PostgreSQL (System) Administration

PGCon - 2014Ottawa Canada

Stephen Frostsfrostsnowmannet

Resonate Inc bull Digital Media bull PostgreSQL bull Hadoop bull techjobsresonateinsightscom bull httpwwwresonateinsightscom

Stephen FrostbullPostgreSQL

bullMajor Contributor CommitterbullImplemented Roles in 83bullColumn-Level Privileges in 84bullContributions to PLpgSQL PostGIS

bullResonate IncbullPrincipal Database EngineerbullOnline Digital Media CompanybullWere Hiring - techjobsresonateinsightscom

Do you readbullplanetpostgresqlorg

AgendabullTermsbullInstallationbullInitial configurationbullGetting connectedbullUsers RolesbullPermissionsbullTuningbullBackupsbullMonitoringbullExtensions

TermsbullCluster aka Instance

bullOne PG serverbullone postmaster - listens on one portbullOne set of data files (including tablespaces)bullUsersRoles and tablespaces at cluster levelbullReplication at cluster levelbullOne stream of Write-Ahead-Log (WAL)

Terms (continued)bullWAL

bullData stream where changes go firstbullWritten to WAL is considered committedbullWAL is always CRCdbullOn crash WAL is replayedbullContention point with high write volume

Terms (continued)bullTable

bullFixed set of columns (can addremove)bullVariable number of rows

bullColumnbullNamed field inside of a tablebullFixed data type (can be complex)

bullRowbullSingle instance of all fields of a tablebullFields for a row are stored together

Terms (continued)bullTablespace

bullAlternate directoryfilesystem for PG to store databullCan contain objects from anymultiple databases

bullDatabasebullLives inside a clusterbullSchemas at the database level

bullSchemabullLives inside a single databasebullDo not belong to any tablespacebullTables views functions at the schema level

Terms (continued)bullInheiritance

bullParentChild tablesbullQuerying parent returns rows from children alsobullChildren can add columns to those parent hasbullDiffers from SQL1999 inheiritance

bullPartitionbullImplemented using inheiritance in PGbullCHECK constraints can be used to filter

bullShardbullOne Cluster among many data spread-out

InstallationbullDebianUbuntuetc

bullaptpostgresqlorgbullAdd PGDG sourceslistd

bullRedHatCentOSetcbullyumpostgresqlorgbullDownload amp Install PGDG RPM

bullMultiple Major Versions

Debian InstallbullConfigs in etcpostgresqlXYmainbullInitial DB in varlibpostgresqlXYmainbullBinaries into usrlibpostgresqlXYbinbullLogs into varlogpostgresqlbullStartup logs in varlogpostgresql alsobullOne init script starts all major versions

Debian ClustersbullDebian provides wrappers and helper scriptsbullpg_lsclusters - lists all PG clustersbullpg_ctlcluster - Control specific clustersbull--cluster option - Specify specific cluster

bullpsql --cluster 92mainbullpg_dump --cluster 92main etc

RedHat InstallbullConfigs in data directorybullDefault DB in varlibpgsqlXYdatabullCreate DB with service postgresql-92 initdbbullBinaries into usrpgsql-XYbinbullLogs into varlibpgsql-XYdatapg_logbullStartup logs in varlibpgsql-XYpgstartuplogbullInit script per major version

PostgreSQL Data DirectorybullSome thing in here do not react well to bulletsbullOn Debian just stay out of itbullOn RedHat be careful to only modify

bullpostgresqlconfbullpg_hbaconfbullpg_identconfbullpg_log

bullDo NOT touch files in pg_xlog or other dirsbullpg_xlog is PGs WAL- not just normal log files

Initial postgresqlconfbulllisten_addresses = (for external access)bullcheckpoint_segments = 30+

bullUses more disk space in pg_xlogbullNever let that partition run out of space

bullcheckpoint_completion_target = 09bullTargets finishing in 90 of time given

bulleffective_cache_size = half the RAMbullNever allocated just for planning

bullmax_wal_senders = 3bullMore later

Loggingbullpostgresqlconf

bulllog_connections = onbulllog_disconnections = onbullline_prefix= m [p] q [l-1] d ur a bulllog_lock_waits = onbulllog_statement = ddlbulllog_min_duration_statement = 100bulllog_temp_files = 0bulllog_autovacuum_min_duration = 0

AgendabullTermsbullInstallationbullInitial configurationbullGetting connectedbullUsers RolesbullPermissionsbullTuningbullBackupsbullMonitoringbullExtensions

TermsbullCluster aka Instance

bullOne PG serverbullone postmaster - listens on one portbullOne set of data files (including tablespaces)bullUsersRoles and tablespaces at cluster levelbullReplication at cluster levelbullOne stream of Write-Ahead-Log (WAL)

Terms (continued)bullWAL

bullData stream where changes go firstbullWritten to WAL is considered committedbullWAL is always CRCdbullOn crash WAL is replayedbullContention point with high write volume

Terms (continued)bullTable

bullFixed set of columns (can addremove)bullVariable number of rows

bullColumnbullNamed field inside of a tablebullFixed data type (can be complex)

bullRowbullSingle instance of all fields of a tablebullFields for a row are stored together

Terms (continued)bullTablespace

bullAlternate directoryfilesystem for PG to store databullCan contain objects from anymultiple databases

bullDatabasebullLives inside a clusterbullSchemas at the database level

bullSchemabullLives inside a single databasebullDo not belong to any tablespacebullTables views functions at the schema level

Terms (continued)bullInheiritance

bullParentChild tablesbullQuerying parent returns rows from children alsobullChildren can add columns to those parent hasbullDiffers from SQL1999 inheiritance

bullPartitionbullImplemented using inheiritance in PGbullCHECK constraints can be used to filter

bullShardbullOne Cluster among many data spread-out

InstallationbullDebianUbuntuetc

bullaptpostgresqlorgbullAdd PGDG sourceslistd

bullRedHatCentOSetcbullyumpostgresqlorgbullDownload amp Install PGDG RPM

bullMultiple Major Versions

Debian InstallbullConfigs in etcpostgresqlXYmainbullInitial DB in varlibpostgresqlXYmainbullBinaries into usrlibpostgresqlXYbinbullLogs into varlogpostgresqlbullStartup logs in varlogpostgresql alsobullOne init script starts all major versions

Debian ClustersbullDebian provides wrappers and helper scriptsbullpg_lsclusters - lists all PG clustersbullpg_ctlcluster - Control specific clustersbull--cluster option - Specify specific cluster

bullpsql --cluster 92mainbullpg_dump --cluster 92main etc

RedHat InstallbullConfigs in data directorybullDefault DB in varlibpgsqlXYdatabullCreate DB with service postgresql-92 initdbbullBinaries into usrpgsql-XYbinbullLogs into varlibpgsql-XYdatapg_logbullStartup logs in varlibpgsql-XYpgstartuplogbullInit script per major version

PostgreSQL Data DirectorybullSome thing in here do not react well to bulletsbullOn Debian just stay out of itbullOn RedHat be careful to only modify

bullpostgresqlconfbullpg_hbaconfbullpg_identconfbullpg_log

bullDo NOT touch files in pg_xlog or other dirsbullpg_xlog is PGs WAL- not just normal log files

Initial postgresqlconfbulllisten_addresses = (for external access)bullcheckpoint_segments = 30+

bullUses more disk space in pg_xlogbullNever let that partition run out of space

bullcheckpoint_completion_target = 09bullTargets finishing in 90 of time given

bulleffective_cache_size = half the RAMbullNever allocated just for planning

bullmax_wal_senders = 3bullMore later

Loggingbullpostgresqlconf

bulllog_connections = onbulllog_disconnections = onbullline_prefix= m [p] q [l-1] d ur a bulllog_lock_waits = onbulllog_statement = ddlbulllog_min_duration_statement = 100bulllog_temp_files = 0bulllog_autovacuum_min_duration = 0

TermsbullCluster aka Instance

bullOne PG serverbullone postmaster - listens on one portbullOne set of data files (including tablespaces)bullUsersRoles and tablespaces at cluster levelbullReplication at cluster levelbullOne stream of Write-Ahead-Log (WAL)

Terms (continued)bullWAL

bullData stream where changes go firstbullWritten to WAL is considered committedbullWAL is always CRCdbullOn crash WAL is replayedbullContention point with high write volume

Terms (continued)bullTable

bullFixed set of columns (can addremove)bullVariable number of rows

bullColumnbullNamed field inside of a tablebullFixed data type (can be complex)

bullRowbullSingle instance of all fields of a tablebullFields for a row are stored together

Terms (continued)bullTablespace

bullAlternate directoryfilesystem for PG to store databullCan contain objects from anymultiple databases

bullDatabasebullLives inside a clusterbullSchemas at the database level

bullSchemabullLives inside a single databasebullDo not belong to any tablespacebullTables views functions at the schema level

Terms (continued)bullInheiritance

bullParentChild tablesbullQuerying parent returns rows from children alsobullChildren can add columns to those parent hasbullDiffers from SQL1999 inheiritance

bullPartitionbullImplemented using inheiritance in PGbullCHECK constraints can be used to filter

bullShardbullOne Cluster among many data spread-out

InstallationbullDebianUbuntuetc

bullaptpostgresqlorgbullAdd PGDG sourceslistd

bullRedHatCentOSetcbullyumpostgresqlorgbullDownload amp Install PGDG RPM

bullMultiple Major Versions

Debian InstallbullConfigs in etcpostgresqlXYmainbullInitial DB in varlibpostgresqlXYmainbullBinaries into usrlibpostgresqlXYbinbullLogs into varlogpostgresqlbullStartup logs in varlogpostgresql alsobullOne init script starts all major versions

