heavily used tool for rebuilding Tables and Indexes Online (minimal locks). Several advanced features such as parallelism, online table move to a new tablespace and repack all the tables of a schema.
➤ pgaudit
➤ Capability to produce audit logs required to pass certain government, financial, or ISO certification audits. Not only the statement passed by the User but also the sub statement executed in the database is logged. Useful when statements passed to database are intentionally obfuscated or to identify SQL injections.
➤ pgBackRest
➤ pgBackRest is a widely used backup tool for a few GBs to multi-terabyte database clusters. It supports Full, Incremental, Differential and Archive backups - locally and remotely via SSH or Cloud storage. Its compression and parallel processing makes it one of the fastest backup solution available for PostgreSQL.
➤ Patroni ➤ A template for PostgreSQL HA that help achieve several nines of availability with PostgreSQL.Supports
Automatic and Manual failover/switchover and switchback. Integrated with pg_rewind for rejoining a demoted node to a cluster. Protection from split-brain using watchdog.
25