SlideShare a Scribd company logo

Postgre sql unleashed

Download as ODP, PDF
Marian Marinov
Marian Marinov

The document discusses PostgreSQL storage architecture, authentication, permissions, and commands. It provides details on: - The PostgreSQL data directory structure and how tables and indexes are stored as separate files across multiple file segments. - Authentication configuration using pg_hba.conf for host-based authentication and pg_ident.conf for user identification mapping. Authentication methods include trust, reject, ident, password, md5, and pam. - SQL commands for managing users, databases, tables, permissions, and database maintenance like vacuuming and reindexing. - Backup methods including SQL dumps, file system backups, and continuous archiving.

Related slideshows

Postgresql Database Administration Basic - Day2
Postgresql Database Administration Basic - Day2Postgresql Database Administration Basic - Day2
Postgresql Database Administration Basic - Day2
 
Postgresql Database Administration- Day3
Postgresql Database Administration- Day3Postgresql Database Administration- Day3
Postgresql Database Administration- Day3
 
Postgresql Database Administration Basic - Day1
Postgresql Database Administration Basic - Day1Postgresql Database Administration Basic - Day1
Postgresql Database Administration Basic - Day1
 
1 of 21
PostgreSQL Unleashed Marian Marinov Head of System Operations at Siteground.com
What is this talk about Storage Architecture
Authentication
Commands
Writing Functions
Storage Architecture
File system structure Default directory /var/lib/pgsql/data (PGDATA) / |- postgresql.conf |- pg_hba.conf |- pg_ident.conf |- postmaster.opts |- postmaster.pid |- PG_VERSION |- base per-database subdirectories |- global cluster-wide tables, such as pg_database |- pg_clog transaction commit status data |- pg_multixact multitransaction status data |- pg_stat_tmp temporary files for the statistics subsystem |- pg_subtrans subtransaction status data |- pg_tblspc symbolic links to tablespaces |- pg_twophase state files for prepared transactions |- pg_xlog WAL (Write Ahead Log) files
File system structure Directory representation: base -|- 1 |- 11510 |- 11511 |- 16384 24576 template1=# SELECT datname,datlastsysoid FROM pg_database ; datname | datlastsysoid -----------------+--------------- template1 | 11510 template0 | 11510 postgres | 11510 os | 11510 (5 rows)
File system structure Directory representation: base -|- 11510 -| |- 24765 os# SELECT relname,relfilenode,reltablespace FROM pg_class WHERE relfilenode=24765; Relname | relfilenode | reltablespace -------------+----------------+--------------- disk_io | 24765 | 0 (1 row)
File system structure Table and Indexes are stored in separate files Tables bigger then 1GB are split into different files: filenode.1, filenode.2, ..., filenode.N The 1GB limit can be changed during build using –with-segsize configure option.
DataBase Design DBNAME SCHME OBJECTS(table/view/sequence/domain) database - |- public |- scheme1 - | |- table1 | |- table2 | |- view1 | |- view2 | |- seq1 | seq2 scheme2
Authentication
Authentication pg_hba.conf – Host based authentication pg_ident.conf – Identification information Authentication methods: trust – anyone to any DB
reject – do not allow any connections (useful for filtering)
ident -use the system user name or what identd provided
password – use cleartext passwords
md5 – md5 encrypted passwords
pam – use the Password Authentication Mechanism system
Authentication pg_hba.conf: local database user auth-method [auth-options] host database user CIDR-address auth-method [auth-options] hostssl database user CIDR-address auth-method [auth-options] hostnossl database user CIDR-address auth-method [auth-options] host database user IP-address IP-mask auth-method [auth-options] hostssl database user IP-address IP-mask auth-method [auth-options] hostnossl database user IP-address IP-mask auth-method [auth-options]
Authentication pg_ident.conf: map-name system-username database-username example: # MAPNAME SYSTEM-USERNAME PG-USERNAME omicron bryanh bryanh omicron ann ann # bob has user name robert on these machines omicron robert bob # bryanh can also connect as guest1 omicron bryanh guest1
Permissions Every object has its own privileges: Database privileges