Debian ClustersbullDebian provides wrappers and helper scriptsbullpg_lsclusters - lists all PG clustersbullpg_ctlcluster - Control specific clustersbull--cluster option - Specify specific cluster

bullpsql --cluster 92mainbullpg_dump --cluster 92main etc

RedHat InstallbullConfigs in data directorybullDefault DB in varlibpgsqlXYdatabullCreate DB with service postgresql-92 initdbbullBinaries into usrpgsql-XYbinbullLogs into varlibpgsql-XYdatapg_logbullStartup logs in varlibpgsql-XYpgstartuplogbullInit script per major version

PostgreSQL Data DirectorybullSome thing in here do not react well to bulletsbullOn Debian just stay out of itbullOn RedHat be careful to only modify

bullpostgresqlconfbullpg_hbaconfbullpg_identconfbullpg_log

bullDo NOT touch files in pg_xlog or other dirsbullpg_xlog is PGs WAL- not just normal log files

Initial postgresqlconfbulllisten_addresses = (for external access)bullcheckpoint_segments = 30+

bullUses more disk space in pg_xlogbullNever let that partition run out of space

bullcheckpoint_completion_target = 09bullTargets finishing in 90 of time given

bulleffective_cache_size = half the RAMbullNever allocated just for planning

bullmax_wal_senders = 3bullMore later

Loggingbullpostgresqlconf

bulllog_connections = onbulllog_disconnections = onbullline_prefix= m [p] q [l-1] d ur a bulllog_lock_waits = onbulllog_statement = ddlbulllog_min_duration_statement = 100bulllog_temp_files = 0bulllog_autovacuum_min_duration = 0

Terms (continued)bullWAL

bullData stream where changes go firstbullWritten to WAL is considered committedbullWAL is always CRCdbullOn crash WAL is replayedbullContention point with high write volume

Terms (continued)bullTable

bullFixed set of columns (can addremove)bullVariable number of rows

bullColumnbullNamed field inside of a tablebullFixed data type (can be complex)

bullRowbullSingle instance of all fields of a tablebullFields for a row are stored together

Terms (continued)bullTablespace

bullAlternate directoryfilesystem for PG to store databullCan contain objects from anymultiple databases

bullDatabasebullLives inside a clusterbullSchemas at the database level

bullSchemabullLives inside a single databasebullDo not belong to any tablespacebullTables views functions at the schema level

Terms (continued)bullInheiritance

bullParentChild tablesbullQuerying parent returns rows from children alsobullChildren can add columns to those parent hasbullDiffers from SQL1999 inheiritance

bullPartitionbullImplemented using inheiritance in PGbullCHECK constraints can be used to filter

bullShardbullOne Cluster among many data spread-out

InstallationbullDebianUbuntuetc

bullaptpostgresqlorgbullAdd PGDG sourceslistd

bullRedHatCentOSetcbullyumpostgresqlorgbullDownload amp Install PGDG RPM

bullMultiple Major Versions

Debian InstallbullConfigs in etcpostgresqlXYmainbullInitial DB in varlibpostgresqlXYmainbullBinaries into usrlibpostgresqlXYbinbullLogs into varlogpostgresqlbullStartup logs in varlogpostgresql alsobullOne init script starts all major versions

Debian ClustersbullDebian provides wrappers and helper scriptsbullpg_lsclusters - lists all PG clustersbullpg_ctlcluster - Control specific clustersbull--cluster option - Specify specific cluster

bullpsql --cluster 92mainbullpg_dump --cluster 92main etc

RedHat InstallbullConfigs in data directorybullDefault DB in varlibpgsqlXYdatabullCreate DB with service postgresql-92 initdbbullBinaries into usrpgsql-XYbinbullLogs into varlibpgsql-XYdatapg_logbullStartup logs in varlibpgsql-XYpgstartuplogbullInit script per major version

PostgreSQL Data DirectorybullSome thing in here do not react well to bulletsbullOn Debian just stay out of itbullOn RedHat be careful to only modify

bullpostgresqlconfbullpg_hbaconfbullpg_identconfbullpg_log

bullDo NOT touch files in pg_xlog or other dirsbullpg_xlog is PGs WAL- not just normal log files

Initial postgresqlconfbulllisten_addresses = (for external access)bullcheckpoint_segments = 30+

bullUses more disk space in pg_xlogbullNever let that partition run out of space

bullcheckpoint_completion_target = 09bullTargets finishing in 90 of time given

bulleffective_cache_size = half the RAMbullNever allocated just for planning

bullmax_wal_senders = 3bullMore later

Loggingbullpostgresqlconf

bulllog_connections = onbulllog_disconnections = onbullline_prefix= m [p] q [l-1] d ur a bulllog_lock_waits = onbulllog_statement = ddlbulllog_min_duration_statement = 100bulllog_temp_files = 0bulllog_autovacuum_min_duration = 0

Terms (continued)bullTable

bullFixed set of columns (can addremove)bullVariable number of rows

bullColumnbullNamed field inside of a tablebullFixed data type (can be complex)

bullRowbullSingle instance of all fields of a tablebullFields for a row are stored together

Terms (continued)bullTablespace

bullAlternate directoryfilesystem for PG to store databullCan contain objects from anymultiple databases

bullDatabasebullLives inside a clusterbullSchemas at the database level

bullSchemabullLives inside a single databasebullDo not belong to any tablespacebullTables views functions at the schema level

Terms (continued)bullInheiritance

bullParentChild tablesbullQuerying parent returns rows from children alsobullChildren can add columns to those parent hasbullDiffers from SQL1999 inheiritance

bullPartitionbullImplemented using inheiritance in PGbullCHECK constraints can be used to filter

bullShardbullOne Cluster among many data spread-out

InstallationbullDebianUbuntuetc

bullaptpostgresqlorgbullAdd PGDG sourceslistd

bullRedHatCentOSetcbullyumpostgresqlorgbullDownload amp Install PGDG RPM

bullMultiple Major Versions

Debian InstallbullConfigs in etcpostgresqlXYmainbullInitial DB in varlibpostgresqlXYmainbullBinaries into usrlibpostgresqlXYbinbullLogs into varlogpostgresqlbullStartup logs in varlogpostgresql alsobullOne init script starts all major versions

Debian ClustersbullDebian provides wrappers and helper scriptsbullpg_lsclusters - lists all PG clustersbullpg_ctlcluster - Control specific clustersbull--cluster option - Specify specific cluster

bullpsql --cluster 92mainbullpg_dump --cluster 92main etc

RedHat InstallbullConfigs in data directorybullDefault DB in varlibpgsqlXYdatabullCreate DB with service postgresql-92 initdbbullBinaries into usrpgsql-XYbinbullLogs into varlibpgsql-XYdatapg_logbullStartup logs in varlibpgsql-XYpgstartuplogbullInit script per major version

PostgreSQL Data DirectorybullSome thing in here do not react well to bulletsbullOn Debian just stay out of itbullOn RedHat be careful to only modify

bullpostgresqlconfbullpg_hbaconfbullpg_identconfbullpg_log

bullDo NOT touch files in pg_xlog or other dirsbullpg_xlog is PGs WAL- not just normal log files

Initial postgresqlconfbulllisten_addresses = (for external access)bullcheckpoint_segments = 30+

bullUses more disk space in pg_xlogbullNever let that partition run out of space

bullcheckpoint_completion_target = 09bullTargets finishing in 90 of time given

bulleffective_cache_size = half the RAMbullNever allocated just for planning

bullmax_wal_senders = 3bullMore later

Loggingbullpostgresqlconf

bulllog_connections = onbulllog_disconnections = onbullline_prefix= m [p] q [l-1] d ur a bulllog_lock_waits = onbulllog_statement = ddlbulllog_min_duration_statement = 100bulllog_temp_files = 0bulllog_autovacuum_min_duration = 0

Terms (continued)bullTablespace

bullAlternate directoryfilesystem for PG to store databullCan contain objects from anymultiple databases

bullDatabasebullLives inside a clusterbullSchemas at the database level

bullSchemabullLives inside a single databasebullDo not belong to any tablespacebullTables views functions at the schema level

Terms (continued)bullInheiritance

bullParentChild tablesbullQuerying parent returns rows from children alsobullChildren can add columns to those parent hasbullDiffers from SQL1999 inheiritance

bullPartitionbullImplemented using inheiritance in PGbullCHECK constraints can be used to filter

bullShardbullOne Cluster among many data spread-out

InstallationbullDebianUbuntuetc

bullaptpostgresqlorgbullAdd PGDG sourceslistd

bullRedHatCentOSetcbullyumpostgresqlorgbullDownload amp Install PGDG RPM

bullMultiple Major Versions

Debian InstallbullConfigs in etcpostgresqlXYmainbullInitial DB in varlibpostgresqlXYmainbullBinaries into usrlibpostgresqlXYbinbullLogs into varlogpostgresqlbullStartup logs in varlogpostgresql alsobullOne init script starts all major versions

Debian ClustersbullDebian provides wrappers and helper scriptsbullpg_lsclusters - lists all PG clustersbullpg_ctlcluster - Control specific clustersbull--cluster option - Specify specific cluster

bullpsql --cluster 92mainbullpg_dump --cluster 92main etc

RedHat InstallbullConfigs in data directorybullDefault DB in varlibpgsqlXYdatabullCreate DB with service postgresql-92 initdbbullBinaries into usrpgsql-XYbinbullLogs into varlibpgsql-XYdatapg_logbullStartup logs in varlibpgsql-XYpgstartuplogbullInit script per major version

PostgreSQL Data DirectorybullSome thing in here do not react well to bulletsbullOn Debian just stay out of itbullOn RedHat be careful to only modify

bullpostgresqlconfbullpg_hbaconfbullpg_identconfbullpg_log

bullDo NOT touch files in pg_xlog or other dirsbullpg_xlog is PGs WAL- not just normal log files

