SlideShare a Scribd company logo

Trivadis TechEvent 2017 PostgreSQL für die (Orakel) DBA by Ludovico Caldara

Trivadis, profile picture
Trivadis

The document discusses PostgreSQL as an open-source RDBMS, highlighting its growing popularity due to dissatisfaction with Oracle's high costs and support issues. It outlines the feature set, SQL standards compliance, and provides insights into PostgreSQL's architecture, operations, and necessary maintenance practices such as vacuuming. Various subscription options and installation methods are also detailed, emphasizing PostgreSQL's enterprise capabilities compared to competitors like Oracle and MySQL.

Technology
1 of 91
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
BÂLE BERNE BRUGG DUSSELDORF FRANCFORT S.M. FRIBOURG E.BR. GENÈVE HAMBOURG COPENHAGUE LAUSANNE MUNICH STUTTGART VIENNE ZURICH PostgreSQL für die (Orakel) DBA Ludovico Caldara Oracle ACE Director Trivadis AG
PostgreSQL2 26/10/2017 PostgreSQL in the RDBMS Ecosystem
DB-Engines Ranking of RDBMS (Feb 2017) PostgreSQL3 26/10/2017
Google trends PostgreSQL4 26/10/2017
PostgreSQL awareness… PostgreSQL5 26/10/2017 It is an Open-Source, advanced RDBMS It supports modern SQL constructs But … it is much less broaden than Oracle and MySQL – So why we care about it?
PostgreSQL awareness… (cont.) PostgreSQL6 26/10/2017 More and more customers are upset with Oracle – High costs (http://www.oracle.com/us/corporate/pricing/technology-price-list- 070617.pdf) – Lower support quality over the years – Aggressive License auditing – On-premises strategy (and roadmap) is not promising – Unfriendly with 3rd party clouds (https://oracle-base.com/blog/2017/01/28/oracles- cloud-licensing-change-be-warned/)
PostgreSQL awareness… (cont.) PostgreSQL7 26/10/2017 PostgreSQL is the RDBMS most close to Oracle – Feature set – SQL Dialect – Procedural Language For a fraction of the price! (or completely free) Many respected developers endorse it: – Markus Winand – Lukas Eder – Felix Geisendörfer
SQL Standards adherence at a glance PostgreSQL8 26/10/2017 MYSQL 5.7 PostgreSQL 9.6 SQLite DB2 11.1 Oracle 12.1 SQL Server 2016 SQL Standards SQL:1999 LATERAL SQL:1999 GROUPING SETS SQL:1999 WITH SQL:1999 WITH RECURSIVE SQL:2003 FILTER SQL:2003 OVER SQL:2003 WITHIN GROUP SQL:2003 TABLESAMPLE SQL:2008 FETCH FIRST SQL:2011 OFFSET SQL:2011 OVER SQL:2011 TEMPORAL TABLES SQL:2016 ROW PATTERN MATHING Source: https://www.slideshare.net/MarkusWinand/modern-sql
PostgreSQL9 26/10/2017 Support, License, Cost
EnterpriseDB Standard PostgreSQL11 26/10/2017 https://www.enterprisedb.com/products/subscriptions Standard PostgreSQL Subscription – «Almost» vanilla version but pre-packaged – EDB Postgres Enterprise Manager – EDB Postgres Failover Manager – EDB Postgres Replication Server – EDB Postgres Migration toolkit – Etc. Price: 1225€ per core (or vcore) / year (offer 2016)
EnterpriseDB Advanced Server PostgreSQL12 26/10/2017 https://www.enterprisedb.com/products/subscriptions Commercial Subscription – All Standard features plus: – Enterprise Security (password profiles, PL Wrapping, session auditing) – Enterprise Performance (Partition by, optimizer hints) – Enterprise Development (see https://www.enterprisedb.com/products/compare-postgres- databases#securityfeatures for the full list) – Enterprise Management (Resource manager, extended catalog views) – Compatibility with Oracle (EDB*OCI, PL/SQL support, PL/SQL debugger) Price: 1750€ per core (or vcore) / year (offer 2016)
2ndQuadrant PostgreSQL13 26/10/2017 2ndQuadrant maintains and supports additional tools – Pglogical (replication) – Postgres-BDR (bi-directional replication) – Postgres-XL (parallel server scale-out) – Barman (backup and recovery) – Repmpr (replication failover) – Other tools for analytics
PostgreSQL14 26/10/2017 Installation
Via Repositories (RPM, DEB) PostgreSQL15 26/10/2017 Standard distribution repositories – You may encounter unwanted upgrades if you upgrade everything – Great if a sysadmin need to maintain a single installation Official PostgreSQL YUM repository – A single RPM per version/architecture will install the correct YUM repository – Better control over what you install and when you upgrade – yum install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7- x86_64/pgdg-redhat96-9.6-3.noarch.rpm Limited to one installation per server/VM
From source code PostgreSQL16 26/10/2017 Quite tedious (libraries dependencies, configure, make…) Follow the instructions: https://www.postgresql.org/docs/current/static/installation.html Not suitable for production, requires deep testing But great if you want to integrate patches or 3rd parties extentions or plugins
Tarballs PostgreSQL17 26/10/2017 You can find tarballs here: https://www.enterprisedb.com/download-postgresql-binaries Great if you want multiple installations – Use Oracle Flexible Architecture! Easy: you can script your own installation using tarballs
Installers PostgreSQL18 26/10/2017 PostgreSQL website points to the EnterpriseDB website for installers: https://www.enterprisedb.com/downloads/postgres-postgresql-downloads – They require root privileges: non-sense when customers have common security rules – Personally I use them as tarballs (no root privilege required) sudo -u postgres /path/to/postgresql-9.6.2-1-linux-x64.run --mode unattended --extract-only yes --prefix /u01/app/postgres/product/postgresql-9.6.2-1
Initialization PostgreSQL20 26/10/2017 Tarballs and custom builds do not initialize the cluster – Use this command to do it: $ initdb --pgdata=$PGDATA --xlogdir=$PGXLOG --auth=md5 --data-checksums [other options] Basic hardening and parameter configuration is still needed! – Hardening: we will see it in another chapter. For now: pg_hba.conf -> defines authentication schemes pg_ident.conf -> defines user equivalency at OS level – Parameters: next slides In postgreSQL a cluster is the instance!
Cluster directory structure PostgreSQL21 26/10/2017 Dir / File Content $PGDATA/postmaster.pid Pid file $PGDATA/postgresql.conf Config file $PGDATA/pg_log/ Log files (like alert) $PGDATA/base/<DB_ID>/<SEG_ID> Physical structures (tables, indexes) $PGDATA/pg_xlog/ WAL logfiles Full list of directories: https://www.postgresql.org/docs/current/static/storage-file-layout.html
Basic parameter configuration PostgreSQL22 26/10/2017 $PGDATA/postgresql.conf -> just like init.ora shared_buffers – Kind of db_cache, but PostgreSQL uses heavily filesystem cache: different values! listen_addresses = ‘*’ – To which address it binds cluster_name – New in postgresql 9.5, useful to match processes with instances
Basic parameter configuration (cont.) PostgreSQL23 26/10/2017 Max_connections Wal_* – WAL files are the after images (redo/archive logs) – configure them with the wal_* parameters Archive_* – WAL files needs to be archived somewhere – Configure the archiving with the archive_* parameters
Important environment variables PostgreSQL24 26/10/2017 PGPORT – The port the cluster is listening to (must be unique for each cluster) PGDATA – The directory that contains all the cluster data
PostgreSQL25 26/10/2017 Operations: Stop/Start
Operations: start PostgreSQL26 26/10/2017 pg_ctl is the main command to stop and start the cluster pg_ctl start -w -o "-p $PGPORT" -D $PGDATA -l $PGOUTPUT – -w: wait for the start to complete – -o: options to be passed to the postgres command – -D: path to the data (must have permissions 700) – -l: path to the standard output (will have permissions 700)
Operations: stop PostgreSQL27 26/10/2017 pg_ctl stop –m fast – -m smart -> waits for disconnects and end of backups (like shutdown normal) – -m fast -> rolls back the transactions (like shutdown immediate) – -m immediate -> abort server processes and lead to crash-recovery (like shutdown abort) PGDATA must be correctly specified!
PostgreSQL28 26/10/2017 Architecture
Cluster, instance, database, what? PostgreSQL29 26/10/2017 A cluster is an instance of postgreSQL containing many databases – Conceptually similar to MySQL, SQL Server and Oracle Pluggable Databases Host Cluster pgclust1 (port 5432) Cluster pgclust2 (port 5433) postgres template0 template1 postgres template0 template1 userdb1 userdb2 userdb3 userdb4 userdb5 userdb6
Default Databases PostgreSQL30 26/10/2017 Postgres – Is the «SYSTEM» or «master» database – It contains system tables, views, procedures, metadata, definition of users and roles, etc. Template0 – Read-only, empty database used for creating VERY EMPTY databases (like PDS$SEED in Oracle) Template1 – Read-write database, generally empty, might be modified and it is the default template for new databases (like model in SQL Server)
User processes (backend) User processes (backend) Background processes Background processes Overall Architecture: client-server interaction PostgreSQL31 26/10/2017 Server Cluster DISK Client Application libpq Background processes User processes (backend) 1 2 3 Shared memory Shared Buffers WAL Sort OS Cache CLOG Other
Overall Architecture: background processes PostgreSQL32 26/10/2017 Server Cluster instance DISK User processes (backend) User processes (backend) User processes (backend) OS Cache Shared memory Shared Buffers Sort WAL CLOG Other Postgres daemon * WAL writer * Once called «postmaster process» writer Check pointerlogger archiver Stats collector Autovacuum launcher WAL sender WAL receiver data WAL Archived WAL
Mandatory background processes PostgreSQL33 26/10/2017 Postgres (A.K.A. postmaster) – Gets connection requests, authenticates them and spawns backend processes Checkpointer – Writes dirty pages to disk and registers the checkpoint Writer – The «Lazy writer» that writes pages to disk in small increments WAL Writer – Flushes the WAL buffer to disk (in WAL files) at every commit
Optional background processes PostgreSQL34 26/10/2017 Logger – Writes to the «alert log» or whatevrt log is configured Autovacuum Launcher Process – Automates VACUUM and ANALYZE commands Stats Collector – Collects information about the cluster activity WAL Sender and Receiver – Respectively sends WAL to a standby and receives WAL from primary
