-
© 2018 Percona 2
Building an Enterprise-grade PostgreSQL Server using Percona
Distribution for PostgreSQL
Avinash Vallarapu (Avi)
13th August, 2020
-
PERCONA DISTRIBUTION FOR POSTGRESQL➤ Percona Distribution for
PostgreSQL 11.5
➤ Percona Distribution for PostgreSQL 11.6
➤ Percona Distribution for PostgreSQL 11.7
➤ Percona Distribution for PostgreSQL 11.8
➤ Percona Distribution for PostgreSQL 12.2
➤ Percona Distribution for PostgreSQL 12.3
3
-
WHATS INCLUDED➤ PostgreSQL
➤ pg_repack
➤ pgaudit
➤ pgBackRest
➤ Patroni
4
-
USUAL MYTHS➤ Security is not free
➤ Cannot take a full backup that is good for PITR
(Point-in-time-recovery)
➤ High Availability is a concern
➤ Not scalable
➤ Less options for Database maintenance
5
-
ENTERPRISE-GRADE POSTGRESQL➤ Satisfy enterprise features such as
-
➤ Encryption
➤ User Management
➤ Ability to tune
➤ Connection pooling/load balancing
➤ Logging and auditing
➤ Monitoring
➤ Durable Replication methods
➤ High Availability and automatic failover
➤ Reliable Backups
➤ Tools for routine database maintenance tasks
➤ Partitioning
➤ Continuous bug fixes
➤ Fixing security vulnerabilities and many more …
6
-
TOPICS BEING COVERED ...➤ Securing your PostgreSQL database
cluster
➤ High Availability and Automatic failover
➤ Preparing a Backup strategy and the tools available to achieve
it
➤ Scaling PostgreSQL using connection poolers and load
balancers
➤ Tools/extensions available for DBAs/Developers/Business
requirements
➤ Detailed logging in PostgreSQL and
➤ Monitoring your PostgreSQL and real-time analysis.
7
https://www.percona.com/blog/2018/09/21/securing-postgresql-as-an-enterprise-grade-environment/https://www.percona.com/blog/2018/09/28/high-availability-for-enterprise-grade-postgresql-environments/https://www.percona.com/blog/2018/09/25/postgresql-backup-strategy-enterprise-grade-environment/https://www.percona.com/blog/2018/10/02/scaling-postgresql-using-connection-poolers-and-load-balancers-for-an-enterprise-grade-environment/https://www.percona.com/blog/2018/10/05/postgresql-extensions-for-an-enterprise-grade-system/https://www.percona.com/blog/2018/10/08/detailed-logging-for-enterprise-grade-postresql/https://www.percona.com/blog/2018/10/09/postgresql-monitoring-set-up-an-enterprise-grade-server-and-sign-up-for-webinar-weds-10-10/
-
SECURITY IN POSTGRESQL
8
-
SECURITY IN POSTGRESQL➤ Authentication
➤ Host based authentication
➤ SCRAM-SHA-256, PAM/LDAP, Kerberos, SSL
➤ Authorization
➤ User Management
➤ Row level security
➤ Data security using Encryption
➤ Accounting and Auditing
➤ Logging
➤ Auditing using pgaudit.
➤ Security Bug Fixes
➤ Subscribe to PostgreSQL mailing lists and Percona blog posts.
9
-
BACKUP STRATEGY
10
-
BACKUP STRATEGY➤ PostgreSQL
➤ pg_basebackup - Consistent Online backup - helps achieve
PITR
➤ pg_dump/pg_restore - Logical Backups
➤ Archiving on WAL’s in Archive Mode
➤ PostgreSQL Umbrella projects
➤ pgBackRest
11
-
CONNECTION POOLING AND LOAD BALANCING
12
-
CONNECTION POOLING & LOAD BALANCING➤ PostgreSQL
Connections
➤ Process-based (each connection is a process)
➤ Native application connection pooler (preferred)
➤ External Connection Poolers
➤ Open Source tools for Scaling PostgreSQL
➤ External Connection Poolers
➤ pgBouncer
➤ pgPool-II
➤ Load Balancer
➤ HAProxy 13
-
HIGH AVAILABILITY AND AUTOMATIC FAILOVER
14
-
HIGH AVAILABILITY AND AUTOMATIC FAILOVER➤ PostgreSQL -
Replication methods
➤ Streaming Replication (preferred for HA)
➤ Cascaded Replication
➤ Synchronous and Asynchronous
➤ Hot standby
➤ Logical Replication
➤ Open Source Contributions for Automatic Failover
➤ Patroni
15
-
PATRONI
16
-
POSTGRESQL EXTENSIONS
17
-
POSTGRESQL EXTENSIONS➤ PostgreSQL
➤ Feature-rich and Community driven
➤ Capability of adding Extensions
➤ A few extensions among hundreds of extensions
➤ pg_stat_statements - Query stats
➤ pg_repack - Online table reorg (Included)
➤ pl/profiler - Profiling of Stored procedures
➤ Orafce - Oracle functions to port applications on Oracle to
PostgreSQL easily
➤ Language extensions like - PL/PGSQL, PL/Python, PL/Perl,
PL/Java, PL/R, etc ..
➤ Foreign Data Wrappers like - oracle_fdw, postgres_fdw,
mysql_fdw, mongo_fdw, etc … 18
-
POSTGRESQL DETAILED LOGGING AND ANALYZER
19
-
POSTGRESQL DETAILED LOGGING AND ANALYZER➤ PostgreSQL
➤ Enable detailed logging of activity.
➤ Customizable logging
➤ Log DDLs
➤ Log statements running for more than
log_min_duration_statement time.
➤ Open Source Log Analyzer
➤ PMM QAN (Query Analytics)
➤ pgBadger
20
-
MONITORING
21
-
MONITORING➤ Open Source tools
➤ PMM
➤ Nagios
➤ Grafana and postgres exporter
➤ PGObserver
➤ pgClu
➤ Munin
➤ Zabbix
➤ Cacti
22
-
ROBUST POSTGRESQL ARCHITECTURE
23
-
24
-
TOOLS INCLUDED IN PERCONA DISTRIBUTION FOR POSTGRESQL➤
pg_repack
➤ Heavily used tool for rebuilding Tables and Indexes Online
(minimal locks). Several advanced features such as parallelism,
online table move to a new tablespace and repack all the tables of
a schema.
➤ pgaudit
➤ Capability to produce audit logs required to pass certain
government, financial, or ISO certification audits. Not only the
statement passed by the User but also the sub statement executed in
the database is logged. Useful when statements passed to database
are intentionally obfuscated or to identify SQL injections.
➤ pgBackRest
➤ pgBackRest is a widely used backup tool for a few GBs to
multi-terabyte database clusters. It supports Full, Incremental,
Differential and Archive backups - locally and remotely via SSH or
Cloud storage. Its compression and parallel processing makes it one
of the fastest backup solution available for PostgreSQL.
➤ Patroni ➤ A template for PostgreSQL HA that help achieve
several nines of availability with PostgreSQL.Supports
Automatic and Manual failover/switchover and switchback.
Integrated with pg_rewind for rejoining a demoted node to a
cluster. Protection from split-brain using watchdog.
25