Initial postgresqlconfbulllisten_addresses = (for external access)bullcheckpoint_segments = 30+

bullUses more disk space in pg_xlogbullNever let that partition run out of space

bullcheckpoint_completion_target = 09bullTargets finishing in 90 of time given

bulleffective_cache_size = half the RAMbullNever allocated just for planning

bullmax_wal_senders = 3bullMore later

Loggingbullpostgresqlconf

bulllog_connections = onbulllog_disconnections = onbullline_prefix= m [p] q [l-1] d ur a bulllog_lock_waits = onbulllog_statement = ddlbulllog_min_duration_statement = 100bulllog_temp_files = 0bulllog_autovacuum_min_duration = 0

Terms (continued)bullInheiritance

bullParentChild tablesbullQuerying parent returns rows from children alsobullChildren can add columns to those parent hasbullDiffers from SQL1999 inheiritance

bullPartitionbullImplemented using inheiritance in PGbullCHECK constraints can be used to filter

bullShardbullOne Cluster among many data spread-out

InstallationbullDebianUbuntuetc

bullaptpostgresqlorgbullAdd PGDG sourceslistd

bullRedHatCentOSetcbullyumpostgresqlorgbullDownload amp Install PGDG RPM

bullMultiple Major Versions

Debian InstallbullConfigs in etcpostgresqlXYmainbullInitial DB in varlibpostgresqlXYmainbullBinaries into usrlibpostgresqlXYbinbullLogs into varlogpostgresqlbullStartup logs in varlogpostgresql alsobullOne init script starts all major versions

Debian ClustersbullDebian provides wrappers and helper scriptsbullpg_lsclusters - lists all PG clustersbullpg_ctlcluster - Control specific clustersbull--cluster option - Specify specific cluster

bullpsql --cluster 92mainbullpg_dump --cluster 92main etc

RedHat InstallbullConfigs in data directorybullDefault DB in varlibpgsqlXYdatabullCreate DB with service postgresql-92 initdbbullBinaries into usrpgsql-XYbinbullLogs into varlibpgsql-XYdatapg_logbullStartup logs in varlibpgsql-XYpgstartuplogbullInit script per major version

PostgreSQL Data DirectorybullSome thing in here do not react well to bulletsbullOn Debian just stay out of itbullOn RedHat be careful to only modify

bullpostgresqlconfbullpg_hbaconfbullpg_identconfbullpg_log

bullDo NOT touch files in pg_xlog or other dirsbullpg_xlog is PGs WAL- not just normal log files

Initial postgresqlconfbulllisten_addresses = (for external access)bullcheckpoint_segments = 30+

bullUses more disk space in pg_xlogbullNever let that partition run out of space

bullcheckpoint_completion_target = 09bullTargets finishing in 90 of time given

bulleffective_cache_size = half the RAMbullNever allocated just for planning

bullmax_wal_senders = 3bullMore later

Loggingbullpostgresqlconf

bulllog_connections = onbulllog_disconnections = onbullline_prefix= m [p] q [l-1] d ur a bulllog_lock_waits = onbulllog_statement = ddlbulllog_min_duration_statement = 100bulllog_temp_files = 0bulllog_autovacuum_min_duration = 0

InstallationbullDebianUbuntuetc

bullaptpostgresqlorgbullAdd PGDG sourceslistd

bullRedHatCentOSetcbullyumpostgresqlorgbullDownload amp Install PGDG RPM

bullMultiple Major Versions

Debian InstallbullConfigs in etcpostgresqlXYmainbullInitial DB in varlibpostgresqlXYmainbullBinaries into usrlibpostgresqlXYbinbullLogs into varlogpostgresqlbullStartup logs in varlogpostgresql alsobullOne init script starts all major versions

Debian ClustersbullDebian provides wrappers and helper scriptsbullpg_lsclusters - lists all PG clustersbullpg_ctlcluster - Control specific clustersbull--cluster option - Specify specific cluster

bullpsql --cluster 92mainbullpg_dump --cluster 92main etc

RedHat InstallbullConfigs in data directorybullDefault DB in varlibpgsqlXYdatabullCreate DB with service postgresql-92 initdbbullBinaries into usrpgsql-XYbinbullLogs into varlibpgsql-XYdatapg_logbullStartup logs in varlibpgsql-XYpgstartuplogbullInit script per major version

PostgreSQL Data DirectorybullSome thing in here do not react well to bulletsbullOn Debian just stay out of itbullOn RedHat be careful to only modify

bullpostgresqlconfbullpg_hbaconfbullpg_identconfbullpg_log

bullDo NOT touch files in pg_xlog or other dirsbullpg_xlog is PGs WAL- not just normal log files

Initial postgresqlconfbulllisten_addresses = (for external access)bullcheckpoint_segments = 30+

bullUses more disk space in pg_xlogbullNever let that partition run out of space

bullcheckpoint_completion_target = 09bullTargets finishing in 90 of time given

bulleffective_cache_size = half the RAMbullNever allocated just for planning

bullmax_wal_senders = 3bullMore later

Loggingbullpostgresqlconf

bulllog_connections = onbulllog_disconnections = onbullline_prefix= m [p] q [l-1] d ur a bulllog_lock_waits = onbulllog_statement = ddlbulllog_min_duration_statement = 100bulllog_temp_files = 0bulllog_autovacuum_min_duration = 0

Debian InstallbullConfigs in etcpostgresqlXYmainbullInitial DB in varlibpostgresqlXYmainbullBinaries into usrlibpostgresqlXYbinbullLogs into varlogpostgresqlbullStartup logs in varlogpostgresql alsobullOne init script starts all major versions

Debian ClustersbullDebian provides wrappers and helper scriptsbullpg_lsclusters - lists all PG clustersbullpg_ctlcluster - Control specific clustersbull--cluster option - Specify specific cluster

bullpsql --cluster 92mainbullpg_dump --cluster 92main etc

RedHat InstallbullConfigs in data directorybullDefault DB in varlibpgsqlXYdatabullCreate DB with service postgresql-92 initdbbullBinaries into usrpgsql-XYbinbullLogs into varlibpgsql-XYdatapg_logbullStartup logs in varlibpgsql-XYpgstartuplogbullInit script per major version

PostgreSQL Data DirectorybullSome thing in here do not react well to bulletsbullOn Debian just stay out of itbullOn RedHat be careful to only modify

bullpostgresqlconfbullpg_hbaconfbullpg_identconfbullpg_log

bullDo NOT touch files in pg_xlog or other dirsbullpg_xlog is PGs WAL- not just normal log files

Initial postgresqlconfbulllisten_addresses = (for external access)bullcheckpoint_segments = 30+

bullUses more disk space in pg_xlogbullNever let that partition run out of space

bullcheckpoint_completion_target = 09bullTargets finishing in 90 of time given

bulleffective_cache_size = half the RAMbullNever allocated just for planning

bullmax_wal_senders = 3bullMore later

Loggingbullpostgresqlconf

bulllog_connections = onbulllog_disconnections = onbullline_prefix= m [p] q [l-1] d ur a bulllog_lock_waits = onbulllog_statement = ddlbulllog_min_duration_statement = 100bulllog_temp_files = 0bulllog_autovacuum_min_duration = 0

Debian ClustersbullDebian provides wrappers and helper scriptsbullpg_lsclusters - lists all PG clustersbullpg_ctlcluster - Control specific clustersbull--cluster option - Specify specific cluster

bullpsql --cluster 92mainbullpg_dump --cluster 92main etc

RedHat InstallbullConfigs in data directorybullDefault DB in varlibpgsqlXYdatabullCreate DB with service postgresql-92 initdbbullBinaries into usrpgsql-XYbinbullLogs into varlibpgsql-XYdatapg_logbullStartup logs in varlibpgsql-XYpgstartuplogbullInit script per major version

PostgreSQL Data DirectorybullSome thing in here do not react well to bulletsbullOn Debian just stay out of itbullOn RedHat be careful to only modify

bullpostgresqlconfbullpg_hbaconfbullpg_identconfbullpg_log

bullDo NOT touch files in pg_xlog or other dirsbullpg_xlog is PGs WAL- not just normal log files

Initial postgresqlconfbulllisten_addresses = (for external access)bullcheckpoint_segments = 30+

bullUses more disk space in pg_xlogbullNever let that partition run out of space

bullcheckpoint_completion_target = 09bullTargets finishing in 90 of time given

bulleffective_cache_size = half the RAMbullNever allocated just for planning

bullmax_wal_senders = 3bullMore later

Loggingbullpostgresqlconf

bulllog_connections = onbulllog_disconnections = onbullline_prefix= m [p] q [l-1] d ur a bulllog_lock_waits = onbulllog_statement = ddlbulllog_min_duration_statement = 100bulllog_temp_files = 0bulllog_autovacuum_min_duration = 0

RedHat InstallbullConfigs in data directorybullDefault DB in varlibpgsqlXYdatabullCreate DB with service postgresql-92 initdbbullBinaries into usrpgsql-XYbinbullLogs into varlibpgsql-XYdatapg_logbullStartup logs in varlibpgsql-XYpgstartuplogbullInit script per major version

PostgreSQL Data DirectorybullSome thing in here do not react well to bulletsbullOn Debian just stay out of itbullOn RedHat be careful to only modify

bullpostgresqlconfbullpg_hbaconfbullpg_identconfbullpg_log

bullDo NOT touch files in pg_xlog or other dirsbullpg_xlog is PGs WAL- not just normal log files