After Image: Write Ahead Logs PostgreSQL35 26/10/2017 WAL Buffer Shared Buffers WAL File DATA File1 read 2 log 3 modify 4 commit WAL writer writer Check pointer 5 Commited! 6 write
Before Image: more complicated! PostgreSQL36 26/10/2017 Oracle has Rollback Segments (UNDO mechanism) – Provides consistent reads while writes happen – The block is overwritten and the old image is saved in the UNDO tablespace SQL Server has NO rollback segments for read consistency – Writes lock reads and viceversa – Unless a special mechanism is implemented (ALLOW_SNAPSHOT_ISOLATION) PostgreSQL has NO rollback segments – But provides consistent reads while writes happen. How? – The new image is written in a new location while the previous image is left intact
Before Image: explanation PostgreSQL37 26/10/2017 Every time a row is updated, the new version is stored in a new location Page Case 1: same page 1,’bb’,test2 2,’cc’,test3 0,’aa’,test1’ Case 2: different page
Before Image: explanation PostgreSQL38 26/10/2017 Every time a row is updated, the new version is stored in a new location Page Case 1: same page 1,’bb’,test2 2,’cc’,test3 0,’aa’,test1’ Case 2: different page UPDATE t SET col2=‘test4’ WHERE col0=1; 1,’bb’,test4NEW OLD
Before Image: explanation PostgreSQL39 26/10/2017 Every time a row is updated, the new version is stored in a new location Page Case 1: same page 1,’bb’,test2 2,’cc’,test3 0,’aa’,test1’ Case 2: different page UPDATE t SET col2=‘test4’ WHERE col0=1; 1,’bb’,test4NEW OLD Page x 2,’cc’,test3 0,’aa’,test1’ 1,’bb’,test2 3,’dd’,test4
Before Image: explanation PostgreSQL40 26/10/2017 Every time a row is updated, the new version is stored in a new location Page Case 1: same page 1,’bb’,test2 2,’cc’,test3 0,’aa’,test1’ Case 2: different page UPDATE t SET col2=‘test4’ WHERE col0=1; 1,’bb’,test4NEW OLD UPDATE t SET col2=‘test4’ WHERE col0=1; Page x 2,’cc’,test3 0,’aa’,test1’ Page y 1,’bb’,test2 3,’dd’,test4 1,’bb’,test4 OLD NEW
Before Images, Indexes and Visibility Maps PostgreSQL41 26/10/2017 Page 0 2,’cc’,test3 0,’aa’,test1’ 1,’bb’,test2 3,’dd’,test4 HEAP HEAP_VM 01 Bt Page 1 [0,4] 2,’cc’ [0,2] 0,’aa’’ [0,3] 1,’bb’ [0,1] 3,’dd’ INDEX ON (ID, COL1)
Before Images, Indexes and Visibility Maps PostgreSQL42 26/10/2017 Page 0 2,’cc’,test3 0,’aa’,test1’ 1,’bb’,test2 3,’dd’,test4 HEAP HEAP_VM 01 Bt Page 1 [0,4] 2,’cc’ [0,2] 0,’aa’’ [0,3] 1,’bb’ [0,1] 3,’dd’ INDEX ON (ID, COL1) INDEX ONLY SCANS
Before Images, Indexes and Visibility Maps PostgreSQL43 26/10/2017 Page 0 2,’cc’,test3 0,’aa’,test1’ Page 1 1,’bb’,test2 3,’dd’,test4 1,’bb’,test4 OLD NEW HEAP HEAP_VM 00 00 Bt Page 1 INDEX ON (ID, COL1) [1,1] 1,’bb’ [0,4] 2,’cc’ [0,2] 0,’aa’’ [0,3] 1,’bb’ [0,1] 3,’dd’ NEW OLD
Before Images, Indexes and Visibility Maps PostgreSQL44 26/10/2017 Page 0 2,’cc’,test3 0,’aa’,test1’ Page 1 1,’bb’,test2 3,’dd’,test4 1,’bb’,test4 HEAP HEAP_VM 00 00 Bt Page 1 INDEX ON (ID, COL1) [1,1] 1,’bb’ [0,4] 2,’cc’ [0,2] 0,’aa’’ [0,3] 1,’bb’ [0,1] 3,’dd’ INDEX ONLY SCANS
Before Images, Indexes and Visibility Maps PostgreSQL45 26/10/2017 Page 0 2,’cc’,test3 0,’aa’,test1’ Page 1 1,’bb’,test2 3,’dd’,test4 1,’bb’,test4 OLD NEW HEAP HEAP_VM 01 01 Bt Page 1 INDEX ON (ID, COL1) [1,1] 1,’bb’ [0,4] 2,’cc’ [0,2] 0,’aa’’ [0,3] 1,’bb’ [0,1] 3,’dd’ NEW OLD VACUUM
Pros and Cons of this implementation PostgreSQL46 26/10/2017 Pros (compared to Oracle) – No need for Rollback Segments, no ORA-01555 for rollback segments too small  Cons – High modification == High Fragmentation! VACUUM required – When a tuple is modified AND changes of page, its address changes! • Need to update ALL the indexes that point to it, regardless if the modified column is indexed • This is the famous «write amplification» problem in PostgreSQL • The table fillfactor (equivalent of pctused) mitigates the problem • Vacuum becomes critical for performance
VACUUM PostgreSQL47 26/10/2017 Must be performed regularly in order to – Reclaim space occupied by old tuple images – Update data statistics used by the query planner – Update the visibility map – Reset the transaction ID of old blocks to prevent wraparound A default VACUUM is executed regularly by default – Many parameters help in the VACUUM fine-tuning Manual VACUUMing is possible
Transaction ID (XID) wraparounds PostgreSQL48 26/10/2017 OLDEST ACTIVE TRANSACTION OLDEST TRANSACTION ID XID is 32 bit long: max 4bln XIDs – 2bln (2^31) in the past – 2bln (2^31) in the future XIDs in the future are invisible (per read consistency) If an old Tuple wraps around, it will become invisible: WRONG! WRAPAROUND POINT NOW
Transaction ID (XID) wraparounds - solution PostgreSQL49 26/10/2017 OLDEST ACTIVE TRANSACTION OLDEST TRANSACTION ID The VACUUM stamps the tuples as Frozen after they become older than the freezing point Frozen means that the tuples are visible regardless of the Transaction ID Not elegant, but effective solution VACUUM again plays an important role NOW FREEZING POINT
The Oversized-Attribute Storage Technique (TOAST) PostgreSQL50 26/10/2017 Support for very large columns lob_test=# create table t (id integer, toast varchar(1000000)); CREATE TABLE lob_test=# insert into t values (1, rpad('x',1000000)); INSERT 0 1
The Oversized-Attribute Storage Technique (TOAST) PostgreSQL51 26/10/2017 Support for very large columns lob_test=# create table t (id integer, toast varchar(1000000)); CREATE TABLE lob_test=# insert into t values (1, rpad('x',1000000)); INSERT 0 1 lob_test=# select relfilenode, reltoastrelid lob_test-# from pg_class where relname='t'; relfilenode | reltoastrelid -------------+--------------- 16853 | 16856 (1 row) Each table with extended columns has a dedicated TOAST segment
The Oversized-Attribute Storage Technique (TOAST) PostgreSQL52 26/10/2017 e.g.: 64k column
The Oversized-Attribute Storage Technique (TOAST) PostgreSQL53 26/10/2017 e.g.: 64k column Split in 2048 bytes chunks
The Oversized-Attribute Storage Technique (TOAST) PostgreSQL54 26/10/2017 Split in 2048 bytes chunks Individual chunk compression via lz_compress e.g.: 64k column
The Oversized-Attribute Storage Technique (TOAST) PostgreSQL55 26/10/2017 Split in 2048 bytes chunks Individual chunk compression via lz_compress Compressed chunks inserted as rows in the TOAST table e.g.: 64k column
The Oversized-Attribute Storage Technique (TOAST) PostgreSQL56 26/10/2017 Split in 2048 bytes chunks Individual chunk compression via lz_compress Compressed chunks inserted as rows in the TOAS table e.g.: 64k column Nice replacement for LOBs!!
Architectural Oddities #1 : Constraints enforced per row PostgreSQL57 26/10/2017 The doc says constraints are enforced per statement Actually, they are enforced PER ROW This lead to unexpected behaviours depending on row placement and access * pagila=# insert into demo values(2); INSERT 0 1 pagila=# insert into demo values(1); INSERT 0 1 pagila=# update demo set n=n+1; UPDATE 2 pagila=# insert into demo values(1); INSERT 0 1 pagila=# insert into demo values(2); INSERT 0 1 pagila=# update demo set n=n+1; ERROR: duplicate key value violates unique constraint "demo_pk" DETAIL: Key (n)=(2) already exists. pagila=# create table demo (n integer not null); CREATE TABLE pagila=# alter table demo add constraint demo_pk primary key(n); ALTER TABLE * Unless declared as deferrable
Architectural Oddities #2: Classic Large Objects PostgreSQL58 26/10/2017 The Large Objects are not part of a table (even not logically) They are just referenced by the columns As result: – Large Objects and Tables might have different owners (see next chapter) – Large Objects might be referenced by multiple rows/tables – Large Objects are not deleted when the rows are deleted – Large Objects housekeeping is a routine task! (use vacuumlo binary for this) Some insights about LOBs here: – http://www.ludovicocaldara.net/dba/pgsql-lo-space-usage-part-3/
Architectural Oddities #3: Rollback on statement error PostgreSQL59 26/10/2017 With Oracle, in the middle of a transaction an error will rollback just the last statement With PostgreSQL, in the middle of a transaction an error will rollback all the previous statements – Developers relying on this behavior must be careful – Using save points might do the job db=# BEGIN; BEGIN db=# INSERT INTO t VALUES (1); INSERT 0 1 db=# SELECT 0/0; ERROR: division by zero db=# select * from t; ERROR: current transaction is aborted, commands ignored until end of transaction block db=# commit; ROLLBACK
Digging the internals PostgreSQL60 26/10/2017 Open Source: RTFC (Read That F* Code!) The source code is complex but rich of explanations https://doxygen.postgresql.org/
PostgreSQL61 26/10/2017 Authentication and Authorization
Authentication PostgreSQL62 26/10/2017 Authentication != Authorization A user must authenticate to the server, the user must already exist! – create role myuser with login; PostgreSQL supports mixed authentication Mixed authentication allows nice security features. E.g. – Active Directory-Based authentication for individuals – Password authentication for traditional application users – Client certificate authentication for batches and secure applications
Authentication (cont.) PostgreSQL63 26/10/2017 pge_hba.conf: the first line that matches wins. Real example: # TYPE DATABASE USER ADDRESS METHOD host all +ldap_users 0.0.0.0/0 ldap ldapserver=ldap.trivadis.com ldapport=389 ldapprefix="uid=" ldapsuffix=",ou=people,dc=trivadis,dc=com" hostssl all +sslcertusers 0.0.0.0/0 trust clientcert=1 local all postgres peer map=dba host all all 0.0.0.0/0 md5 local hostnossl host hostssl all replication sameuser samerole dbname all user +group @incfile all samehost samenet IP range trust reject md5 password gss sspi ident peer ldap radius cert pam
