PostgreSQL

Installation

The installation and initialization of the postgresql server is a little bit different in comparison to other packages and other linux distros. This document aims to summarize basic installation steps relevant to recent fedora release. In the first place, you may consider installing a newer version than is packaged for Fedora, see 1. However, this is not recommended.

  1. sudo yum install postgresql-server postgresql-contrib

Or with dnf in Fedora 22 and later versions:

  1. sudo dnf install postgresql-server postgresql-contrib

The postgresql server is turned off and disabled by default. You can enable its start during the boot using following command:

  1. sudo systemctl enable postgresql

You can start the postgresql server only when necessary as follows.

  1. sudo systemctl start postgresql
  2. Job for postgresql.service failed. See 'systemctl status postgresql.service' and 'journalctl -xn' for details.

The database needs to be populated with initial data after installation. The error log describes the problem and its solution.

  1. journalctl -xn
  2. -- Logs begin at Mon 2013-11-04 14:38:33 CET, end at Thu 2013-11-14 11:45:56 CET. --
  3. Nov 14 11:45:34 mlich-lenovo.usersys.redhat.com sudo[2054]: jmlich : TTY=pts/2 ; PWD=/home/jmlich ; USER=root ; COMMAND=/bin/systemctl status postgresql
  4. Nov 14 11:45:37 mlich-lenovo.usersys.redhat.com sudo[2073]: jmlich : TTY=pts/2 ; PWD=/home/jmlich ; USER=root ; COMMAND=/bin/systemctl status postgresql
  5. Nov 14 11:45:56 mlich-lenovo.usersys.redhat.com sudo[2105]: jmlich : TTY=pts/2 ; PWD=/home/jmlich ; USER=root ; COMMAND=/bin/systemctl start postgresql
  6. Nov 14 11:45:56 mlich-lenovo.usersys.redhat.com systemd[1]: Starting PostgreSQL database server...
  7. -- Subject: Unit postgresql.service has begun with start-up
  8. -- Defined-By: systemd
  9. - Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
  10. --
  11. -- Unit postgresql.service has begun starting up.
  12. Nov 14 11:45:56 mlich-lenovo.usersys.redhat.com postgresql-check-db-dir[2108]: An old version of the database format was found.
  13. Nov 14 11:45:56 mlich-lenovo.usersys.redhat.com postgresql-check-db-dir[2108]: Use "postgresql-setup upgrade" to upgrade to version 9.3.
  14. Nov 14 11:45:56 mlich-lenovo.usersys.redhat.com postgresql-check-db-dir[2108]: See /usr/share/doc/postgresql/README.rpm-dist for more information.
  15. Nov 14 11:45:56 mlich-lenovo.usersys.redhat.com systemd[1]: postgresql.service: control process exited, code=exited status=1
  16. Nov 14 11:45:56 mlich-lenovo.usersys.redhat.com systemd[1]: Failed to start PostgreSQL database server.
  17. -- Subject: Unit postgresql.service has failed
  18. -- Defined-By: systemd
  19. -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
  20. -- Documentation: `http://www.freedesktop.org/wiki/Software/systemd/catalog/be02cf6855d2428ba40df7e9d022f03d
  21. --
  22. -- Unit postgresql.service has failed.
  23. --
  24. -- The result is failed.

The database initialization could be done using following command. It creates the configuration files postgresql.conf and pg_hba.conf

  1. sudo postgresql-setup initdb

Or on Fedora 22 and later:

  1. sudo postgresql-setup --initdb --unit postgresql

Upgrade

As you can see from the error message in my example, it is not a fresh installation, but an ugprade.

  1. Nov 14 11:45:56 mlich-lenovo.usersys.redhat.com postgresql-check-db-dir[2108]: An old version of the database format was found.
  2. Nov 14 11:45:56 mlich-lenovo.usersys.redhat.com postgresql-check-db-dir[2108]: Use "postgresql-setup upgrade" to upgrade to version 9.3.

With version 9 you can use the upgrade tool. It is packaged as postgresql-upgrade:

  1. postgresql-setup upgrade
  3. Redirecting to /bin/systemctl stop  postgresql.service
  4. Upgrading database: OK
  6. The configuration files was replaced by default configuration.
  7. The previous configuration and data are stored in folder /var/lib/pgsql/data-old.
  9. See /var/lib/pgsql/pgupgrade.log for details.