Initial postgresqlconfbulllisten_addresses = (for external access)bullcheckpoint_segments = 30+

bullUses more disk space in pg_xlogbullNever let that partition run out of space

bullcheckpoint_completion_target = 09bullTargets finishing in 90 of time given

bulleffective_cache_size = half the RAMbullNever allocated just for planning

bullmax_wal_senders = 3bullMore later

Loggingbullpostgresqlconf

bulllog_connections = onbulllog_disconnections = onbullline_prefix= m [p] q [l-1] d ur a bulllog_lock_waits = onbulllog_statement = ddlbulllog_min_duration_statement = 100bulllog_temp_files = 0bulllog_autovacuum_min_duration = 0

PostgreSQL Data DirectorybullSome thing in here do not react well to bulletsbullOn Debian just stay out of itbullOn RedHat be careful to only modify

bullpostgresqlconfbullpg_hbaconfbullpg_identconfbullpg_log

bullDo NOT touch files in pg_xlog or other dirsbullpg_xlog is PGs WAL- not just normal log files

Initial postgresqlconfbulllisten_addresses = (for external access)bullcheckpoint_segments = 30+

bullUses more disk space in pg_xlogbullNever let that partition run out of space

bullcheckpoint_completion_target = 09bullTargets finishing in 90 of time given

bulleffective_cache_size = half the RAMbullNever allocated just for planning

bullmax_wal_senders = 3bullMore later

Loggingbullpostgresqlconf

bulllog_connections = onbulllog_disconnections = onbullline_prefix= m [p] q [l-1] d ur a bulllog_lock_waits = onbulllog_statement = ddlbulllog_min_duration_statement = 100bulllog_temp_files = 0bulllog_autovacuum_min_duration = 0

Initial postgresqlconfbulllisten_addresses = (for external access)bullcheckpoint_segments = 30+

bullUses more disk space in pg_xlogbullNever let that partition run out of space

bullcheckpoint_completion_target = 09bullTargets finishing in 90 of time given

bulleffective_cache_size = half the RAMbullNever allocated just for planning

bullmax_wal_senders = 3bullMore later

Loggingbullpostgresqlconf

bulllog_connections = onbulllog_disconnections = onbullline_prefix= m [p] q [l-1] d ur a bulllog_lock_waits = onbulllog_statement = ddlbulllog_min_duration_statement = 100bulllog_temp_files = 0bulllog_autovacuum_min_duration = 0

Loggingbullpostgresqlconf

bulllog_connections = onbulllog_disconnections = onbullline_prefix= m [p] q [l-1] d ur a bulllog_lock_waits = onbulllog_statement = ddlbulllog_min_duration_statement = 100bulllog_temp_files = 0bulllog_autovacuum_min_duration = 0

pg_hbaconfbullControls how users are authenticatedlocal DATABASE USER METHOD [OPTIONS]host DATABASE USER ADDRESS METHOD [OPTIONS]hostssl DATABASE USER ADDRESS METHOD [OPTIONS]hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]

bullRead in order top-to-bottom first match is usedbullhostssl requires SSL connection no is not SSLbullSpecial DBs - all sameuser replicationbullSpecial Users - all + prefix for role membershipbullAddress can be IPv4 or IPv6 can include CIDR maskbullSpecial reject method

Authentication MethodsbullThe ones you should use bullpeer

bullSecure unix-socket-based authbullChecks the Unix username of the user

bullgss (Kerberos)bullIntegreates w MITHeimdal Kerberos and ADbullRecommended for Enterprise deployments

bullcert (SSL Certificate)bullClient-side certificate based authenticationbullUse pg_ident to map CNs to PG usernames

Authentication MethodsbullAcceptable but not idealbullmd5

bullStock usernamepasswordbullUse SSL if youre worried about security

bullpambullModules run as postgres userbullCant be used directly w pam_unixbullsaslauthd can make it work (pam_sasl saslauthd)

bullradiusbullUse SSL if youre worried about security

Auth Method Dontsbulltrust - Never use this- no auth donebullpassword - Password sent in cleartextbullsspi

bullWindows-specificbullUses KerberosGSSAPI underneath

bullidentbullInsecure dont trust it- use peer for local

bullldapbullAuths against an LDAP serverbullUse KerberosGSSAPI if you can

pg_identconfbullDefines mappings which are used in pg_hbamap-name auth-user pg-userkerbnames sfrostSNOWMANNET sfrostcertname stephenfrost sfrost

bullExternal-user to PG-user mappingsbullUnix user joe can be PG user bobbullRegexps can be used- but be carefulbullAlso works for Kerberos client certs etc

Debian configsbullExtra config files in DebianUbuntubullstartconf

bullControls start of this clusterbullCan be auto manual disabled

bullpg_ctlconfbullOptions to pass to pg_ctlbullGenerally dont need to modify it

bullenvironmentbullControlls environment PG starts inbullGenerally dont need to modify it

RedHat configsbullBasically just the initd scripts

Connectingbullsudo su - postgresbullpsqlbull to see backslash-commandsbullh to get help on SQL queriescommandsbullExit with q or ctrl-dbullpsql -h localhost

Looking aroundbulltable pg_stat_activity - aka wbulll - list databases Name | Owner | Encoding | Collate | Ctype | Access privileges-----------+----------+----------+-------------+-------------+----------------------- postgres | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | template0 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres + template1 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres +

bulldn - list schemas Name | Owner--------+---------- public | postgres

bulldb - list tablespaces Name | Owner | Location------------+----------+---------- pg_default | postgres | pg_global | postgres |

User setupsbullcreateuser CREATE USERbullpassword to set passwordsbullPrivileges

bullSuperuser- Do not give this outbullCreateRole- Creation and modification of rolesbullCreateDatabase- Allows database creationbullLogin- Allows user to connect to DBbullReplication- Only for replicationsystem userbullAdmin- Allows changing role membershipsbullInherit- Automatically get GRANTED privileges

RolesbullUsers are really rolesbullGroups are implemented with rolesbullCREATE ROLE (or just createuser --nologin)

bullSame privilege optionsbullCan start as nologin then be granted loginbullCan cascade

bullAny role can be GRANTd to any other rolebullInherit is default acts like group privsbullNoinherit means user must run set role ala sudo

Permissionsbullpublic means all usersbullGRANT REVOKE to givetake away privs roles etcbullCONNECT privs on the database (public by default)bullschemas - CREATE USAGE

bullrecommend dropping public or revoke CREATEbullUse per-user or per-app schemas

bulltables - SELECTINSERTUPDATEDELETETRUNCATEbullview - same (incl update) execute as view ownerbullcolumns - SELECTINSERTUPDATEbullfunctions - SECURITY DEFINER are akin to setuid

Default permsbullGenerally secure-by-default

bullExcept functions- EXECUTE granted by defaultbullOwners have all rights on their objectsbullMembership in owning role == ownership

bullALTER DEFAULT PRIVILEGES - for rolesbullFOR ROLE IN SCHEMA GRANTbullCant be applied to just a schema

bullGRANT ON ALL IN SCHEMAbullFor tables views sequences functionsbullOne-time operation new tables will not have privs

TablespacesbullPermissions

bullPerms must be 0700 owned by postgresbullMust explicitly GRANT create rights

bullImplementationbullSymlinks in pg_tblspc directorybullRecommend against messing with them directlybullMust be fully-qualified

bullGUCsbulldefault_tablespacebulltemp_tablespaces

TuningbullFor a dedicated serverbullshared_buffers

bullWill be dedicated to PG for cacheingbullUp to half of main memorybullTry 2G on larger servers more may not helpbullPre-93 need to bump sysctl paramsbullPost-93 you dontbullDefaults to 128MB

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Authentication MethodsbullThe ones you should use bullpeer

bullSecure unix-socket-based authbullChecks the Unix username of the user

bullgss (Kerberos)bullIntegreates w MITHeimdal Kerberos and ADbullRecommended for Enterprise deployments

bullcert (SSL Certificate)bullClient-side certificate based authenticationbullUse pg_ident to map CNs to PG usernames

Authentication MethodsbullAcceptable but not idealbullmd5

bullStock usernamepasswordbullUse SSL if youre worried about security

bullpambullModules run as postgres userbullCant be used directly w pam_unixbullsaslauthd can make it work (pam_sasl saslauthd)

bullradiusbullUse SSL if youre worried about security

Auth Method Dontsbulltrust - Never use this- no auth donebullpassword - Password sent in cleartextbullsspi

bullWindows-specificbullUses KerberosGSSAPI underneath

bullidentbullInsecure dont trust it- use peer for local

bullldapbullAuths against an LDAP serverbullUse KerberosGSSAPI if you can

pg_identconfbullDefines mappings which are used in pg_hbamap-name auth-user pg-userkerbnames sfrostSNOWMANNET sfrostcertname stephenfrost sfrost

bullExternal-user to PG-user mappingsbullUnix user joe can be PG user bobbullRegexps can be used- but be carefulbullAlso works for Kerberos client certs etc

Debian configsbullExtra config files in DebianUbuntubullstartconf

bullControls start of this clusterbullCan be auto manual disabled

bullpg_ctlconfbullOptions to pass to pg_ctlbullGenerally dont need to modify it

bullenvironmentbullControlls environment PG starts inbullGenerally dont need to modify it

RedHat configsbullBasically just the initd scripts

Connectingbullsudo su - postgresbullpsqlbull to see backslash-commandsbullh to get help on SQL queriescommandsbullExit with q or ctrl-dbullpsql -h localhost

Looking aroundbulltable pg_stat_activity - aka wbulll - list databases Name | Owner | Encoding | Collate | Ctype | Access privileges-----------+----------+----------+-------------+-------------+----------------------- postgres | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | template0 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres + template1 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres +

bulldn - list schemas Name | Owner--------+---------- public | postgres

bulldb - list tablespaces Name | Owner | Location------------+----------+---------- pg_default | postgres | pg_global | postgres |