Authentication maps PostgreSQL64 26/10/2017 With maps, the mapped users can connect with a different username. – E.g. all the dba can connect locally as postgres: # TYPE DATABASE USER METHOD local all postgres peer map=dba The file ident.conf contains the maps: #map osuser dbuser dba luc postgres dba zam postgres dba jko postgres dba bir postgres dba efu postgres
Authentication - inheritance PostgreSQL65 26/10/2017 Oracle has USERS and ROLES. PostgreSQL manages everything as a ROLE: A role can inherit another role: – A user is a role with login privilege – A role can be granted to another role -> inheritance, grouping – A role itself might be granted to login – A user can set a role and «become» that role – A schema is not a user or role but an object namespace – It sounds complicated but it is not (once you get it) «public» exists but it is actually a hidden role.
Creating a group and a user PostgreSQL66 26/10/2017 postgres=# create role mygroup; CREATE ROLE postgres=# du mygroup List of roles Role name | Attributes | Member of -----------+--------------+----------- mygroup | Cannot login | {} postgres=# create role myuser with login in group mygroup; CREATE ROLE postgres=# du myuser List of roles Role name | Attributes | Member of -----------+------------+----------- myuser | | {mygroup}
A more complex example PostgreSQL67 26/10/2017 # TYPE DATABASE USER ADDRESS METHOD host all +ldap_users 0.0.0.0/0 ldap postgres=# create role ldap_users; -- for the LDAP authentication CREATE ROLE postgres=# create role pagila with login; -- for the application CREATE ROLE postgres=# create role luc with login in group ldap_users, pagila; CREATE ROLE postgres=# c pagila You are now connected to database "pagila" as user "postgres". pagila=# grant all privileges on schema public to pagila; GRANT postgres=#
A more complex example (cont.) PostgreSQL68 26/10/2017 List of roles Role name | Attributes | Member of -------------+---------------------------+------------------- ldap_users | Cannot login | {} pagila | | {} luc | | {pagila,ldap_users} # psql –U luc –h $HOSTNAME –p $PGPORT pagila Password for user luc: pagila=> set role pagila; SET pagila=> select session_user, user; session_user | current_user --------------+-------------- luc | pagila (1 row)
Schemas PostgreSQL69 26/10/2017 ROLES postgres user1 user2 user3 user4 DATABASE PUBLIC SCHEMA1 SCHEMA2 TABLE1 TABLE2 TABLE3 TABLE4 HAS GRANT / OWNS
Schemas: Namespace search PostgreSQL70 26/10/2017 Public schema exists by default Non-quilified objects are created in the public schema The default search_path is "$user", public pagila=# CREATE TABLE t1 (a varchar(50)); CREATE TABLE pagila=# dt t1 List of relations Schema | Name | Type | Owner --------+------+-------+---------- public | t1 | table | postgres (1 row) pagila=# select * from t1; a --- (0 rows)
Schemas: Namespace search (cont.) PostgreSQL71 26/10/2017 Other schemas must be specified upon object creation: pagila=# CREATE SCHEMA schema1; CREATE SCHEMA pagila =# CREATE TABLE schema1.t2 (a varchar(50)); CREATE TABLE The schema must be specified to find the object, unless you modify the search space pagila =# dt t2 No matching relations found. pagila =# SET search_path=public,schema1; SET pagila =# dt t2 List of relations Schema | Name | Type | Owner ---------+------+-------+---------- schema1 | t2 | table | postgres (1 row) OWNER != SCHEMA
Schema Privileges PostgreSQL72 26/10/2017 Users own schemas or objects in their own or someone else’s schemas Access to the objects is granted by respective owners pagila=# GRANT CREATE ON SCHEMA public TO luc; GRANT … as luc pagila=> CREATE TABLE ludovico_table (a varchar(50)); CREATE pagila=> dt ludovico_table List of relations Schema | Name | Type | Owner --------+----------------+-------+------- public | ludovico_table | table | luc (1 row) pagila=> GRANT SELECT ON ludovico_table TO ...
Default privileges PostgreSQL73 26/10/2017 The default permissions on a schema might be changed if necessary ALTER DEFAULT PRIVILEGES [ FOR { ROLE | USER } target_role [, ...] ] [ IN SCHEMA schema_name [, ...] ] GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER } [, ...] | ALL [ PRIVILEGES ] } ON TABLES TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]
Hardening tips PostgreSQL74 26/10/2017 Believe it or not, public can write in the postgres public schema… – postgres=# revoke all privileges on schema public from public; The same applies to the template1… you might want to change it too – template1=# revoke all privileges on schema public from public;
Audit PostgreSQL77 26/10/2017 No embedded module for auditing 3rd parties module pgaudit exists and it the standard de-facto – Recommended by US Department of Defense – https://www.crunchydata.com/postgres-stig/PGSQL-STIG-9.5+.pdf – shared_preload_libraries ='pgaudit‘ pgaudit.log_catalog='on‘ pgaudit.log_level='log‘ pgaudit.log_parameter='on‘ pgaudit.log_relation='off‘ pgaudit.log_statement_once='off‘ pgaudit.log='ddl, role, write' – Supplemental work required to analyze data
Pgaudit installation PostgreSQL78 26/10/2017 Download pgaudit-REL9_6_STABLE.zip unzip pgaudit-REL9_6_STABLE.zip cd pgaudit-REL9_6_STABLE set PATH to PostgreSQL binary make USE_PGXS=1 install Modify PostgreSQL.conf (previous slide) Restart the cluster
PostgreSQL79 26/10/2017 Operations: Backup/Recovery
Base Backup: it backs up the whole cluster! PostgreSQL80 26/10/2017 With the whole cluster, all the databases are backed up The WAL files can be applied on a base backup: PITR possible $ pg_basebackup -D $BACKUP_DEST -Ft -z -l $Label -U postgres $ ls –l $BACKUP_DEST -rw-rw---- 1 postgres postgres 5703169 Jul 11 21:15 base.tar.gz It creates a tar.gz with the necessary files Fuzzy datafiles: they will need recovery
WAL Backups: WAL introduction PostgreSQL81 26/10/2017 WAL files are a mix between online logs and archive logs – They contains after images needed for recovery – If archive mode is OFF, WAL files are recycled – If archive mode is ON, they are not recycled but they need to be archived – Archival is ran using the command specified in archive_command parameter – Impossible to archive: WAL filesystem fills up -> databases hang! WAL files size is 16MB (fixed, defined at compile time) Archive_timeout -> similar to archive_lag_target
WAL Backups: parameters PostgreSQL82 26/10/2017 wal_level = replica archive_mode = on archive_command = 'test ! -f /u02/data/postgres/backup/pgts962i/archive/%f && cp %p /u02/data/postgres/backup/pgts962i/archive/%f' archive_timeout = 1800 WAL files should be archived on a remote server You can mimic Oracle by archiving WALs locally and then save asynchronously on tape – But then it’s up to YOU to restore them correctly
Restoring a Base Backup PostgreSQL83 26/10/2017 Without point-in-time recover – Just uncompress the base backup in the original location and start the cluster – It will restore at the time the backup was taken With point-in-time recover – Uncompress the base backup – Prepare a recovery.conf file in the $PGDATA directory containing: restore_command='cp /u02/data/postgres/backup/pgts962i/archive/%f %p‘ recovery_target_time = ‘your time here‘ – Start the cluster – ATTENTION! Archives not found -> earlier recovery point WITHOUT ERRORS
Database Dump PostgreSQL84 26/10/2017 pg_dump dumps the content of a single database (in text or proprietary format) Very close to Oracle Exp/Imp and Mysql Dump It does NOT allow further recovery -> recovery point = time of the dump Example: – pg_dump -U postgres --format=c --file=dbname.dump dbname Pg_dump saves grants but not users definitions or other global objects To dump users definitions: – pg_dumpall -g --file=global.dump Pg_dumpall can be used to dump the cluster content as a whole (including data)
Database Restore PostgreSQL85 26/10/2017 pg_Restore restores a dump created with pg_dump – pg_restore –U postgres –d dbname dbname.dump Several options exist. My favorite: – When target database exists -> drop and recreate it – When target database dows not exist -> create it empty Grants on non-existing users will fail (e.g. restore on new cluster) – Restore the global objects beforehand
PostgreSQL86 26/10/2017 Operations: Monitoring
EDB Postgres Enterprise Manager (PEM) PostgreSQL87 26/10/2017 Web based since release 7 Monitors availability, performance Many checks Some bugs Some features are PPAS specific
Other 3rd party Monitoring Solutions PostgreSQL88 26/10/2017 On-premises – Generic: ManageEngine, SolarWinds, Munin, Zabbix, Cacti – Specific: Open PostgreSQL Monitoring (OPM), pgwatch, PGObserver Cloud-based (SaaS) – Generic: LogicMonitor, NewRelic, DataDog, Okmeter – Specific: pganalyze, pgAnalytics
Instrumentation PostgreSQL89 26/10/2017 Like every database, monitoring is influenced by instrumentation PostgreSQL is getting better instrumentation – Since PostgreSQL 9.6: wait interface – Waits are documented here: https://www.postgresql.org/docs/9.6/static/monitoring-stats.html#WAIT-EVENT- TABLE – Module pg_stat_statements collects waits and activities at statement level – Other modules exist, still not comparable to ASH (e.g. pg_statsinfo)
Pg_stat_statements example PostgreSQL90 26/10/2017
PostgreSQL91 26/10/2017 SQL Standards and Programmability
SQL Standards and Programmability PostgreSQL92 26/10/2017 Rich SQL: https://www.postgresql.org/docs/current/static/sql.html Nice features (e.g. Row Level Security, advanced datatypes (e.g. ipv4)) pg/plsql is «SIMILAR» to PL/SQL
PostgreSQL93 26/10/2017 External Plugins
External plugins and additional modules PostgreSQL94 26/10/2017 Open Source -> extendible Many 3rd party projects make PostgreSQL very powerful Examples – PostGIS -> Spatial features for PostgreSQL (http://www.postgis.org/) – PgRouting -> adds routing algorithms to PostGIS – Bloom -> Enable index access based on bloom filters – postgres-fdw -> Enable DB Links to external instances (including other RDBMS) – Hstore -> key-value data type – Many others!
Questions? 26/10/2017 PostgreSQL97 Ludovico Caldara ACE Director, Senior Consultant Tél. +41 79 909 72 75 ludovico.caldara@trivadis.com

