Book Image

PostgreSQL 9 Administration Cookbook - Second Edition

Book Image

PostgreSQL 9 Administration Cookbook - Second Edition

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
PostgreSQL 9 Administration Cookbook - Second Edition
Apr, 2015 | 504 pages
No titles found
Table of Contents (19 chapters)
PostgreSQL 9 Administration Cookbook Second Edition
PostgreSQL 9 Administration Cookbook Second Edition
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
First Steps
First Steps
Introduction
Getting PostgreSQL
Connecting to the PostgreSQL server
Enabling access for network/remote users
Using graphical administration tools
Using the psql query and scripting tool
Changing your password securely
Avoiding hardcoding your password
Using a connection service file
Troubleshooting a failed connection
2
Exploring the Database
Exploring the Database
Introduction
What version is the server?
What is the server uptime?
Locating the database server files
Locating the database server's message log
Locating the database's system identifier
Listing databases on this database server
How many tables in a database?
How much disk space does a database use?
How much disk space does a table use?
Which are my biggest tables?
How many rows in a table?
Quickly estimating the number of rows in a table
Listing extensions in this database
Understanding object dependencies
3
Configuration
Configuration
Introduction
Reading The Fine Manual (RTFM)
Planning a new database
Changing parameters in your programs
Finding the current configuration settings
Which parameters are at nondefault settings?
Updating the parameter file
Setting parameters for particular groups of users
The basic server configuration checklist
Adding an external module to PostgreSQL
Using an installed module
Managing installed extensions
4
Server Control
Server Control
Introduction
Starting the database server manually
Stopping the server safely and quickly
Stopping the server in an emergency
Reloading the server configuration files
Restarting the server quickly
Preventing new connections
Restricting users to only one session each
Pushing users off the system
Deciding on a design for multitenancy
Using multiple schemas
Giving users their own private database
Running multiple servers on one system
Setting up a connection pool
Accessing multiple servers using the same host and port
5
Tables and Data
Tables and Data
Introduction
Choosing good names for database objects
Handling objects with quoted names
Enforcing the same name and definition for columns
Identifying and removing duplicates
Preventing duplicate rows
Finding a unique key for a set of data
Generating test data
Randomly sampling data
Loading data from a spreadsheet
Loading data from flat files
6
Security
Security
Introduction
The PostgreSQL superuser
Revoking user access to a table
Granting user access to a table
Creating a new user
Temporarily preventing a user from connecting
Removing a user without dropping their data
Checking whether all users have a secure password
Giving limited superuser powers to specific users
Auditing DDL changes
Auditing data changes
Always knowing which user is logged in
Integrating with LDAP
Connecting using SSL
Using SSL certificates to authenticate the client
Mapping external usernames to database roles
Encrypting sensitive data
7
Database Administration
Database Administration
Introduction
Writing a script that either succeeds entirely or fails entirely
Writing a psql script that exits on the first error
Performing actions on many tables
Adding/removing columns on a table
Changing the data type of a column
Changing the definition of a data type
Adding/removing schemas
Moving objects between schemas
Adding/removing tablespaces
Moving objects between tablespaces
Accessing objects in other PostgreSQL databases
Accessing objects in other foreign databases
Updatable views
Using materialized views
8
Monitoring and Diagnosis
Monitoring and Diagnosis
Introduction
Checking whether a user is connected
Checking which queries are running
Checking which queries are active or blocked
Knowing who is blocking a query
Killing a specific session
Detecting an in-doubt prepared transaction
Knowing whether anybody is using a specific table
Knowing when a table was last used
Usage of disk space by temporary data
Understanding why queries slow down
Investigating and reporting a bug
Producing a daily summary of log file errors
Analyzing the real-time performance of your queries
9
Regular Maintenance
Regular Maintenance
Introduction
Controlling automatic database maintenance
Avoiding auto-freezing and page corruptions
Avoiding transaction wraparound
Removing old prepared transactions
Actions for heavy users of temporary tables
Identifying and fixing bloated tables and indexes
Maintaining indexes
Adding a constraint without checking existing rows
Finding unused indexes
Carefully removing unwanted indexes
Planning maintenance
10
Performance and Concurrency
Performance and Concurrency
Introduction
Finding slow SQL statements
Collecting regular statistics from pg_stat* views
Finding out what makes SQL slow
Reducing the number of rows returned
Simplifying complex SQL queries
Speeding up queries without rewriting them
Why a query is not using an index
Forcing a query to use an index
Using optimistic locking
Reporting performance problems
11
Backup and Recovery
Backup and Recovery
Introduction
Understanding and controlling crash recovery
Planning backups
Hot logical backup of one database
Hot logical backup of all databases
Hot logical backup of all tables in a tablespace
Backup of database object definitions
Standalone hot physical database backup
Hot physical backup and continuous archiving
Recovery of all databases
Recovery to a point in time
Recovery of a dropped/damaged table
Recovery of a dropped/damaged tablespace
Recovery of a dropped/damaged database
Improving performance of backup/recovery
Incremental/differential backup and restore
Hot physical backups with Barman
Recovery with Barman
12
Replication and Upgrades
Replication and Upgrades
Introduction
Replication best practices
Setting up file-based replication – deprecated
Setting up streaming replication
Setting up streaming replication security
Hot Standby and read scalability
Managing streaming replication
Using repmgr
Using Replication Slots
Monitoring replication
Performance and Synchronous Replication
Delaying, pausing, and synchronizing replication
Logical Replication
Bi-Directional Replication
Archiving transaction log data
Upgrading – minor releases
Major upgrades in-place
Major upgrades online
Index
Index