User setupsbullcreateuser CREATE USERbullpassword to set passwordsbullPrivileges

bullSuperuser- Do not give this outbullCreateRole- Creation and modification of rolesbullCreateDatabase- Allows database creationbullLogin- Allows user to connect to DBbullReplication- Only for replicationsystem userbullAdmin- Allows changing role membershipsbullInherit- Automatically get GRANTED privileges

RolesbullUsers are really rolesbullGroups are implemented with rolesbullCREATE ROLE (or just createuser --nologin)

bullSame privilege optionsbullCan start as nologin then be granted loginbullCan cascade

bullAny role can be GRANTd to any other rolebullInherit is default acts like group privsbullNoinherit means user must run set role ala sudo

Permissionsbullpublic means all usersbullGRANT REVOKE to givetake away privs roles etcbullCONNECT privs on the database (public by default)bullschemas - CREATE USAGE

bullrecommend dropping public or revoke CREATEbullUse per-user or per-app schemas

bulltables - SELECTINSERTUPDATEDELETETRUNCATEbullview - same (incl update) execute as view ownerbullcolumns - SELECTINSERTUPDATEbullfunctions - SECURITY DEFINER are akin to setuid

Default permsbullGenerally secure-by-default

bullExcept functions- EXECUTE granted by defaultbullOwners have all rights on their objectsbullMembership in owning role == ownership

bullALTER DEFAULT PRIVILEGES - for rolesbullFOR ROLE IN SCHEMA GRANTbullCant be applied to just a schema

bullGRANT ON ALL IN SCHEMAbullFor tables views sequences functionsbullOne-time operation new tables will not have privs

TablespacesbullPermissions

bullPerms must be 0700 owned by postgresbullMust explicitly GRANT create rights

bullImplementationbullSymlinks in pg_tblspc directorybullRecommend against messing with them directlybullMust be fully-qualified

bullGUCsbulldefault_tablespacebulltemp_tablespaces

TuningbullFor a dedicated serverbullshared_buffers

bullWill be dedicated to PG for cacheingbullUp to half of main memorybullTry 2G on larger servers more may not helpbullPre-93 need to bump sysctl paramsbullPost-93 you dontbullDefaults to 128MB

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Authentication MethodsbullAcceptable but not idealbullmd5

bullStock usernamepasswordbullUse SSL if youre worried about security

bullpambullModules run as postgres userbullCant be used directly w pam_unixbullsaslauthd can make it work (pam_sasl saslauthd)

bullradiusbullUse SSL if youre worried about security

Auth Method Dontsbulltrust - Never use this- no auth donebullpassword - Password sent in cleartextbullsspi

bullWindows-specificbullUses KerberosGSSAPI underneath

bullidentbullInsecure dont trust it- use peer for local

bullldapbullAuths against an LDAP serverbullUse KerberosGSSAPI if you can

pg_identconfbullDefines mappings which are used in pg_hbamap-name auth-user pg-userkerbnames sfrostSNOWMANNET sfrostcertname stephenfrost sfrost

bullExternal-user to PG-user mappingsbullUnix user joe can be PG user bobbullRegexps can be used- but be carefulbullAlso works for Kerberos client certs etc

Debian configsbullExtra config files in DebianUbuntubullstartconf

bullControls start of this clusterbullCan be auto manual disabled

bullpg_ctlconfbullOptions to pass to pg_ctlbullGenerally dont need to modify it

bullenvironmentbullControlls environment PG starts inbullGenerally dont need to modify it

RedHat configsbullBasically just the initd scripts

Connectingbullsudo su - postgresbullpsqlbull to see backslash-commandsbullh to get help on SQL queriescommandsbullExit with q or ctrl-dbullpsql -h localhost

Looking aroundbulltable pg_stat_activity - aka wbulll - list databases Name | Owner | Encoding | Collate | Ctype | Access privileges-----------+----------+----------+-------------+-------------+----------------------- postgres | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | template0 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres + template1 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres +

bulldn - list schemas Name | Owner--------+---------- public | postgres

bulldb - list tablespaces Name | Owner | Location------------+----------+---------- pg_default | postgres | pg_global | postgres |

User setupsbullcreateuser CREATE USERbullpassword to set passwordsbullPrivileges

bullSuperuser- Do not give this outbullCreateRole- Creation and modification of rolesbullCreateDatabase- Allows database creationbullLogin- Allows user to connect to DBbullReplication- Only for replicationsystem userbullAdmin- Allows changing role membershipsbullInherit- Automatically get GRANTED privileges

RolesbullUsers are really rolesbullGroups are implemented with rolesbullCREATE ROLE (or just createuser --nologin)

bullSame privilege optionsbullCan start as nologin then be granted loginbullCan cascade

bullAny role can be GRANTd to any other rolebullInherit is default acts like group privsbullNoinherit means user must run set role ala sudo

Permissionsbullpublic means all usersbullGRANT REVOKE to givetake away privs roles etcbullCONNECT privs on the database (public by default)bullschemas - CREATE USAGE

bullrecommend dropping public or revoke CREATEbullUse per-user or per-app schemas

bulltables - SELECTINSERTUPDATEDELETETRUNCATEbullview - same (incl update) execute as view ownerbullcolumns - SELECTINSERTUPDATEbullfunctions - SECURITY DEFINER are akin to setuid

Default permsbullGenerally secure-by-default

bullExcept functions- EXECUTE granted by defaultbullOwners have all rights on their objectsbullMembership in owning role == ownership

bullALTER DEFAULT PRIVILEGES - for rolesbullFOR ROLE IN SCHEMA GRANTbullCant be applied to just a schema

bullGRANT ON ALL IN SCHEMAbullFor tables views sequences functionsbullOne-time operation new tables will not have privs

TablespacesbullPermissions

bullPerms must be 0700 owned by postgresbullMust explicitly GRANT create rights

bullImplementationbullSymlinks in pg_tblspc directorybullRecommend against messing with them directlybullMust be fully-qualified

bullGUCsbulldefault_tablespacebulltemp_tablespaces

TuningbullFor a dedicated serverbullshared_buffers

bullWill be dedicated to PG for cacheingbullUp to half of main memorybullTry 2G on larger servers more may not helpbullPre-93 need to bump sysctl paramsbullPost-93 you dontbullDefaults to 128MB

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Auth Method Dontsbulltrust - Never use this- no auth donebullpassword - Password sent in cleartextbullsspi

bullWindows-specificbullUses KerberosGSSAPI underneath

bullidentbullInsecure dont trust it- use peer for local

bullldapbullAuths against an LDAP serverbullUse KerberosGSSAPI if you can

pg_identconfbullDefines mappings which are used in pg_hbamap-name auth-user pg-userkerbnames sfrostSNOWMANNET sfrostcertname stephenfrost sfrost

bullExternal-user to PG-user mappingsbullUnix user joe can be PG user bobbullRegexps can be used- but be carefulbullAlso works for Kerberos client certs etc

Debian configsbullExtra config files in DebianUbuntubullstartconf

bullControls start of this clusterbullCan be auto manual disabled

bullpg_ctlconfbullOptions to pass to pg_ctlbullGenerally dont need to modify it

bullenvironmentbullControlls environment PG starts inbullGenerally dont need to modify it

RedHat configsbullBasically just the initd scripts

Connectingbullsudo su - postgresbullpsqlbull to see backslash-commandsbullh to get help on SQL queriescommandsbullExit with q or ctrl-dbullpsql -h localhost

Looking aroundbulltable pg_stat_activity - aka wbulll - list databases Name | Owner | Encoding | Collate | Ctype | Access privileges-----------+----------+----------+-------------+-------------+----------------------- postgres | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | template0 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres + template1 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres +

bulldn - list schemas Name | Owner--------+---------- public | postgres

bulldb - list tablespaces Name | Owner | Location------------+----------+---------- pg_default | postgres | pg_global | postgres |

User setupsbullcreateuser CREATE USERbullpassword to set passwordsbullPrivileges

bullSuperuser- Do not give this outbullCreateRole- Creation and modification of rolesbullCreateDatabase- Allows database creationbullLogin- Allows user to connect to DBbullReplication- Only for replicationsystem userbullAdmin- Allows changing role membershipsbullInherit- Automatically get GRANTED privileges

RolesbullUsers are really rolesbullGroups are implemented with rolesbullCREATE ROLE (or just createuser --nologin)

bullSame privilege optionsbullCan start as nologin then be granted loginbullCan cascade

bullAny role can be GRANTd to any other rolebullInherit is default acts like group privsbullNoinherit means user must run set role ala sudo

Permissionsbullpublic means all usersbullGRANT REVOKE to givetake away privs roles etcbullCONNECT privs on the database (public by default)bullschemas - CREATE USAGE

bullrecommend dropping public or revoke CREATEbullUse per-user or per-app schemas

bulltables - SELECTINSERTUPDATEDELETETRUNCATEbullview - same (incl update) execute as view ownerbullcolumns - SELECTINSERTUPDATEbullfunctions - SECURITY DEFINER are akin to setuid

Default permsbullGenerally secure-by-default

bullExcept functions- EXECUTE granted by defaultbullOwners have all rights on their objectsbullMembership in owning role == ownership

bullALTER DEFAULT PRIVILEGES - for rolesbullFOR ROLE IN SCHEMA GRANTbullCant be applied to just a schema

bullGRANT ON ALL IN SCHEMAbullFor tables views sequences functionsbullOne-time operation new tables will not have privs

TablespacesbullPermissions

bullPerms must be 0700 owned by postgresbullMust explicitly GRANT create rights

bullImplementationbullSymlinks in pg_tblspc directorybullRecommend against messing with them directlybullMust be fully-qualified

bullGUCsbulldefault_tablespacebulltemp_tablespaces

TuningbullFor a dedicated serverbullshared_buffers

bullWill be dedicated to PG for cacheingbullUp to half of main memorybullTry 2G on larger servers more may not helpbullPre-93 need to bump sysctl paramsbullPost-93 you dontbullDefaults to 128MB