More Related Content

PPTX
Microsoft azure database offerings
Guruprasad Vijayarao
 
ODP
Introduction to PostgreSQL
Jim Mlodgenski
 
PPTX
How to configure the cluster based on Multi-site (WAN) configuration
Akihiro Kitada
 
PDF
Microsoft SQL Server - Files and Filegroups
Naji El Kotob
 
PDF
Architecture of exadata database machine – Part II
Paresh Nayak,OCP®,Prince2®
 
DOCX
Oracle architecture
Soumya Das
 
PDF
tempdb and Performance Keys
Naji El Kotob
 
PPT
Oracle 10g Introduction 1
Eryk Budi Pratama
 
Microsoft azure database offerings
Guruprasad Vijayarao
 
Introduction to PostgreSQL
Jim Mlodgenski
 
How to configure the cluster based on Multi-site (WAN) configuration
Akihiro Kitada
 
Microsoft SQL Server - Files and Filegroups
Naji El Kotob
 
Architecture of exadata database machine – Part II
Paresh Nayak,OCP®,Prince2®
 
Oracle architecture
Soumya Das
 
tempdb and Performance Keys
Naji El Kotob
 
Oracle 10g Introduction 1
Eryk Budi Pratama
 

What's hot (20)

PPTX
Oracle Basics and Architecture
Sidney Chen
 
PDF
Oracle db architecture
Simon Huang
 
PDF
Oracle Multitenant Database 2.0 - Improvements in Oracle Database 12c Release 2
Markus Flechtner
 
PDF
153 Oracle dba interview questions
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
PDF
The Google Bigtable
Romain Jacotin
 
PDF
Hadoop HDFS
Vigen Sahakyan
 
PDF
Presentation oracle net services
xKinAnx
 
PDF
Google Bigtable Paper Presentation
vanjakom
 
DOC
IBM DB2 LUW/UDB DBA Training by www.etraining.guru
Ravikumar Nandigam
 
PPTX
Postgresql Database Administration Basic - Day1
PoguttuezhiniVP
 
PDF
DBA 101 : Calling all New Database Administrators (WP)
Gustavo Rene Antunez
 
PPTX
Using oracle12c pluggable databases to archive
Secure-24
 
PDF
Intro to HBase
alexbaranau
 
PDF
PostgreSQL Replication High Availability Methods
Mydbops
 
PDF
DBA oracle
Douglas Bernardini
 
PDF
Analyze corefile and backtraces with GDB for Mysql/MariaDB on Linux - Nilanda...
Mydbops
 
PDF
Introduction to Postrges-XC
Ashutosh Bapat
 
PPTX
Oracle 12c - Multitenant Feature
Vigilant Technologies
 
PPT
Introduction to oracle(2)
Sumit Tambe
 
PPT
Introduction to oracle
Sumit Tambe
 
Oracle Basics and Architecture
Sidney Chen
 
Oracle db architecture
Simon Huang
 
Oracle Multitenant Database 2.0 - Improvements in Oracle Database 12c Release 2
Markus Flechtner
 
153 Oracle dba interview questions
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
The Google Bigtable
Romain Jacotin
 
Hadoop HDFS
Vigen Sahakyan
 
Presentation oracle net services
xKinAnx
 
Google Bigtable Paper Presentation
vanjakom
 
IBM DB2 LUW/UDB DBA Training by www.etraining.guru
Ravikumar Nandigam
 
Postgresql Database Administration Basic - Day1
PoguttuezhiniVP
 
DBA 101 : Calling all New Database Administrators (WP)
Gustavo Rene Antunez
 
Using oracle12c pluggable databases to archive
Secure-24
 
Intro to HBase
alexbaranau
 
PostgreSQL Replication High Availability Methods
Mydbops
 
DBA oracle
Douglas Bernardini
 
Analyze corefile and backtraces with GDB for Mysql/MariaDB on Linux - Nilanda...
Mydbops
 
Introduction to Postrges-XC
Ashutosh Bapat
 
Oracle 12c - Multitenant Feature
Vigilant Technologies
 
Introduction to oracle(2)
Sumit Tambe
 
Introduction to oracle
Sumit Tambe
 
Ad

Similar to Trivadis TechEvent 2017 PostgreSQL für die (Orakel) DBA by Ludovico Caldara (20)

PDF
Exploring Postgres with Bruce Momjian
EDB
 
PDF
PostgreSQL Prologue
Md. Golam Hossain
 
PDF
Everything You Wanted to Know About Databases (Keith).pdf
All Things Open
 
PDF
PostgreSQL 10; Long Awaited Enterprise Solutions
Julyanto SUTANDANG
 
PDF
9.6_Course Material-Postgresql_002.pdf
sreedb2
 
PDF
Whats wrong with postgres | PGConf EU 2019 | Craig Kerstiens
Citus Data
 
PPTX
Postgre sql best_practices
Jacques Kostic
 
PPTX
Postgre sql best_practices
Emiliano Fusaglia
 
PPTX
TechEvent PostgreSQL Best Practices
Trivadis
 
PDF
Beyond Postgres: Interesting Projects, Tools and forks
Sameer Kumar
 
PDF
Bn 1016 demo postgre sql-online-training
conline training
 
PDF
Lessons PostgreSQL learned from commercial databases, and didn’t
PGConf APAC
 
PDF
0292-introduction-postgresql.pdf
Mustafa Keskin
 
PDF
10 things, an Oracle DBA should care about when moving to PostgreSQL
PostgreSQL-Consulting
 