Avoiding hardcoding your password

We all agree that hardcoding your password is a bad idea. This recipe shows you how to keep your password in a secure password file.

Getting ready

Not all database users need passwords; some databases use other means of authentication. Don't do this step unless you know you will be using password authentication and you know your password.

First, remove the hardcoded password from where you had set it previously. Completely remove the password = xxxx text from the connection string in a program. Otherwise, when you test the password file, the hardcoded setting will override the details you are just about to place in the file. Keeping the password hardcoded and in the password file is not any better. Using PGPASSWORD is not recommended either, so remove that also.

If you think someone may have seen the password, then change your password before placing it in the secure password file.

How to do it…

A password file contains the usual five fields that we require when connecting, as shown here:

host:port:dbname:user:password

Change this to the following:

myhost:5432:postgres:sriggs:moresecure

The password file is located using an environment variable named PGPASSFILE. If PGPASSFILE is not set, then a default filename and location must be searched for, as follows:

  • On *nix systems, look for ~/.pgpass.

  • On Windows systems, look for %APPDATA%\postgresql\pgpass.conf, where %APPDATA% is the application data subdirectory in the path (for me, that would be C:\).

Note

Don't forget to set the file permissions on the file, so that security is maintained. File permissions are not enforced on Windows, though the default location is secure. On *nix systems, you must issue the following:

chmod 0600 ~/.pgpass

If you forget to do this, the PostgreSQL client will ignore the .pgpass file. While psql will issue a clear warning, many other clients will just fail silently, so don't forget!

How it works…

Many people name the password file .pgpass, whether or not they are on Windows, so don't get confused if they do this.

The password file can contain multiple lines. Each line is matched against the requested host:port:dbname:user combination until we find a line that matches. Then, we use that password.

Each item can be a literal value or *, a wildcard that matches anything. There is no support for partial matching. With appropriate permissions, a user can potentially connect to any database. Using the wildcard in the dbname and port fields makes sense, but it is less useful in other fields. Here are a few examples:

  • myhost:5432:*:sriggs:moresecurepw

  • myhost:5432:perf:hannu:okpw

  • myhost:*:perf:gianni:sicurissimo

There's more…

This looks like a good improvement if you have a small number of database servers. If you have many different database servers, you may want to think about using a connection service file instead (see the next recipe), or perhaps even storing details on an LDAP server.

Previous Section
End of Section 9
Next Section