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

pg_identconfbullDefines mappings which are used in pg_hbamap-name auth-user pg-userkerbnames sfrostSNOWMANNET sfrostcertname stephenfrost sfrost

bullExternal-user to PG-user mappingsbullUnix user joe can be PG user bobbullRegexps can be used- but be carefulbullAlso works for Kerberos client certs etc

Debian configsbullExtra config files in DebianUbuntubullstartconf

bullControls start of this clusterbullCan be auto manual disabled

bullpg_ctlconfbullOptions to pass to pg_ctlbullGenerally dont need to modify it

bullenvironmentbullControlls environment PG starts inbullGenerally dont need to modify it

RedHat configsbullBasically just the initd scripts

Connectingbullsudo su - postgresbullpsqlbull to see backslash-commandsbullh to get help on SQL queriescommandsbullExit with q or ctrl-dbullpsql -h localhost

Looking aroundbulltable pg_stat_activity - aka wbulll - list databases Name | Owner | Encoding | Collate | Ctype | Access privileges-----------+----------+----------+-------------+-------------+----------------------- postgres | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | template0 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres + template1 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres +

bulldn - list schemas Name | Owner--------+---------- public | postgres

bulldb - list tablespaces Name | Owner | Location------------+----------+---------- pg_default | postgres | pg_global | postgres |

User setupsbullcreateuser CREATE USERbullpassword to set passwordsbullPrivileges

bullSuperuser- Do not give this outbullCreateRole- Creation and modification of rolesbullCreateDatabase- Allows database creationbullLogin- Allows user to connect to DBbullReplication- Only for replicationsystem userbullAdmin- Allows changing role membershipsbullInherit- Automatically get GRANTED privileges

RolesbullUsers are really rolesbullGroups are implemented with rolesbullCREATE ROLE (or just createuser --nologin)

bullSame privilege optionsbullCan start as nologin then be granted loginbullCan cascade

bullAny role can be GRANTd to any other rolebullInherit is default acts like group privsbullNoinherit means user must run set role ala sudo

Permissionsbullpublic means all usersbullGRANT REVOKE to givetake away privs roles etcbullCONNECT privs on the database (public by default)bullschemas - CREATE USAGE

bullrecommend dropping public or revoke CREATEbullUse per-user or per-app schemas

bulltables - SELECTINSERTUPDATEDELETETRUNCATEbullview - same (incl update) execute as view ownerbullcolumns - SELECTINSERTUPDATEbullfunctions - SECURITY DEFINER are akin to setuid

Default permsbullGenerally secure-by-default

bullExcept functions- EXECUTE granted by defaultbullOwners have all rights on their objectsbullMembership in owning role == ownership

bullALTER DEFAULT PRIVILEGES - for rolesbullFOR ROLE IN SCHEMA GRANTbullCant be applied to just a schema

bullGRANT ON ALL IN SCHEMAbullFor tables views sequences functionsbullOne-time operation new tables will not have privs

TablespacesbullPermissions

bullPerms must be 0700 owned by postgresbullMust explicitly GRANT create rights

bullImplementationbullSymlinks in pg_tblspc directorybullRecommend against messing with them directlybullMust be fully-qualified

bullGUCsbulldefault_tablespacebulltemp_tablespaces

TuningbullFor a dedicated serverbullshared_buffers

bullWill be dedicated to PG for cacheingbullUp to half of main memorybullTry 2G on larger servers more may not helpbullPre-93 need to bump sysctl paramsbullPost-93 you dontbullDefaults to 128MB

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Debian configsbullExtra config files in DebianUbuntubullstartconf

bullControls start of this clusterbullCan be auto manual disabled

bullpg_ctlconfbullOptions to pass to pg_ctlbullGenerally dont need to modify it

bullenvironmentbullControlls environment PG starts inbullGenerally dont need to modify it

RedHat configsbullBasically just the initd scripts

Connectingbullsudo su - postgresbullpsqlbull to see backslash-commandsbullh to get help on SQL queriescommandsbullExit with q or ctrl-dbullpsql -h localhost

Looking aroundbulltable pg_stat_activity - aka wbulll - list databases Name | Owner | Encoding | Collate | Ctype | Access privileges-----------+----------+----------+-------------+-------------+----------------------- postgres | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | template0 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres + template1 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres +

bulldn - list schemas Name | Owner--------+---------- public | postgres

bulldb - list tablespaces Name | Owner | Location------------+----------+---------- pg_default | postgres | pg_global | postgres |

User setupsbullcreateuser CREATE USERbullpassword to set passwordsbullPrivileges

bullSuperuser- Do not give this outbullCreateRole- Creation and modification of rolesbullCreateDatabase- Allows database creationbullLogin- Allows user to connect to DBbullReplication- Only for replicationsystem userbullAdmin- Allows changing role membershipsbullInherit- Automatically get GRANTED privileges

RolesbullUsers are really rolesbullGroups are implemented with rolesbullCREATE ROLE (or just createuser --nologin)

bullSame privilege optionsbullCan start as nologin then be granted loginbullCan cascade

bullAny role can be GRANTd to any other rolebullInherit is default acts like group privsbullNoinherit means user must run set role ala sudo

Permissionsbullpublic means all usersbullGRANT REVOKE to givetake away privs roles etcbullCONNECT privs on the database (public by default)bullschemas - CREATE USAGE

bullrecommend dropping public or revoke CREATEbullUse per-user or per-app schemas

bulltables - SELECTINSERTUPDATEDELETETRUNCATEbullview - same (incl update) execute as view ownerbullcolumns - SELECTINSERTUPDATEbullfunctions - SECURITY DEFINER are akin to setuid

Default permsbullGenerally secure-by-default

bullExcept functions- EXECUTE granted by defaultbullOwners have all rights on their objectsbullMembership in owning role == ownership

bullALTER DEFAULT PRIVILEGES - for rolesbullFOR ROLE IN SCHEMA GRANTbullCant be applied to just a schema

bullGRANT ON ALL IN SCHEMAbullFor tables views sequences functionsbullOne-time operation new tables will not have privs

TablespacesbullPermissions

bullPerms must be 0700 owned by postgresbullMust explicitly GRANT create rights

bullImplementationbullSymlinks in pg_tblspc directorybullRecommend against messing with them directlybullMust be fully-qualified

bullGUCsbulldefault_tablespacebulltemp_tablespaces

TuningbullFor a dedicated serverbullshared_buffers

bullWill be dedicated to PG for cacheingbullUp to half of main memorybullTry 2G on larger servers more may not helpbullPre-93 need to bump sysctl paramsbullPost-93 you dontbullDefaults to 128MB

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

RedHat configsbullBasically just the initd scripts

Connectingbullsudo su - postgresbullpsqlbull to see backslash-commandsbullh to get help on SQL queriescommandsbullExit with q or ctrl-dbullpsql -h localhost

Looking aroundbulltable pg_stat_activity - aka wbulll - list databases Name | Owner | Encoding | Collate | Ctype | Access privileges-----------+----------+----------+-------------+-------------+----------------------- postgres | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | template0 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres + template1 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres +

bulldn - list schemas Name | Owner--------+---------- public | postgres

bulldb - list tablespaces Name | Owner | Location------------+----------+---------- pg_default | postgres | pg_global | postgres |

User setupsbullcreateuser CREATE USERbullpassword to set passwordsbullPrivileges

bullSuperuser- Do not give this outbullCreateRole- Creation and modification of rolesbullCreateDatabase- Allows database creationbullLogin- Allows user to connect to DBbullReplication- Only for replicationsystem userbullAdmin- Allows changing role membershipsbullInherit- Automatically get GRANTED privileges

RolesbullUsers are really rolesbullGroups are implemented with rolesbullCREATE ROLE (or just createuser --nologin)

bullSame privilege optionsbullCan start as nologin then be granted loginbullCan cascade

bullAny role can be GRANTd to any other rolebullInherit is default acts like group privsbullNoinherit means user must run set role ala sudo

Permissionsbullpublic means all usersbullGRANT REVOKE to givetake away privs roles etcbullCONNECT privs on the database (public by default)bullschemas - CREATE USAGE

bullrecommend dropping public or revoke CREATEbullUse per-user or per-app schemas

bulltables - SELECTINSERTUPDATEDELETETRUNCATEbullview - same (incl update) execute as view ownerbullcolumns - SELECTINSERTUPDATEbullfunctions - SECURITY DEFINER are akin to setuid

Default permsbullGenerally secure-by-default

bullExcept functions- EXECUTE granted by defaultbullOwners have all rights on their objectsbullMembership in owning role == ownership

bullALTER DEFAULT PRIVILEGES - for rolesbullFOR ROLE IN SCHEMA GRANTbullCant be applied to just a schema

bullGRANT ON ALL IN SCHEMAbullFor tables views sequences functionsbullOne-time operation new tables will not have privs

TablespacesbullPermissions

bullPerms must be 0700 owned by postgresbullMust explicitly GRANT create rights

bullImplementationbullSymlinks in pg_tblspc directorybullRecommend against messing with them directlybullMust be fully-qualified

bullGUCsbulldefault_tablespacebulltemp_tablespaces

TuningbullFor a dedicated serverbullshared_buffers

bullWill be dedicated to PG for cacheingbullUp to half of main memorybullTry 2G on larger servers more may not helpbullPre-93 need to bump sysctl paramsbullPost-93 you dontbullDefaults to 128MB

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Connectingbullsudo su - postgresbullpsqlbull to see backslash-commandsbullh to get help on SQL queriescommandsbullExit with q or ctrl-dbullpsql -h localhost