PDF
Which postgres is_right_for_me_20130517
EDB
 
PPTX
Getting started with postgresql
botsplash.com
 
PDF
Oracle to Postgres Migration - part 2
PgTraining
 
PPTX
Easy Installation and Setup of PostgreSQL on Linux, OSX, & Windows
haroonm
 
PDF
Which Postgres is Right for You? - Part 2
EDB
 
PDF
A Comparison of EDB Postgres to Self-Supported PostgreSQL
EDB
 
Exploring Postgres with Bruce Momjian
EDB
 
PostgreSQL Prologue
Md. Golam Hossain
 
Everything You Wanted to Know About Databases (Keith).pdf
All Things Open
 
PostgreSQL 10; Long Awaited Enterprise Solutions
Julyanto SUTANDANG
 
9.6_Course Material-Postgresql_002.pdf
sreedb2
 
Whats wrong with postgres | PGConf EU 2019 | Craig Kerstiens
Citus Data
 
Postgre sql best_practices
Jacques Kostic
 
Postgre sql best_practices
Emiliano Fusaglia
 
TechEvent PostgreSQL Best Practices
Trivadis
 
Beyond Postgres: Interesting Projects, Tools and forks
Sameer Kumar
 
Bn 1016 demo postgre sql-online-training
conline training
 
Lessons PostgreSQL learned from commercial databases, and didn’t
PGConf APAC
 
0292-introduction-postgresql.pdf
Mustafa Keskin
 
10 things, an Oracle DBA should care about when moving to PostgreSQL
PostgreSQL-Consulting
 
Which postgres is_right_for_me_20130517
EDB
 
Getting started with postgresql
botsplash.com
 
Oracle to Postgres Migration - part 2
PgTraining
 
Easy Installation and Setup of PostgreSQL on Linux, OSX, & Windows
haroonm
 
Which Postgres is Right for You? - Part 2
EDB
 
A Comparison of EDB Postgres to Self-Supported PostgreSQL
EDB
 
Ad

More from Trivadis (20)

PDF
Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...
Trivadis
 
PDF
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Trivadis
 
PDF
Azure Days 2019: Business Intelligence auf Azure (Marco Amhof & Yves Mauron)
Trivadis
 
PDF
Azure Days 2019: Master the Move to Azure (Konrad Brunner)
Trivadis
 
PDF
Azure Days 2019: Keynote Azure Switzerland – Status Quo und Ausblick (Primo A...
Trivadis
 
PDF
Azure Days 2019: Grösser und Komplexer ist nicht immer besser (Meinrad Weiss)
Trivadis
 
PDF
Azure Days 2019: Get Connected with Azure API Management (Gerry Keune & Stefa...
Trivadis
 
PDF
Azure Days 2019: Infrastructure as Code auf Azure (Jonas Wanninger & Daniel H...
Trivadis
 
PDF
Azure Days 2019: Wie bringt man eine Data Analytics Plattform in die Cloud? (...
Trivadis
 
PDF
Azure Days 2019: Azure@Helsana: Die Erweiterung von Dynamics CRM mit Azure Po...
Trivadis
 
PDF
TechEvent 2019: Kundenstory - Kein Angebot, kein Auftrag – Wie Du ein individ...
Trivadis
 
PDF
TechEvent 2019: Oracle Database Appliance M/L - Erfahrungen und Erfolgsmethod...
Trivadis
 
PDF
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
Trivadis
 
PDF
TechEvent 2019: Trivadis & Swisscom Partner Angebote; Konrad Häfeli, Markus O...
Trivadis
 
PDF
TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...
Trivadis
 
PDF
TechEvent 2019: Status of the partnership Trivadis and EDB - Comparing Postgr...
Trivadis
 
PDF
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
Trivadis
 
PDF
TechEvent 2019: Kundenstory - Vom Hauptmann zu Köpenick zum Polizisten 2020 -...
Trivadis
 
PDF
TechEvent 2019: Vom Rechenzentrum in die Oracle Cloud - Übertragungsmethoden;...
Trivadis
 
PDF
TechEvent 2019: The sleeping Power of Data; Eberhard Lösch - Trivadis
Trivadis
 
Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...
Trivadis
 
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Trivadis
 
Azure Days 2019: Business Intelligence auf Azure (Marco Amhof & Yves Mauron)
Trivadis
 
Azure Days 2019: Master the Move to Azure (Konrad Brunner)
Trivadis
 
Azure Days 2019: Keynote Azure Switzerland – Status Quo und Ausblick (Primo A...
Trivadis
 
Azure Days 2019: Grösser und Komplexer ist nicht immer besser (Meinrad Weiss)
Trivadis
 
Azure Days 2019: Get Connected with Azure API Management (Gerry Keune & Stefa...
Trivadis
 
Azure Days 2019: Infrastructure as Code auf Azure (Jonas Wanninger & Daniel H...
Trivadis
 
Azure Days 2019: Wie bringt man eine Data Analytics Plattform in die Cloud? (...
Trivadis
 
Azure Days 2019: Azure@Helsana: Die Erweiterung von Dynamics CRM mit Azure Po...
Trivadis
 
TechEvent 2019: Kundenstory - Kein Angebot, kein Auftrag – Wie Du ein individ...
Trivadis
 
TechEvent 2019: Oracle Database Appliance M/L - Erfahrungen und Erfolgsmethod...
Trivadis
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
Trivadis
 
TechEvent 2019: Trivadis & Swisscom Partner Angebote; Konrad Häfeli, Markus O...
Trivadis
 
TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...
Trivadis
 
TechEvent 2019: Status of the partnership Trivadis and EDB - Comparing Postgr...
Trivadis
 
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
Trivadis
 
TechEvent 2019: Kundenstory - Vom Hauptmann zu Köpenick zum Polizisten 2020 -...
Trivadis
 
TechEvent 2019: Vom Rechenzentrum in die Oracle Cloud - Übertragungsmethoden;...
Trivadis
 
TechEvent 2019: The sleeping Power of Data; Eberhard Lösch - Trivadis
Trivadis
 

Recently uploaded (20)

PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
A Presentation on Artificial Intelligence
memembruh336
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 

