This section explains how to create, set, and register the primary server instance.
See
Refer to "Client Authentication" in the PostgreSQL Documentation for information on the pg_hba.conf file.
Refer to "A.1 Parameters Set on the Primary Server" for information on the postgresql.conf file.
Refer to "mc_ctl" in Reference for information on the command.
Perform the following procedure:
Refer to "Setup" in the Installation and Setup Guide for Server, and then perform the Fujitsu Enterprise Postgres setup and create the Fujitsu Enterprise Postgres instance.
Use ASCII characters in the data storage destination directory.
Note
If degradation starts occurring due to an error during operations in database multiplexing mode, recovery is required for the standby server. There are some conditions to execute the pg_rewind command to recover the standby server. One of the conditions can be satisfied by enabling checksums when executing the initdb command. This is not mandatory. Refer to "4.1.1.1.3 Identify cause of error and perform recovery" for details.
When using transparent data encryption, configure the encryption settings for the storage data.
If you want to use a file-based keystore, create a keystore file.
If you want to use the key management system as a keystore, set the connection information for the key management system and declare the master encryption key.
Refer to "Protecting Storage Data Using Transparent Data Encryption" or "Using Transparent Data Encryption with Key Management Systems as Keystores" in the Operation Guide for details, and then configure the settings.
Add the following entry to the pg_hba.conf file to authenticate connections from the standby server.
Copy the file to the standby server later.
# TYPE DATABASE USER ADDRESS METHOD host replication fsep standbyServerAddress authenticationMethod host replication fsep primaryServerAddress authenticationMethod
For the primary and standby server addresses, specify the IP address that will connect to the log transfer network.
Additionally, all servers can be used as the primary server or the standby server, so add entries for the addresses of all servers that comprise the database multiplexing system.
Point
Setting an authentication method other than trust authentication
If the primary server becomes the standby server, to perform automatic authentication of connections to the primary server, create the .pgpass file in the home directory of the instance administrator user, and then specify a password for the replication database. Accordingly, the instance administrator operating system user and the user registered in the database will be the same, so you can verify that the connection was not made by an unspecified user. Additionally, the password that was set beforehand will be used in the authentication, so that the connection will be automatic.
Note
If trust authentication is set, all OS users who can log in to the primary server will be able to connect, and if one of these is a malicious user, then that user can corrupt the standby server data, or cause the job system to fail, by sending an erroneous transaction log. Therefore, decide on the authentication method according to the security requirements of the system using database multiplexing mode.
Refer to "Authentication Methods" in the PostgreSQL Documentation for details on the authentication methods that can be set.
Configure this setting to enable the instance administrator user of the primary server to connect as a database application.
This setting enables the connection to the instance using the user name of the instance administrator user, so that Mirroring Controller can monitor instance errors. Configure this setting to enable the connection to the postgres database.
If password authentication is used
In the db_instance_password parameter of the serverIdentifier.conf file, specify the password for the instance administrator user. This password is used to connect to the database instance. If a password is not specified in the db_instance_password parameter, the connection to the database instance from Mirroring Controller will fail, and it will not be possible to perform the process monitoring of the instance.
If password authentication is not used
There is no need to specify the password in the db_instance_password parameter.
Even if the password for the instance administrator user is specified in the db_instance_password parameter, it will be ignored.
If certificate authentication using SSL is used
Specify connection parameters for SSL in the db_instance_ext_ pq_conninfo parameter and db_instance_ext_jdbc_conninfo parameter in the serverIdentifier.conf file. If the pasrameters are not specified, the connection to the database instance from Mirroring Controller will fail, and it will not be possible to perform the process monitoring of the instance. If certificate authentication using SSL is not performed, the parameters specification is not required.
For information about the db_instance_ext_pq_conninfo and db_instance_ext_jdbc_conninfo parameters, refer to "A.4.1 Server Configuration File for the Database Servers".
An example of setting the authentication method is shown below.
# TYPE DATABASE USER ADDRESS METHOD
host postgres fsep 127.0.0.1/32 authenticationMethodNote
Mirroring Controller uses the PostgreSQL JDBC 4.2 driver to connect to the database instance. Therefore, for the authentication method, specify a method supported by the JDBC driver. If an authentication method not supported by the JDBC driver is specified, Mirroring Controller will fail to start. Refer to the PostgreSQL JDBC Driver Documentation for information on authentication methods supported by the JDBC driver.