Looking aroundbulltable pg_stat_activity - aka wbulll - list databases Name | Owner | Encoding | Collate | Ctype | Access privileges-----------+----------+----------+-------------+-------------+----------------------- postgres | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | template0 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres + template1 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres +

bulldn - list schemas Name | Owner--------+---------- public | postgres

bulldb - list tablespaces Name | Owner | Location------------+----------+---------- pg_default | postgres | pg_global | postgres |

User setupsbullcreateuser CREATE USERbullpassword to set passwordsbullPrivileges

bullSuperuser- Do not give this outbullCreateRole- Creation and modification of rolesbullCreateDatabase- Allows database creationbullLogin- Allows user to connect to DBbullReplication- Only for replicationsystem userbullAdmin- Allows changing role membershipsbullInherit- Automatically get GRANTED privileges

RolesbullUsers are really rolesbullGroups are implemented with rolesbullCREATE ROLE (or just createuser --nologin)

bullSame privilege optionsbullCan start as nologin then be granted loginbullCan cascade

bullAny role can be GRANTd to any other rolebullInherit is default acts like group privsbullNoinherit means user must run set role ala sudo

Permissionsbullpublic means all usersbullGRANT REVOKE to givetake away privs roles etcbullCONNECT privs on the database (public by default)bullschemas - CREATE USAGE

bullrecommend dropping public or revoke CREATEbullUse per-user or per-app schemas

bulltables - SELECTINSERTUPDATEDELETETRUNCATEbullview - same (incl update) execute as view ownerbullcolumns - SELECTINSERTUPDATEbullfunctions - SECURITY DEFINER are akin to setuid

Default permsbullGenerally secure-by-default

bullExcept functions- EXECUTE granted by defaultbullOwners have all rights on their objectsbullMembership in owning role == ownership

bullALTER DEFAULT PRIVILEGES - for rolesbullFOR ROLE IN SCHEMA GRANTbullCant be applied to just a schema

bullGRANT ON ALL IN SCHEMAbullFor tables views sequences functionsbullOne-time operation new tables will not have privs

TablespacesbullPermissions

bullPerms must be 0700 owned by postgresbullMust explicitly GRANT create rights

bullImplementationbullSymlinks in pg_tblspc directorybullRecommend against messing with them directlybullMust be fully-qualified

bullGUCsbulldefault_tablespacebulltemp_tablespaces

TuningbullFor a dedicated serverbullshared_buffers

bullWill be dedicated to PG for cacheingbullUp to half of main memorybullTry 2G on larger servers more may not helpbullPre-93 need to bump sysctl paramsbullPost-93 you dontbullDefaults to 128MB

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Looking aroundbulltable pg_stat_activity - aka wbulll - list databases Name | Owner | Encoding | Collate | Ctype | Access privileges-----------+----------+----------+-------------+-------------+----------------------- postgres | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | template0 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres + template1 | postgres | UTF8 | en_USUTF-8 | en_USUTF-8 | =cpostgres +

bulldn - list schemas Name | Owner--------+---------- public | postgres

bulldb - list tablespaces Name | Owner | Location------------+----------+---------- pg_default | postgres | pg_global | postgres |

User setupsbullcreateuser CREATE USERbullpassword to set passwordsbullPrivileges

bullSuperuser- Do not give this outbullCreateRole- Creation and modification of rolesbullCreateDatabase- Allows database creationbullLogin- Allows user to connect to DBbullReplication- Only for replicationsystem userbullAdmin- Allows changing role membershipsbullInherit- Automatically get GRANTED privileges

RolesbullUsers are really rolesbullGroups are implemented with rolesbullCREATE ROLE (or just createuser --nologin)

bullSame privilege optionsbullCan start as nologin then be granted loginbullCan cascade

bullAny role can be GRANTd to any other rolebullInherit is default acts like group privsbullNoinherit means user must run set role ala sudo

Permissionsbullpublic means all usersbullGRANT REVOKE to givetake away privs roles etcbullCONNECT privs on the database (public by default)bullschemas - CREATE USAGE

bullrecommend dropping public or revoke CREATEbullUse per-user or per-app schemas

bulltables - SELECTINSERTUPDATEDELETETRUNCATEbullview - same (incl update) execute as view ownerbullcolumns - SELECTINSERTUPDATEbullfunctions - SECURITY DEFINER are akin to setuid

Default permsbullGenerally secure-by-default

bullExcept functions- EXECUTE granted by defaultbullOwners have all rights on their objectsbullMembership in owning role == ownership

bullALTER DEFAULT PRIVILEGES - for rolesbullFOR ROLE IN SCHEMA GRANTbullCant be applied to just a schema

bullGRANT ON ALL IN SCHEMAbullFor tables views sequences functionsbullOne-time operation new tables will not have privs

TablespacesbullPermissions

bullPerms must be 0700 owned by postgresbullMust explicitly GRANT create rights

bullImplementationbullSymlinks in pg_tblspc directorybullRecommend against messing with them directlybullMust be fully-qualified

bullGUCsbulldefault_tablespacebulltemp_tablespaces

TuningbullFor a dedicated serverbullshared_buffers

bullWill be dedicated to PG for cacheingbullUp to half of main memorybullTry 2G on larger servers more may not helpbullPre-93 need to bump sysctl paramsbullPost-93 you dontbullDefaults to 128MB

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

User setupsbullcreateuser CREATE USERbullpassword to set passwordsbullPrivileges

bullSuperuser- Do not give this outbullCreateRole- Creation and modification of rolesbullCreateDatabase- Allows database creationbullLogin- Allows user to connect to DBbullReplication- Only for replicationsystem userbullAdmin- Allows changing role membershipsbullInherit- Automatically get GRANTED privileges

RolesbullUsers are really rolesbullGroups are implemented with rolesbullCREATE ROLE (or just createuser --nologin)

bullSame privilege optionsbullCan start as nologin then be granted loginbullCan cascade

bullAny role can be GRANTd to any other rolebullInherit is default acts like group privsbullNoinherit means user must run set role ala sudo

Permissionsbullpublic means all usersbullGRANT REVOKE to givetake away privs roles etcbullCONNECT privs on the database (public by default)bullschemas - CREATE USAGE

bullrecommend dropping public or revoke CREATEbullUse per-user or per-app schemas

bulltables - SELECTINSERTUPDATEDELETETRUNCATEbullview - same (incl update) execute as view ownerbullcolumns - SELECTINSERTUPDATEbullfunctions - SECURITY DEFINER are akin to setuid

Default permsbullGenerally secure-by-default

bullExcept functions- EXECUTE granted by defaultbullOwners have all rights on their objectsbullMembership in owning role == ownership

bullALTER DEFAULT PRIVILEGES - for rolesbullFOR ROLE IN SCHEMA GRANTbullCant be applied to just a schema

bullGRANT ON ALL IN SCHEMAbullFor tables views sequences functionsbullOne-time operation new tables will not have privs

TablespacesbullPermissions

bullPerms must be 0700 owned by postgresbullMust explicitly GRANT create rights

bullImplementationbullSymlinks in pg_tblspc directorybullRecommend against messing with them directlybullMust be fully-qualified

bullGUCsbulldefault_tablespacebulltemp_tablespaces

TuningbullFor a dedicated serverbullshared_buffers

bullWill be dedicated to PG for cacheingbullUp to half of main memorybullTry 2G on larger servers more may not helpbullPre-93 need to bump sysctl paramsbullPost-93 you dontbullDefaults to 128MB

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

RolesbullUsers are really rolesbullGroups are implemented with rolesbullCREATE ROLE (or just createuser --nologin)

bullSame privilege optionsbullCan start as nologin then be granted loginbullCan cascade

bullAny role can be GRANTd to any other rolebullInherit is default acts like group privsbullNoinherit means user must run set role ala sudo

Permissionsbullpublic means all usersbullGRANT REVOKE to givetake away privs roles etcbullCONNECT privs on the database (public by default)bullschemas - CREATE USAGE

bullrecommend dropping public or revoke CREATEbullUse per-user or per-app schemas

bulltables - SELECTINSERTUPDATEDELETETRUNCATEbullview - same (incl update) execute as view ownerbullcolumns - SELECTINSERTUPDATEbullfunctions - SECURITY DEFINER are akin to setuid

Default permsbullGenerally secure-by-default

bullExcept functions- EXECUTE granted by defaultbullOwners have all rights on their objectsbullMembership in owning role == ownership

bullALTER DEFAULT PRIVILEGES - for rolesbullFOR ROLE IN SCHEMA GRANTbullCant be applied to just a schema

bullGRANT ON ALL IN SCHEMAbullFor tables views sequences functionsbullOne-time operation new tables will not have privs

TablespacesbullPermissions

bullPerms must be 0700 owned by postgresbullMust explicitly GRANT create rights

bullImplementationbullSymlinks in pg_tblspc directorybullRecommend against messing with them directlybullMust be fully-qualified

bullGUCsbulldefault_tablespacebulltemp_tablespaces

TuningbullFor a dedicated serverbullshared_buffers

bullWill be dedicated to PG for cacheingbullUp to half of main memorybullTry 2G on larger servers more may not helpbullPre-93 need to bump sysctl paramsbullPost-93 you dontbullDefaults to 128MB

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Permissionsbullpublic means all usersbullGRANT REVOKE to givetake away privs roles etcbullCONNECT privs on the database (public by default)bullschemas - CREATE USAGE

bullrecommend dropping public or revoke CREATEbullUse per-user or per-app schemas

bulltables - SELECTINSERTUPDATEDELETETRUNCATEbullview - same (incl update) execute as view ownerbullcolumns - SELECTINSERTUPDATEbullfunctions - SECURITY DEFINER are akin to setuid