Trivadis TechEvent 2017 PostgreSQL für die (Orakel) DBA by Ludovico Caldara

  • 1. BÂLE BERNE BRUGG DUSSELDORF FRANCFORT S.M. FRIBOURG E.BR. GENÈVE HAMBOURG COPENHAGUE LAUSANNE MUNICH STUTTGART VIENNE ZURICH PostgreSQL für die (Orakel) DBA Ludovico Caldara Oracle ACE Director Trivadis AG
  • 3. DB-Engines Ranking of RDBMS (Feb 2017) PostgreSQL3 26/10/2017
  • 5. PostgreSQL awareness… PostgreSQL5 26/10/2017 It is an Open-Source, advanced RDBMS It supports modern SQL constructs But … it is much less broaden than Oracle and MySQL – So why we care about it?
  • 6. PostgreSQL awareness… (cont.) PostgreSQL6 26/10/2017 More and more customers are upset with Oracle – High costs (http://www.oracle.com/us/corporate/pricing/technology-price-list- 070617.pdf) – Lower support quality over the years – Aggressive License auditing – On-premises strategy (and roadmap) is not promising – Unfriendly with 3rd party clouds (https://oracle-base.com/blog/2017/01/28/oracles- cloud-licensing-change-be-warned/)
  • 7. PostgreSQL awareness… (cont.) PostgreSQL7 26/10/2017 PostgreSQL is the RDBMS most close to Oracle – Feature set – SQL Dialect – Procedural Language For a fraction of the price! (or completely free) Many respected developers endorse it: – Markus Winand – Lukas Eder – Felix Geisendörfer
  • 8. SQL Standards adherence at a glance PostgreSQL8 26/10/2017 MYSQL 5.7 PostgreSQL 9.6 SQLite DB2 11.1 Oracle 12.1 SQL Server 2016 SQL Standards SQL:1999 LATERAL SQL:1999 GROUPING SETS SQL:1999 WITH SQL:1999 WITH RECURSIVE SQL:2003 FILTER SQL:2003 OVER SQL:2003 WITHIN GROUP SQL:2003 TABLESAMPLE SQL:2008 FETCH FIRST SQL:2011 OFFSET SQL:2011 OVER SQL:2011 TEMPORAL TABLES SQL:2016 ROW PATTERN MATHING Source: https://www.slideshare.net/MarkusWinand/modern-sql
  • 10. EnterpriseDB Standard PostgreSQL11 26/10/2017 https://www.enterprisedb.com/products/subscriptions Standard PostgreSQL Subscription – «Almost» vanilla version but pre-packaged – EDB Postgres Enterprise Manager – EDB Postgres Failover Manager – EDB Postgres Replication Server – EDB Postgres Migration toolkit – Etc. Price: 1225€ per core (or vcore) / year (offer 2016)
  • 11. EnterpriseDB Advanced Server PostgreSQL12 26/10/2017 https://www.enterprisedb.com/products/subscriptions Commercial Subscription – All Standard features plus: – Enterprise Security (password profiles, PL Wrapping, session auditing) – Enterprise Performance (Partition by, optimizer hints) – Enterprise Development (see https://www.enterprisedb.com/products/compare-postgres- databases#securityfeatures for the full list) – Enterprise Management (Resource manager, extended catalog views) – Compatibility with Oracle (EDB*OCI, PL/SQL support, PL/SQL debugger) Price: 1750€ per core (or vcore) / year (offer 2016)
  • 12. 2ndQuadrant PostgreSQL13 26/10/2017 2ndQuadrant maintains and supports additional tools – Pglogical (replication) – Postgres-BDR (bi-directional replication) – Postgres-XL (parallel server scale-out) – Barman (backup and recovery) – Repmpr (replication failover) – Other tools for analytics
  • 14. Via Repositories (RPM, DEB) PostgreSQL15 26/10/2017 Standard distribution repositories – You may encounter unwanted upgrades if you upgrade everything – Great if a sysadmin need to maintain a single installation Official PostgreSQL YUM repository – A single RPM per version/architecture will install the correct YUM repository – Better control over what you install and when you upgrade – yum install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7- x86_64/pgdg-redhat96-9.6-3.noarch.rpm Limited to one installation per server/VM
  • 15. From source code PostgreSQL16 26/10/2017 Quite tedious (libraries dependencies, configure, make…) Follow the instructions: https://www.postgresql.org/docs/current/static/installation.html Not suitable for production, requires deep testing But great if you want to integrate patches or 3rd parties extentions or plugins
  • 16. Tarballs PostgreSQL17 26/10/2017 You can find tarballs here: https://www.enterprisedb.com/download-postgresql-binaries Great if you want multiple installations – Use Oracle Flexible Architecture! Easy: you can script your own installation using tarballs
  • 17. Installers PostgreSQL18 26/10/2017 PostgreSQL website points to the EnterpriseDB website for installers: https://www.enterprisedb.com/downloads/postgres-postgresql-downloads – They require root privileges: non-sense when customers have common security rules – Personally I use them as tarballs (no root privilege required) sudo -u postgres /path/to/postgresql-9.6.2-1-linux-x64.run --mode unattended --extract-only yes --prefix /u01/app/postgres/product/postgresql-9.6.2-1
  • 18. Initialization PostgreSQL20 26/10/2017 Tarballs and custom builds do not initialize the cluster – Use this command to do it: $ initdb --pgdata=$PGDATA --xlogdir=$PGXLOG --auth=md5 --data-checksums [other options] Basic hardening and parameter configuration is still needed! – Hardening: we will see it in another chapter. For now: pg_hba.conf -> defines authentication schemes pg_ident.conf -> defines user equivalency at OS level – Parameters: next slides In postgreSQL a cluster is the instance!
  • 19. Cluster directory structure PostgreSQL21 26/10/2017 Dir / File Content $PGDATA/postmaster.pid Pid file $PGDATA/postgresql.conf Config file $PGDATA/pg_log/ Log files (like alert) $PGDATA/base/<DB_ID>/<SEG_ID> Physical structures (tables, indexes) $PGDATA/pg_xlog/ WAL logfiles Full list of directories: https://www.postgresql.org/docs/current/static/storage-file-layout.html
  • 20. Basic parameter configuration PostgreSQL22 26/10/2017 $PGDATA/postgresql.conf -> just like init.ora shared_buffers – Kind of db_cache, but PostgreSQL uses heavily filesystem cache: different values! listen_addresses = ‘*’ – To which address it binds cluster_name – New in postgresql 9.5, useful to match processes with instances
  • 21. Basic parameter configuration (cont.) PostgreSQL23 26/10/2017 Max_connections Wal_* – WAL files are the after images (redo/archive logs) – configure them with the wal_* parameters Archive_* – WAL files needs to be archived somewhere – Configure the archiving with the archive_* parameters
  • 22. Important environment variables PostgreSQL24 26/10/2017 PGPORT – The port the cluster is listening to (must be unique for each cluster) PGDATA – The directory that contains all the cluster data
  • 24. Operations: start PostgreSQL26 26/10/2017 pg_ctl is the main command to stop and start the cluster pg_ctl start -w -o "-p $PGPORT" -D $PGDATA -l $PGOUTPUT – -w: wait for the start to complete – -o: options to be passed to the postgres command – -D: path to the data (must have permissions 700) – -l: path to the standard output (will have permissions 700)
  • 25. Operations: stop PostgreSQL27 26/10/2017 pg_ctl stop –m fast – -m smart -> waits for disconnects and end of backups (like shutdown normal) – -m fast -> rolls back the transactions (like shutdown immediate) – -m immediate -> abort server processes and lead to crash-recovery (like shutdown abort) PGDATA must be correctly specified!
  • 27. Cluster, instance, database, what? PostgreSQL29 26/10/2017 A cluster is an instance of postgreSQL containing many databases – Conceptually similar to MySQL, SQL Server and Oracle Pluggable Databases Host Cluster pgclust1 (port 5432) Cluster pgclust2 (port 5433) postgres template0 template1 postgres template0 template1 userdb1 userdb2 userdb3 userdb4 userdb5 userdb6
  • 28. Default Databases PostgreSQL30 26/10/2017 Postgres – Is the «SYSTEM» or «master» database – It contains system tables, views, procedures, metadata, definition of users and roles, etc. Template0 – Read-only, empty database used for creating VERY EMPTY databases (like PDS$SEED in Oracle) Template1 – Read-write database, generally empty, might be modified and it is the default template for new databases (like model in SQL Server)
  • 29. User processes (backend) User processes (backend) Background processes Background processes Overall Architecture: client-server interaction PostgreSQL31 26/10/2017 Server Cluster DISK Client Application libpq Background processes User processes (backend) 1 2 3 Shared memory Shared Buffers WAL Sort OS Cache CLOG Other
  • 30. Overall Architecture: background processes PostgreSQL32 26/10/2017 Server Cluster instance DISK User processes (backend) User processes (backend) User processes (backend) OS Cache Shared memory Shared Buffers Sort WAL CLOG Other Postgres daemon * WAL writer * Once called «postmaster process» writer Check pointerlogger archiver Stats collector Autovacuum launcher WAL sender WAL receiver data WAL Archived WAL
  • 31. Mandatory background processes PostgreSQL33 26/10/2017 Postgres (A.K.A. postmaster) – Gets connection requests, authenticates them and spawns backend processes Checkpointer – Writes dirty pages to disk and registers the checkpoint Writer – The «Lazy writer» that writes pages to disk in small increments WAL Writer – Flushes the WAL buffer to disk (in WAL files) at every commit
  • 32. Optional background processes PostgreSQL34 26/10/2017 Logger – Writes to the «alert log» or whatevrt log is configured Autovacuum Launcher Process – Automates VACUUM and ANALYZE commands Stats Collector – Collects information about the cluster activity WAL Sender and Receiver – Respectively sends WAL to a standby and receives WAL from primary
  • 33. After Image: Write Ahead Logs PostgreSQL35 26/10/2017 WAL Buffer Shared Buffers WAL File DATA File1 read 2 log 3 modify 4 commit WAL writer writer Check pointer 5 Commited! 6 write