To use database multiplexing mode, specify the parameters shown in the table below in the postgresql.conf file.
The postgresql.conf file is copied when the standby server instance is created. Accordingly, set the required parameters in the standby server.
To use database multiplexing mode, specify the parameters shown in the table below in the postgresql.conf file. After editing the postgresql.conf file, restart the instance.
Parameter | Content specified | Remarks |
|---|---|---|
wal_level | replica or logical | Specify "logical" when logical decoding is also to be used. |
max_wal_senders | 2 or more | Specify "2" when building a Mirroring Controller cluster system. When additionally connecting asynchronous standby servers to the cluster system, add the number of simultaneous connections from these standby servers. |
synchronous_standby_names | 'standbyServerName' | Specify the name that will identify the standby server. Enclose the name in single quotation marks ('). Do not change this parameter while Mirroring Controller is running. Do not specify multiple names to this parameter as the Mirroring Controller can manage only one standby server. |
synchronized_standby_slots | 'physicalReplicationSlotName' | Specify this parameter if the primary server will be a logical replication publication. Setting this parameter ensures that the subscriber is updated after WAL is sent to the standby server. This allows logical replication to continue if the primary server fails and the standby server is promoted. Do not change this parameter while the Mirroring Controller is running. Because the Mirroring Controller can manage only one standby server, do not specify multiple names for this parameter. |
hot_standby | on | Specify whether queries can be run on the standby server. |
wal_keep_size | WAL save size (megabytes) | If a delay exceeding the value set in this parameter occurs, the WAL segment required later by the primary server may be deleted. Additionally, if you stop a standby server (for maintenance, for example), consider the stop time and set a value that will not cause the WAL segment to be deleted. Refer to "Estimating Transaction Log Space Requirements" in the Installation and Setup Guide for Server for information on estimating the WAL save size. |
wal_log_hints | on | When using the pg_rewind command to recover a standby server, specify this parameter or enable checksums when executing the initdb command. |
wal_sender_timeout | Timeout (milliseconds) | Specify the time period after which it is determined that an error has occurred in the transaction log transfer on the primary server. By aligning this value with the value for the database process heartbeat monitoring time, you can unify the time after which it is determined that an error has occurred. |
archive_mode | on | Specify the archive log mode. |
archive_command | 'installDir/bin/pgx_walcopy.cmd "%p" "backupDataStorageDestinationDirectory/archived_wal/%f"' | Specify the command and storage destination to save the transaction log. |
backup_destination | Backup data storage destination directory | Specify the name of directory where to store the backup data. Set the permissions so that only the instance administrator user can access the specified directory. Specify the same full path on all servers, so that the backup data of other servers can be used to perform recovery. |
max_connections | Number of simultaneous client connections to the instance + superuser_reserved_connections | The value specified is also used to restrict the number of connections from client applications and the number of connections for the management of instances. Refer to "When an Instance was Created with the initdb Command" in the Installation and Setup Guide for Server, and "Connections and Authentication" in the PostgreSQL Documentation, for details. |
superuser_reserved_connections | Add the number of simultaneous executions of mc_ctl status (*1) + 2 | Specify the number of connections reserved for connections from database superusers. Add the number of connections from Mirroring Controller processes. Also reflect the added value in the max_connections parameter. |
wal_receiver_timeout | Timeout (milliseconds) | Specify the time period after which it is determined that an error has occurred when the transaction log was received on the standby server. By aligning this value with the value for the heartbeat monitoring time of the database process, you can unify the time after which it is determined that an error has occurred. |
restart_after_crash | off | If "on" is specified, or the default value is used for this parameter, behavior equivalent to restarting Fujitsu Enterprise Postgres, including crash recovery, will be performed when some server processes end abnormally. However, when database multiplexing monitoring is used, a failover will occur after an error is detected when some server processes end abnormally, and the restart of those server processes is forcibly stopped. Specify "off" to prevent behavior such as this from occurring for no apparent reason. |
synchronous_commit | on or remote_apply | Specify up to what position WAL send is to be performed before transaction commit processing returns a normal termination response to a client. Set "on" or "remote_apply" to prevent data loss caused by operating system or server down immediately after a switch or switch. |
recovery_target_timeline | latest | Specify "latest" so that the new standby server (original primary server) will follow the new primary server when a switch occurs. This parameter is required when the original primary server is incorporated as a new standby server after the primary server is switched. |
*1: Number of simultaneous executions of the mc_ctl command in the status mode.