Default permsbullGenerally secure-by-default

bullExcept functions- EXECUTE granted by defaultbullOwners have all rights on their objectsbullMembership in owning role == ownership

bullALTER DEFAULT PRIVILEGES - for rolesbullFOR ROLE IN SCHEMA GRANTbullCant be applied to just a schema

bullGRANT ON ALL IN SCHEMAbullFor tables views sequences functionsbullOne-time operation new tables will not have privs

TablespacesbullPermissions

bullPerms must be 0700 owned by postgresbullMust explicitly GRANT create rights

bullImplementationbullSymlinks in pg_tblspc directorybullRecommend against messing with them directlybullMust be fully-qualified

bullGUCsbulldefault_tablespacebulltemp_tablespaces

TuningbullFor a dedicated serverbullshared_buffers

bullWill be dedicated to PG for cacheingbullUp to half of main memorybullTry 2G on larger servers more may not helpbullPre-93 need to bump sysctl paramsbullPost-93 you dontbullDefaults to 128MB

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Default permsbullGenerally secure-by-default

bullExcept functions- EXECUTE granted by defaultbullOwners have all rights on their objectsbullMembership in owning role == ownership

bullALTER DEFAULT PRIVILEGES - for rolesbullFOR ROLE IN SCHEMA GRANTbullCant be applied to just a schema

bullGRANT ON ALL IN SCHEMAbullFor tables views sequences functionsbullOne-time operation new tables will not have privs

TablespacesbullPermissions

bullPerms must be 0700 owned by postgresbullMust explicitly GRANT create rights

bullImplementationbullSymlinks in pg_tblspc directorybullRecommend against messing with them directlybullMust be fully-qualified

bullGUCsbulldefault_tablespacebulltemp_tablespaces

TuningbullFor a dedicated serverbullshared_buffers

bullWill be dedicated to PG for cacheingbullUp to half of main memorybullTry 2G on larger servers more may not helpbullPre-93 need to bump sysctl paramsbullPost-93 you dontbullDefaults to 128MB

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

TablespacesbullPermissions

bullPerms must be 0700 owned by postgresbullMust explicitly GRANT create rights

bullImplementationbullSymlinks in pg_tblspc directorybullRecommend against messing with them directlybullMust be fully-qualified

bullGUCsbulldefault_tablespacebulltemp_tablespaces

TuningbullFor a dedicated serverbullshared_buffers

bullWill be dedicated to PG for cacheingbullUp to half of main memorybullTry 2G on larger servers more may not helpbullPre-93 need to bump sysctl paramsbullPost-93 you dontbullDefaults to 128MB

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

TuningbullFor a dedicated serverbullshared_buffers

bullWill be dedicated to PG for cacheingbullUp to half of main memorybullTry 2G on larger servers more may not helpbullPre-93 need to bump sysctl paramsbullPost-93 you dontbullDefaults to 128MB

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Tuning (continued)bullwork_mem

bullUsed for in-memory hashing sorts etcbullCan be increased inside a given connectionbullUsed many times over- not a hard limitbullPer connection so be carefulbullDefaults to 1MB (wayy too small)

bullmaintenance_work_membullUsed for building indexesbullMake it larger before building an indexbullDefaults to 16MB (thats a very small index)

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Tuning (continued)bulleffective_cache_size

bullTells PG how much of the DB is in memorybullHalf of main memorybullNever allocated only for planning purposesbullDefaults to 128MB

bullautovacuumbullOn a high-rate server make it more aggressivebullIncrease max_workersbullDecrease autovacuum_vacuum_cost_delaybullDefaults are for lightly loaded systems

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Tuning (continued)bullpg_xlog

bullSequential writesbullPut on dedicated disksbullMonitor very closely for space

bullpg_stat_tmpbullConsider tmpfsbullWritten to by stats collector constantlybullFile per-DB in 93+ helps a lot

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Slow QueriesbullLogging all queries hurtsbulllog_min_duration_statement

bullLogs queries over timebullIncludes duration (no need for log_duration)

bullpgfouine - Log AnalyzerbullBest with specific log_line_prefixbullGenerates very nice reportsbullVarious sorts- total time max length etc

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Config Bump-Upsbullmax_connections = 100

bullConsider using pg_bouncerbull connections == of CPUs is ideal

bullshared_buffers = couple gigbullProbably not more than 3-4G (Test)

bullmaintenance_work_mem = maybe a gigbullUsed for building indexes

bullmax_locks_per_transaction = 128bullMore if you have lots of objectsbull locks available is actually this max_conn

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Simple BackupsbullExtremely importantbullpg_basebackup w WAL recieve

bullBinary-based backupbullMUST have WAL files backed up alsobullNeeds to connect to replication DB

bullpg_dumpbullLogical text-based backupbullDoes not back up indexes must rebuildbullRequires lightweight locks on everything

bullTest restoring your data

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Parallel Backupsbullpg_dump support in recent versionsbullpg_restore also supports- not transactionalbullBinary backups

bullUse rsyncbullParallelize by tablespacebullNo parallel option for pg_basebackup (yet)

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

PITR BackupsbullPoint-in-time-Recovery w WAL

bullFrom base-backup play forward WALbullCan stop at any point-in-time

bullRequires a basebinary backup (pg_basebackup)bullMust archive all WAL

bullWAL archived with archive_commandbullOnly WAL after a base backup is useful

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

archive_commandbullf replaced with WAL filenamebullp replaced with full path to WAL

bulltest -f archivef ampampbullcp p archivef

bullBe sure to testbullMonitor your postgres logsbullMust return zero ONLY on success

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

RestoringbullMake sure to test your backupsbullTest by doing a restorebullTest regularly (at least once a year)bullConsider multiple scenarios

bullTape-based restorebullRestore from off-sitebullFail-overbullHow much data lostbullHow much downtime

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

recoveryconfbullrestore_commandbullf is WAL file neededbullp is where to put it

bullcp archivef pbullOnly return zero when successfulbullWill be called for non-existant files

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

ReplicationbullRead-only streaming slavesbullSet up WAL archiving

bullNot strictly requiredbullVery recommended

bullInitial copy with pg_basebackupbullConfigure connection in recoveryconfbullrecoveryconf must live in data dirbullMonitor lag- replica can fall behind

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Monitoringbullcheck_postgresplbullUseful with Nagios Icinga MRTG etcbullProvides metrics as well as monitoringbullAllows custom query for monitoringbullMinimum set of checksarchive_ready (if doing WAL archiving) --- Number of WAL ready filesautovac_freeze --- How close to Autovacuum Max Freezebackends (Metric) --- Number of Backends runningdbstats (Metrics) --- Lots of different statslistener (If using LISTENNOTIFY) --- Checks if anyone is LISTENinglocks (Metric) --- Number of locks heldpgbouncer options (if using pgbouncer) --- Various pgbouncer checkstxn_idle --- Transactions idle for X timetxn_time --- Transactions longer than X timetxn_wraparound --- How close to transaction wraparound

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Log MonitoringbullPG logs are multi-linebulltail_n_mail works greatbullOther solutions do not understand PG logs

bullsyslog-basedbulllogstashbulllogcheck

bullAutomatically-processed CSV log

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

ExtensionsbullInstall -contrib packagebullUse PGXN - httppgxnorgbulltable pg_available_extensions name | default_version | installed_version | comment--------------------+-----------------+-------------------+---------------------------------------------------------------------- file_fdw | 10 | | foreign-data wrapper for flat file access dblink | 10 | | connect to other PostgreSQL databases from within a database plpgsql | 10 | 10 | PLpgSQL procedural language pg_trgm | 10 | | text similarity measurement and index searching based on trigrams adminpack | 10 | | administrative functions for PostgreSQL ip4r | 20 | | hstore | 11 | | data type for storing sets of (key value) pairs

bulladminpack allows superuser to change anythingbulldx lists installed extensions

Extensions (contd)bullRequires superuser to installbullOften include compiled C code - sos

bullC code can crash the backend use cautionbullC code has access to everything

bullPGXN is pretty openbullModules from -contrib maintained by PGDG

Thank youStephen Frost

sfrostsnowmannetnet_snow

• Stephen Frost
• Do you read
• Agenda
• Terms
• Terms (continued)
• Terms (continued)
• Terms (continued)
• Terms (continued)
• Installation
• Debian Install
• Debian Clusters
• RedHat Install
• PostgreSQL Data Directory
• Initial postgresqlconf
• Logging
• pg_hbaconf
• Authentication Methods
• Authentication Methods
• Auth Method Donts
• pg_identconf
• Debian configs
• RedHat configs
• Connecting
• Looking around
• User setups
• Roles
• Permissions
• Default perms
• Tablespaces
• Tuning
• Tuning (continued)
• Tuning (continued)
• Tuning (continued)
• Slow Queries
• Config Bump-Ups
• Simple Backups
• Parallel Backups
• PITR Backups
• archive_command
• Restoring
• recoveryconf
• Replication
• Monitoring
• Log Monitoring
• Extensions
• Extensions (contd)

Thank youStephen Frost

sfrostsnowmannetnet_snow

• Stephen Frost
• Do you read
• Agenda
• Terms
• Terms (continued)
• Terms (continued)
• Terms (continued)
• Terms (continued)
• Installation
• Debian Install
• Debian Clusters
• RedHat Install
• PostgreSQL Data Directory
• Initial postgresqlconf
• Logging
• pg_hbaconf
• Authentication Methods
• Authentication Methods
• Auth Method Donts
• pg_identconf
• Debian configs
• RedHat configs
• Connecting
• Looking around
• User setups
• Roles
• Permissions
• Default perms
• Tablespaces
• Tuning
• Tuning (continued)
• Tuning (continued)
• Tuning (continued)
• Slow Queries
• Config Bump-Ups
• Simple Backups
• Parallel Backups
• PITR Backups
• archive_command
• Restoring
• recoveryconf
• Replication
• Monitoring
• Log Monitoring
• Extensions
• Extensions (contd)