  • 34. Before Image: more complicated! PostgreSQL36 26/10/2017 Oracle has Rollback Segments (UNDO mechanism) – Provides consistent reads while writes happen – The block is overwritten and the old image is saved in the UNDO tablespace SQL Server has NO rollback segments for read consistency – Writes lock reads and viceversa – Unless a special mechanism is implemented (ALLOW_SNAPSHOT_ISOLATION) PostgreSQL has NO rollback segments – But provides consistent reads while writes happen. How? – The new image is written in a new location while the previous image is left intact
  • 35. Before Image: explanation PostgreSQL37 26/10/2017 Every time a row is updated, the new version is stored in a new location Page Case 1: same page 1,’bb’,test2 2,’cc’,test3 0,’aa’,test1’ Case 2: different page
  • 36. Before Image: explanation PostgreSQL38 26/10/2017 Every time a row is updated, the new version is stored in a new location Page Case 1: same page 1,’bb’,test2 2,’cc’,test3 0,’aa’,test1’ Case 2: different page UPDATE t SET col2=‘test4’ WHERE col0=1; 1,’bb’,test4NEW OLD
  • 37. Before Image: explanation PostgreSQL39 26/10/2017 Every time a row is updated, the new version is stored in a new location Page Case 1: same page 1,’bb’,test2 2,’cc’,test3 0,’aa’,test1’ Case 2: different page UPDATE t SET col2=‘test4’ WHERE col0=1; 1,’bb’,test4NEW OLD Page x 2,’cc’,test3 0,’aa’,test1’ 1,’bb’,test2 3,’dd’,test4
  • 38. Before Image: explanation PostgreSQL40 26/10/2017 Every time a row is updated, the new version is stored in a new location Page Case 1: same page 1,’bb’,test2 2,’cc’,test3 0,’aa’,test1’ Case 2: different page UPDATE t SET col2=‘test4’ WHERE col0=1; 1,’bb’,test4NEW OLD UPDATE t SET col2=‘test4’ WHERE col0=1; Page x 2,’cc’,test3 0,’aa’,test1’ Page y 1,’bb’,test2 3,’dd’,test4 1,’bb’,test4 OLD NEW
  • 39. Before Images, Indexes and Visibility Maps PostgreSQL41 26/10/2017 Page 0 2,’cc’,test3 0,’aa’,test1’ 1,’bb’,test2 3,’dd’,test4 HEAP HEAP_VM 01 Bt Page 1 [0,4] 2,’cc’ [0,2] 0,’aa’’ [0,3] 1,’bb’ [0,1] 3,’dd’ INDEX ON (ID, COL1)
  • 40. Before Images, Indexes and Visibility Maps PostgreSQL42 26/10/2017 Page 0 2,’cc’,test3 0,’aa’,test1’ 1,’bb’,test2 3,’dd’,test4 HEAP HEAP_VM 01 Bt Page 1 [0,4] 2,’cc’ [0,2] 0,’aa’’ [0,3] 1,’bb’ [0,1] 3,’dd’ INDEX ON (ID, COL1) INDEX ONLY SCANS
  • 41. Before Images, Indexes and Visibility Maps PostgreSQL43 26/10/2017 Page 0 2,’cc’,test3 0,’aa’,test1’ Page 1 1,’bb’,test2 3,’dd’,test4 1,’bb’,test4 OLD NEW HEAP HEAP_VM 00 00 Bt Page 1 INDEX ON (ID, COL1) [1,1] 1,’bb’ [0,4] 2,’cc’ [0,2] 0,’aa’’ [0,3] 1,’bb’ [0,1] 3,’dd’ NEW OLD
  • 42. Before Images, Indexes and Visibility Maps PostgreSQL44 26/10/2017 Page 0 2,’cc’,test3 0,’aa’,test1’ Page 1 1,’bb’,test2 3,’dd’,test4 1,’bb’,test4 HEAP HEAP_VM 00 00 Bt Page 1 INDEX ON (ID, COL1) [1,1] 1,’bb’ [0,4] 2,’cc’ [0,2] 0,’aa’’ [0,3] 1,’bb’ [0,1] 3,’dd’ INDEX ONLY SCANS
  • 43. Before Images, Indexes and Visibility Maps PostgreSQL45 26/10/2017 Page 0 2,’cc’,test3 0,’aa’,test1’ Page 1 1,’bb’,test2 3,’dd’,test4 1,’bb’,test4 OLD NEW HEAP HEAP_VM 01 01 Bt Page 1 INDEX ON (ID, COL1) [1,1] 1,’bb’ [0,4] 2,’cc’ [0,2] 0,’aa’’ [0,3] 1,’bb’ [0,1] 3,’dd’ NEW OLD VACUUM
  • 44. Pros and Cons of this implementation PostgreSQL46 26/10/2017 Pros (compared to Oracle) – No need for Rollback Segments, no ORA-01555 for rollback segments too small  Cons – High modification == High Fragmentation! VACUUM required – When a tuple is modified AND changes of page, its address changes! • Need to update ALL the indexes that point to it, regardless if the modified column is indexed • This is the famous «write amplification» problem in PostgreSQL • The table fillfactor (equivalent of pctused) mitigates the problem • Vacuum becomes critical for performance
  • 45. VACUUM PostgreSQL47 26/10/2017 Must be performed regularly in order to – Reclaim space occupied by old tuple images – Update data statistics used by the query planner – Update the visibility map – Reset the transaction ID of old blocks to prevent wraparound A default VACUUM is executed regularly by default – Many parameters help in the VACUUM fine-tuning Manual VACUUMing is possible
  • 46. Transaction ID (XID) wraparounds PostgreSQL48 26/10/2017 OLDEST ACTIVE TRANSACTION OLDEST TRANSACTION ID XID is 32 bit long: max 4bln XIDs – 2bln (2^31) in the past – 2bln (2^31) in the future XIDs in the future are invisible (per read consistency) If an old Tuple wraps around, it will become invisible: WRONG! WRAPAROUND POINT NOW
  • 47. Transaction ID (XID) wraparounds - solution PostgreSQL49 26/10/2017 OLDEST ACTIVE TRANSACTION OLDEST TRANSACTION ID The VACUUM stamps the tuples as Frozen after they become older than the freezing point Frozen means that the tuples are visible regardless of the Transaction ID Not elegant, but effective solution VACUUM again plays an important role NOW FREEZING POINT
  • 48. The Oversized-Attribute Storage Technique (TOAST) PostgreSQL50 26/10/2017 Support for very large columns lob_test=# create table t (id integer, toast varchar(1000000)); CREATE TABLE lob_test=# insert into t values (1, rpad('x',1000000)); INSERT 0 1
  • 49. The Oversized-Attribute Storage Technique (TOAST) PostgreSQL51 26/10/2017 Support for very large columns lob_test=# create table t (id integer, toast varchar(1000000)); CREATE TABLE lob_test=# insert into t values (1, rpad('x',1000000)); INSERT 0 1 lob_test=# select relfilenode, reltoastrelid lob_test-# from pg_class where relname='t'; relfilenode | reltoastrelid -------------+--------------- 16853 | 16856 (1 row) Each table with extended columns has a dedicated TOAST segment
  • 50. The Oversized-Attribute Storage Technique (TOAST) PostgreSQL52 26/10/2017 e.g.: 64k column
  • 51. The Oversized-Attribute Storage Technique (TOAST) PostgreSQL53 26/10/2017 e.g.: 64k column Split in 2048 bytes chunks
  • 52. The Oversized-Attribute Storage Technique (TOAST) PostgreSQL54 26/10/2017 Split in 2048 bytes chunks Individual chunk compression via lz_compress e.g.: 64k column
  • 53. The Oversized-Attribute Storage Technique (TOAST) PostgreSQL55 26/10/2017 Split in 2048 bytes chunks Individual chunk compression via lz_compress Compressed chunks inserted as rows in the TOAST table e.g.: 64k column
  • 54. The Oversized-Attribute Storage Technique (TOAST) PostgreSQL56 26/10/2017 Split in 2048 bytes chunks Individual chunk compression via lz_compress Compressed chunks inserted as rows in the TOAS table e.g.: 64k column Nice replacement for LOBs!!
  • 55. Architectural Oddities #1 : Constraints enforced per row PostgreSQL57 26/10/2017 The doc says constraints are enforced per statement Actually, they are enforced PER ROW This lead to unexpected behaviours depending on row placement and access * pagila=# insert into demo values(2); INSERT 0 1 pagila=# insert into demo values(1); INSERT 0 1 pagila=# update demo set n=n+1; UPDATE 2 pagila=# insert into demo values(1); INSERT 0 1 pagila=# insert into demo values(2); INSERT 0 1 pagila=# update demo set n=n+1; ERROR: duplicate key value violates unique constraint "demo_pk" DETAIL: Key (n)=(2) already exists. pagila=# create table demo (n integer not null); CREATE TABLE pagila=# alter table demo add constraint demo_pk primary key(n); ALTER TABLE * Unless declared as deferrable
  • 56. Architectural Oddities #2: Classic Large Objects PostgreSQL58 26/10/2017 The Large Objects are not part of a table (even not logically) They are just referenced by the columns As result: – Large Objects and Tables might have different owners (see next chapter) – Large Objects might be referenced by multiple rows/tables – Large Objects are not deleted when the rows are deleted – Large Objects housekeeping is a routine task! (use vacuumlo binary for this) Some insights about LOBs here: – http://www.ludovicocaldara.net/dba/pgsql-lo-space-usage-part-3/
  • 57. Architectural Oddities #3: Rollback on statement error PostgreSQL59 26/10/2017 With Oracle, in the middle of a transaction an error will rollback just the last statement With PostgreSQL, in the middle of a transaction an error will rollback all the previous statements – Developers relying on this behavior must be careful – Using save points might do the job db=# BEGIN; BEGIN db=# INSERT INTO t VALUES (1); INSERT 0 1 db=# SELECT 0/0; ERROR: division by zero db=# select * from t; ERROR: current transaction is aborted, commands ignored until end of transaction block db=# commit; ROLLBACK
  • 58. Digging the internals PostgreSQL60 26/10/2017 Open Source: RTFC (Read That F* Code!) The source code is complex but rich of explanations https://doxygen.postgresql.org/
  • 60. Authentication PostgreSQL62 26/10/2017 Authentication != Authorization A user must authenticate to the server, the user must already exist! – create role myuser with login; PostgreSQL supports mixed authentication Mixed authentication allows nice security features. E.g. – Active Directory-Based authentication for individuals – Password authentication for traditional application users – Client certificate authentication for batches and secure applications
  • 61. Authentication (cont.) PostgreSQL63 26/10/2017 pge_hba.conf: the first line that matches wins. Real example: # TYPE DATABASE USER ADDRESS METHOD host all +ldap_users 0.0.0.0/0 ldap ldapserver=ldap.trivadis.com ldapport=389 ldapprefix="uid=" ldapsuffix=",ou=people,dc=trivadis,dc=com" hostssl all +sslcertusers 0.0.0.0/0 trust clientcert=1 local all postgres peer map=dba host all all 0.0.0.0/0 md5 local hostnossl host hostssl all replication sameuser samerole dbname all user +group @incfile all samehost samenet IP range trust reject md5 password gss sspi ident peer ldap radius cert pam