More Related Content

Postgre sql unleashed

  • 1. PostgreSQL Unleashed Marian Marinov Head of System Operations at Siteground.com
  • 2. What is this talk about Storage Architecture
  • 7. File system structure Default directory /var/lib/pgsql/data (PGDATA) / |- postgresql.conf |- pg_hba.conf |- pg_ident.conf |- postmaster.opts |- postmaster.pid |- PG_VERSION |- base per-database subdirectories |- global cluster-wide tables, such as pg_database |- pg_clog transaction commit status data |- pg_multixact multitransaction status data |- pg_stat_tmp temporary files for the statistics subsystem |- pg_subtrans subtransaction status data |- pg_tblspc symbolic links to tablespaces |- pg_twophase state files for prepared transactions |- pg_xlog WAL (Write Ahead Log) files
  • 8. File system structure Directory representation: base -|- 1 |- 11510 |- 11511 |- 16384 24576 template1=# SELECT datname,datlastsysoid FROM pg_database ; datname | datlastsysoid -----------------+--------------- template1 | 11510 template0 | 11510 postgres | 11510 os | 11510 (5 rows)
  • 9. File system structure Directory representation: base -|- 11510 -| |- 24765 os# SELECT relname,relfilenode,reltablespace FROM pg_class WHERE relfilenode=24765; Relname | relfilenode | reltablespace -------------+----------------+--------------- disk_io | 24765 | 0 (1 row)
  • 10. File system structure Table and Indexes are stored in separate files Tables bigger then 1GB are split into different files: filenode.1, filenode.2, ..., filenode.N The 1GB limit can be changed during build using –with-segsize configure option.
  • 11. DataBase Design DBNAME SCHME OBJECTS(table/view/sequence/domain) database - |- public |- scheme1 - | |- table1 | |- table2 | |- view1 | |- view2 | |- seq1 | seq2 scheme2
  • 13. Authentication pg_hba.conf – Host based authentication pg_ident.conf – Identification information Authentication methods: trust – anyone to any DB
  • 14. reject – do not allow any connections (useful for filtering)
  • 15. ident -use the system user name or what identd provided
  • 16. password – use cleartext passwords
  • 17. md5 – md5 encrypted passwords
  • 18. pam – use the Password Authentication Mechanism system
  • 19. Authentication pg_hba.conf: local database user auth-method [auth-options] host database user CIDR-address auth-method [auth-options] hostssl database user CIDR-address auth-method [auth-options] hostnossl database user CIDR-address auth-method [auth-options] host database user IP-address IP-mask auth-method [auth-options] hostssl database user IP-address IP-mask auth-method [auth-options] hostnossl database user IP-address IP-mask auth-method [auth-options]
  • 20. Authentication pg_ident.conf: map-name system-username database-username example: # MAPNAME SYSTEM-USERNAME PG-USERNAME omicron bryanh bryanh omicron ann ann # bob has user name robert on these machines omicron robert bob # bryanh can also connect as guest1 omicron bryanh guest1
  • 21. Permissions Every object has its own privileges: Database privileges
  • 29. Commands Manage users: CREATE ROLE xxx PASSWORD 'string' ALTER ROLE username PASSWORD 'string' ALTER ROLE username SET enable_indexscan TO off ALTER ROLE username RESET varname GRANT CONNECT ON DATABASE 'xxx' TO 'username' GRANT UPDATE ON accounts TO username REVOKE ALL ON accounts FROM PUBLIC DROP ROLE username
  • 30. Commands Manage databases: List all databases: SELECT datname FROM pg_database; Or use from the CLI. Create DB using the default template: CREATE DATABASE name; CREATE DATABASE name OWNER username; # createdb -O rolename dbname Create DB using different templates: CREATE DATABASE dbname TEMPLATE template0; # createdb -T template0 dbname
  • 31. Commands Manage databases: ALTER DATABASE mydb SET geqo TO off; DROP DATABASE name; dropdb dbname Manage tablespaces: CREATE TABLESPACE space1 LOCATION '/mnt/sda1/pgsql/data'; CREATE TABLE foo(i int) TABLESPACE space1; SET default_tablespace = space1; CREATE TABLE foo(i int); SELECT spcname FROM pg_tablespace;
  • 32. Commands Database maintanance: Vaccuming To recover or reuse disk space occupied by updated or deleted rows.
  • 33. To update data statistics used by the PostgreSQL query planner.
  • 34. To protect against loss of very old data due to transaction ID wraparound. Routine Reindexing Log File Maintenance $ pg_ctl start | rotatelogs /var/log/pgsql_log 86400