The data are located at

  • /var/lib/pgsql/data

  • /var/lib/pgsql/data-old

The upgrade itself will backup your existing data and migrate your database. Don’t forget to migrate your configuration (with meld, for example: meld /var/lib/pgsql/data{,-old}/postgresql.conf).

You may need to switch postgresql to trust mode before updating. This should be fixed already.

You can also upgrade by dumping your database and loading it again. For more information, see the official documentation.

Firewall

PostgreSQL operates on port 5432 (or whatever else you set in your postgresql.conf). In firewalld you can open it like this:

  1. # make it last after reboot
  2. firewall-cmd --permanent --add-port=5432/tcp
  3. # change runtime configuration
  4. firewall-cmd --add-port=5432/tcp

In the case of iptables:

  1. iptables -A INPUT -p tcp --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT

Bear in mind that you probably don’t want to open your database server to the whole world.

SELinux

If you have SELinux enforced, you may run into trouble when trying to do some non-standard configuration. For example, if you would like to change a location of your database, you have to add new context mapping for the new location:

  1. semanage fcontext -a -t postgresql_db_t "/my/new/location(/.*)?"

If the default port doesn’t work for you, you may need to map postgre’s port type to your desired port:

  1. semanage port -a -t postgresql_port_t -p tcp 5433

If you install a webapp that wants to communicate with PostgreSQL via TCP/IP, you will have to tell SELinux to allow this on the webserver host:

  1. setsebool -P httpd_can_network_connect_db on

User Creation and Database Creation

Eventually, you need to create a user (and database for the user). First, you have to switch the user to interact with postgres:

  1. su - postgres

and then run postgre’s interactive shell:

  1. psql
  2. psql (9.3.2)
  3. Type "help" for help.
  5. postgres=#

From there you can run user creation commands:

  1. postgres=# CREATE USER lenny WITH PASSWORD 'leonard';
  2. postgres=# CREATE DATABASE carl OWNER lenny;

You can do this from the system shell as well:

  1. createuser lenny
  2. createdb --owner=lenny carl

It might be good idea to add password for the postgres user:

  1. postgres=# \password postgres

Configuration

The postgresql server is using two main configuration files

  • /var/lib/pgsql/data/postgresql.conf

  • /var/lib/pgsql/data/pg_hba.conf

systemd

Some configuration parameters are passed to daemon via command line options. This behaviour may override settings in postgresql.conf. For example, if you want to change the server’s port number to 5433, create a file named /etc/systemd/system/postgresql.service containing:

  1. .include /lib/systemd/system/postgresql.service
  2. [Service]
  3. Environment=PGPORT=5433

Note: changing PGPORT or PGDATA will typically require adjusting SELinux configuration as well; see section selinux.

Please follow the systemd documentation 2 for more details.

postgresql.conf

If you want postgres to accept network connections, you should change

  1. listen_addresses = 'localhost'

to

  1. listen_addresses = '*'

pg_hba.conf

Once your database is set up, you need to configure access to your database server. This may be done by editing file /var/lib/pgsql/data/pg_hba.conf. There are rules like this in the file:

  1. # TYPE    DATABASE        USER            ADDRESS                 METHOD
  2.   host    all             all             127.0.0.1/32            md5
  3.   host    all             all             ::1/128                 md5
  4.   local   all             postgres                                peer

First field stands for connection type. It can have these values:

  • local — Unix-domain socket

  • host — plain or SSL-encrypted TCP/IP socket

  • hostssl — an SSL-encrypted TCP/IP socket

  • hostnossl — plain TCP/IP socket

Last column specifies which authentication method will be used.

  • md5 — client has to supply password processed with MD5 algorithm

  • ident — obtain user name of connecting client from operating system and consult it with specified map

  • trust — anyone who is able to connect to PostgreSQL server may act as any user without supplying password

  • peer — obtains user’s name from operating system and checks if it matches database user name

When the database server is authenticating the client, it seeks for a record with a matching connection type, client address, requested database, and user name. As soon as it finds these credentials, it performs the authentication. If the authentication fails, no more subsequent records are taken into account. If no record matches, the client’s access is denied.

The default settings are usually restricted to localhost.