  • 62. Authentication maps PostgreSQL64 26/10/2017 With maps, the mapped users can connect with a different username. – E.g. all the dba can connect locally as postgres: # TYPE DATABASE USER METHOD local all postgres peer map=dba The file ident.conf contains the maps: #map osuser dbuser dba luc postgres dba zam postgres dba jko postgres dba bir postgres dba efu postgres
  • 63. Authentication - inheritance PostgreSQL65 26/10/2017 Oracle has USERS and ROLES. PostgreSQL manages everything as a ROLE: A role can inherit another role: – A user is a role with login privilege – A role can be granted to another role -> inheritance, grouping – A role itself might be granted to login – A user can set a role and «become» that role – A schema is not a user or role but an object namespace – It sounds complicated but it is not (once you get it) «public» exists but it is actually a hidden role.
  • 64. Creating a group and a user PostgreSQL66 26/10/2017 postgres=# create role mygroup; CREATE ROLE postgres=# du mygroup List of roles Role name | Attributes | Member of -----------+--------------+----------- mygroup | Cannot login | {} postgres=# create role myuser with login in group mygroup; CREATE ROLE postgres=# du myuser List of roles Role name | Attributes | Member of -----------+------------+----------- myuser | | {mygroup}
  • 65. A more complex example PostgreSQL67 26/10/2017 # TYPE DATABASE USER ADDRESS METHOD host all +ldap_users 0.0.0.0/0 ldap postgres=# create role ldap_users; -- for the LDAP authentication CREATE ROLE postgres=# create role pagila with login; -- for the application CREATE ROLE postgres=# create role luc with login in group ldap_users, pagila; CREATE ROLE postgres=# c pagila You are now connected to database "pagila" as user "postgres". pagila=# grant all privileges on schema public to pagila; GRANT postgres=#
  • 66. A more complex example (cont.) PostgreSQL68 26/10/2017 List of roles Role name | Attributes | Member of -------------+---------------------------+------------------- ldap_users | Cannot login | {} pagila | | {} luc | | {pagila,ldap_users} # psql –U luc –h $HOSTNAME –p $PGPORT pagila Password for user luc: pagila=> set role pagila; SET pagila=> select session_user, user; session_user | current_user --------------+-------------- luc | pagila (1 row)
  • 68. Schemas: Namespace search PostgreSQL70 26/10/2017 Public schema exists by default Non-quilified objects are created in the public schema The default search_path is "$user", public pagila=# CREATE TABLE t1 (a varchar(50)); CREATE TABLE pagila=# dt t1 List of relations Schema | Name | Type | Owner --------+------+-------+---------- public | t1 | table | postgres (1 row) pagila=# select * from t1; a --- (0 rows)
  • 69. Schemas: Namespace search (cont.) PostgreSQL71 26/10/2017 Other schemas must be specified upon object creation: pagila=# CREATE SCHEMA schema1; CREATE SCHEMA pagila =# CREATE TABLE schema1.t2 (a varchar(50)); CREATE TABLE The schema must be specified to find the object, unless you modify the search space pagila =# dt t2 No matching relations found. pagila =# SET search_path=public,schema1; SET pagila =# dt t2 List of relations Schema | Name | Type | Owner ---------+------+-------+---------- schema1 | t2 | table | postgres (1 row) OWNER != SCHEMA
  • 70. Schema Privileges PostgreSQL72 26/10/2017 Users own schemas or objects in their own or someone else’s schemas Access to the objects is granted by respective owners pagila=# GRANT CREATE ON SCHEMA public TO luc; GRANT … as luc pagila=> CREATE TABLE ludovico_table (a varchar(50)); CREATE pagila=> dt ludovico_table List of relations Schema | Name | Type | Owner --------+----------------+-------+------- public | ludovico_table | table | luc (1 row) pagila=> GRANT SELECT ON ludovico_table TO ...
  • 71. Default privileges PostgreSQL73 26/10/2017 The default permissions on a schema might be changed if necessary ALTER DEFAULT PRIVILEGES [ FOR { ROLE | USER } target_role [, ...] ] [ IN SCHEMA schema_name [, ...] ] GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER } [, ...] | ALL [ PRIVILEGES ] } ON TABLES TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]
  • 72. Hardening tips PostgreSQL74 26/10/2017 Believe it or not, public can write in the postgres public schema… – postgres=# revoke all privileges on schema public from public; The same applies to the template1… you might want to change it too – template1=# revoke all privileges on schema public from public;
  • 73. Audit PostgreSQL77 26/10/2017 No embedded module for auditing 3rd parties module pgaudit exists and it the standard de-facto – Recommended by US Department of Defense – https://www.crunchydata.com/postgres-stig/PGSQL-STIG-9.5+.pdf – shared_preload_libraries ='pgaudit‘ pgaudit.log_catalog='on‘ pgaudit.log_level='log‘ pgaudit.log_parameter='on‘ pgaudit.log_relation='off‘ pgaudit.log_statement_once='off‘ pgaudit.log='ddl, role, write' – Supplemental work required to analyze data
  • 74. Pgaudit installation PostgreSQL78 26/10/2017 Download pgaudit-REL9_6_STABLE.zip unzip pgaudit-REL9_6_STABLE.zip cd pgaudit-REL9_6_STABLE set PATH to PostgreSQL binary make USE_PGXS=1 install Modify PostgreSQL.conf (previous slide) Restart the cluster
  • 76. Base Backup: it backs up the whole cluster! PostgreSQL80 26/10/2017 With the whole cluster, all the databases are backed up The WAL files can be applied on a base backup: PITR possible $ pg_basebackup -D $BACKUP_DEST -Ft -z -l $Label -U postgres $ ls –l $BACKUP_DEST -rw-rw---- 1 postgres postgres 5703169 Jul 11 21:15 base.tar.gz It creates a tar.gz with the necessary files Fuzzy datafiles: they will need recovery
  • 77. WAL Backups: WAL introduction PostgreSQL81 26/10/2017 WAL files are a mix between online logs and archive logs – They contains after images needed for recovery – If archive mode is OFF, WAL files are recycled – If archive mode is ON, they are not recycled but they need to be archived – Archival is ran using the command specified in archive_command parameter – Impossible to archive: WAL filesystem fills up -> databases hang! WAL files size is 16MB (fixed, defined at compile time) Archive_timeout -> similar to archive_lag_target
  • 78. WAL Backups: parameters PostgreSQL82 26/10/2017 wal_level = replica archive_mode = on archive_command = 'test ! -f /u02/data/postgres/backup/pgts962i/archive/%f && cp %p /u02/data/postgres/backup/pgts962i/archive/%f' archive_timeout = 1800 WAL files should be archived on a remote server You can mimic Oracle by archiving WALs locally and then save asynchronously on tape – But then it’s up to YOU to restore them correctly
  • 79. Restoring a Base Backup PostgreSQL83 26/10/2017 Without point-in-time recover – Just uncompress the base backup in the original location and start the cluster – It will restore at the time the backup was taken With point-in-time recover – Uncompress the base backup – Prepare a recovery.conf file in the $PGDATA directory containing: restore_command='cp /u02/data/postgres/backup/pgts962i/archive/%f %p‘ recovery_target_time = ‘your time here‘ – Start the cluster – ATTENTION! Archives not found -> earlier recovery point WITHOUT ERRORS
  • 80. Database Dump PostgreSQL84 26/10/2017 pg_dump dumps the content of a single database (in text or proprietary format) Very close to Oracle Exp/Imp and Mysql Dump It does NOT allow further recovery -> recovery point = time of the dump Example: – pg_dump -U postgres --format=c --file=dbname.dump dbname Pg_dump saves grants but not users definitions or other global objects To dump users definitions: – pg_dumpall -g --file=global.dump Pg_dumpall can be used to dump the cluster content as a whole (including data)
  • 81. Database Restore PostgreSQL85 26/10/2017 pg_Restore restores a dump created with pg_dump – pg_restore –U postgres –d dbname dbname.dump Several options exist. My favorite: – When target database exists -> drop and recreate it – When target database dows not exist -> create it empty Grants on non-existing users will fail (e.g. restore on new cluster) – Restore the global objects beforehand
  • 83. EDB Postgres Enterprise Manager (PEM) PostgreSQL87 26/10/2017 Web based since release 7 Monitors availability, performance Many checks Some bugs Some features are PPAS specific
  • 84. Other 3rd party Monitoring Solutions PostgreSQL88 26/10/2017 On-premises – Generic: ManageEngine, SolarWinds, Munin, Zabbix, Cacti – Specific: Open PostgreSQL Monitoring (OPM), pgwatch, PGObserver Cloud-based (SaaS) – Generic: LogicMonitor, NewRelic, DataDog, Okmeter – Specific: pganalyze, pgAnalytics
  • 85. Instrumentation PostgreSQL89 26/10/2017 Like every database, monitoring is influenced by instrumentation PostgreSQL is getting better instrumentation – Since PostgreSQL 9.6: wait interface – Waits are documented here: https://www.postgresql.org/docs/9.6/static/monitoring-stats.html#WAIT-EVENT- TABLE – Module pg_stat_statements collects waits and activities at statement level – Other modules exist, still not comparable to ASH (e.g. pg_statsinfo)
  • 88. SQL Standards and Programmability PostgreSQL92 26/10/2017 Rich SQL: https://www.postgresql.org/docs/current/static/sql.html Nice features (e.g. Row Level Security, advanced datatypes (e.g. ipv4)) pg/plsql is «SIMILAR» to PL/SQL
  • 90. External plugins and additional modules PostgreSQL94 26/10/2017 Open Source -> extendible Many 3rd party projects make PostgreSQL very powerful Examples – PostGIS -> Spatial features for PostgreSQL (http://www.postgis.org/) – PgRouting -> adds routing algorithms to PostGIS – Bloom -> Enable index access based on bloom filters – postgres-fdw -> Enable DB Links to external instances (including other RDBMS) – Hstore -> key-value data type – Many others!
  • 91. Questions? 26/10/2017 PostgreSQL97 Ludovico Caldara ACE Director, Senior Consultant Tél. +41 79 909 72 75 ludovico.caldara@trivadis.com