When you install your database server and at first you try to “make it work”, you should turn off firewall, SELinux and make the postgres authentication permissive. Bear in mind this will greatly expose your server, so do it only on a trusted network — preferably with no network at all:

  1. host    all             all             127.0.0.1/32            trust

As soon as you are able to connect, turn on the security systems one by one while verifying the connection can be established.

For more information see official documentation for pg_hba.conf file.

Optimization

The default configuration of postgres is severely undertuned. It can handle simple applications without consistent database access, but if you require higher performance, you should re-configure your instance. All the magic is happening in /var/lib/pgsql/data/postgresql.conf\` . Also, the logging mechanism is not configured very intuitively.

Performance

The number of clients which may be connected to PostgreSQL at the same time:

  1. max_connections = <number>

shared_buffers is the entry point. This is telling PostgreSQL how much memory is dedicated for caching. Setting this to 25% of total memory of your system is a good start. If it doesn’t work for you, try to go for something between 15% - 40% of total memory.

  1. shared_buffers = <memory unit>

This value is used by the query planner to know how much memory is available in the system. The query planner uses this information to figure out whether the plan fits into memory or not. Setting this to 50% of total memory is a common practice.

  1. effective_cache_size = <memory unit>

When PostgreSQL performs sorting operations, it plans its strategy whether to sort the query on disk or in memory. Bear in mind that this memory is available for every sorting instance. In case of multiple users submitting queries to your database server, this can ramp up pretty high. Therefore this is tightly bound to max_connections.

  1. work_mem = <memory unit>

For more information about this topic I advise you to read the official documentation about tuning PostgreSQL.

Logging

By default, logs are rotated every week and you might not find much information in there. One could miss a log level, date, time, etc. Also, for simple web applications, some prefer to increase verbosity.

  1. log_destination = 'stderr'

This is just fine. If you would like syslog to take care of your logs, change 'stderr' to 'syslog', or even 'syslog,stderr'. If you go for syslog, don’t forget to configure syslog itself too; for more info, see official documentation.

  1. logging_collector = on

In case of logging to stderr, postgres will grab all the logs if you enable the logging_collector option.

This is default option:

  1. log_filename = 'postgresql-%a.log'

A preferred method could be to name log files by date when they were created:

  1. log_filename = 'postgresql-%G-%m.log

Rotation. This really depends on the app itself. In the case of a simple app with little data in the database, all the logs may be kept persistently on disk without rotation.

  1. log_truncate_on_rotation = off
  2. log_rotation_age = 31d

Increase number of entries in log:

  1. client_min_messages = notice      # default notice
  2. log_min_messages = info           # default warning
  3. log_min_error_statement = notice  # default error

If you would like to log slow queries, feel free to use this option:

  1. log_min_duration_statement = 1000  # in ms

The default log entry doesn’t contain much info:

  1. FATAL:  Ident authentication failed for user "test"
  2. DETAIL:  Connection matched pg_hba.conf line 84: "host    all             all             ::1/128                 ident"

Let’s improve it to:

  1. 2013-12-30 17:51:36 CET testx@::1(50867):postgres [11213] FATAL:  password authentication failed for user "testx"
  2. 2013-12-30 17:51:36 CET testx@::1(50867):postgres [11213] DETAIL:  Connection matched pg_hba.conf line 84: "host   all             all             ::1/128                 md5 "

You just have to alter the option log_line_prefix.

  1. # %t -- timestamp
  2. # %u -- user
  3. # %r -- client's host
  4. # %d -- database
  5. # %p -- PID
  6. log_line_prefix = '%t %u@%r:%d [%p] '

If you are running only a single database with a single user connecting, it makes more sense to simplify the prefix to

  1. log_line_prefix = '%t [%p] '

Final recipe

  1. log_destination = 'stderr'
  2. logging_collector = on
  3. log_filename = 'postgresql-%G-%m.log'
  4. log_truncate_on_rotation = off
  5. log_rotation_age = 31d
  6. client_min_messages = notice
  7. log_min_messages = info
  8. log_min_error_statement = notice
  9. log_line_prefix = '%t %u@%r:%d [%p] '

Reference

Full RPM packaging documentation

Tuning performance

Logging configuration

Upgrading PostgreSQL

pg_hba.conf file

See a typo, something missing or out of date, or anything else which can be improved? Edit this document at https://pagure.io/fedora-docs/quick-docs.