Project

General

Profile

How To Configure Warm Standby with PITRTools » History » Version 1

Ivan Lezhnjov, 12/04/2012 08:09 AM

1 1 Ivan Lezhnjov
{{toc}}
2
3
h1. How To Configure Warm Standby with PITRTools
4
5
This how-to demonstrates how to configure a warm standby using PostgreSQL 8.4 and PITRtools.
6
7
h1. What Is PITRtools and Why Would You Want To Use It?
8
9
Essentially, PITRtools is a wrapper around standard tools, such as rsync and PostgreSQL's internal functionality, that makes, among other things, creating and managing standby configurations and subsequent failover to a standby a snap.
10
11
With the help of PITRtools you could do more, namely:
12
* secure shipping of log files to configured standby server over SSL protected link;
13
* streaming replication;
14
* enable/disable archiving without the need to restart PostgreSQL;
15
* stay informed by generating alerts based on various levels of severity of events happening during the process on both ends of configuration;
16
* automatically take a base backup, including table spaces, restore archives and purge old ones (if PostgreSQL >8.3);
17
* failover to the latest restore point and point-in-time recovery (restore using timestamps);
18
* etc.
19
20
Obviously, PITRtools attempts to make things simpler, more secure and easier to manage.
21
22
h1. Naming Conventions
23
24
Master server can be referred to also as archiver.
25
Slave is often called standby.
26
27
These names are used interchangeably.
28
29
h1. The Test Setup
30
31
It's a good idea to first setup PITRtools and play with them before you actually go ahead and change configuration of your production servers. To show how PITRtools is configured and work, I'll describe the entire process using a 2 hosts test setup as an example.
32
33
So, there are 2 hosts named @bitarena@ and @bitarena-clone@, both being virtualized instances of Debian Squeeze. I assume you're experienced enough to install Debian yourself and know how to find your way around the system.
34
35
@bitarena@ is designated role of master server aka archiver, @bitarena-clone@ is a slave aka standby server. PITRtools is installed on both hosts, but each host uses different tools from the package.
36
37
38
h1. The Process
39
40
These are major steps in actual order of execution that one would have to follow to get PITRtools-enabled setup running:
41
42
On master server
43
44
		* Turn on archiving
45
		* @cmd_archiver -C $CONFIG -I@
46
47
On slave server
48
49
		* @cmd_standby -C $CONFIG -I@
50
		* @cmd_standby -C $CONFIG -B@
51
		* @cmd_standby -C $CONFIG -S@
52
53
h1. Installing and Configuring PITRtools
54
55
PITRtools project page can be found at https://public.commandprompt.com/projects/pitrtools. Of particular interest is a Wiki page https://public.commandprompt.com/projects/pitrtools/wiki where you can find information on how to obtain PITRtools, other useful notes and links.
56
57
You should use GIT version, because currently tarball offers an outdated version of PITRtools. I was told this is going to be fixed soon, but until then you should rely on the GIT repository. 
58
59
Note that essentially you need to have contents of this repository on both master and slave server. For the sake of brevity, I'm going to show the layout I use only on master server. You would then need to repeat the steps for slave server, because all that is going to change is the host where you clone PITRtools repository to.
60
61
62
<pre>root@bitarena ~/GIT# git clone git://github.com/commandprompt/PITRTools.git
63
Cloning into 'PITRTools'...
64
remote: Counting objects: 284, done.
65
remote: Compressing objects: 100% (183/183), done.
66
remote: Total 284 (delta 182), reused 203 (delta 101)
67
Receiving objects: 100% (284/284), 68.51 KiB, done.
68
Resolving deltas: 100% (182/182), done.
69
root@bitarena ~/GIT# ls
70
PITRTools
71
root@bitarena ~/GIT# cd PITRTools/
72
root@bitarena ~/GIT/PITRTools# ls
73
cmd_archiver             cmd_archiver.README  cmd_standby.ini.sample  cmd_standby.sql
74
cmd_archiver.ini.sample  cmd_standby          cmd_standby.README      cmd_worker.py
75
root@bitarena ~/GIT/PITRTools# mkdir -p /var/lib/postgresql/PITRtools/bin
76
root@bitarena ~/GIT/PITRTools# cp cmd_archiver cmd_standby cmd_worker.py /var/lib/postgresql/PITRtools/bin/
77
root@bitarena ~/GIT/PITRTools# cp *.ini.sample /var/lib/postgresql/PITRtools/
78
root@bitarena ~/GIT/PITRTools# cd /var/lib/postgresql/PITRtools/
79
root@bitarena /var/lib/postgresql/PITRtools# mv cmd_archiver.ini.sample cmd_archiver.ini
80
root@bitarena /var/lib/postgresql/PITRtools# mv cmd_standby.ini.sample cmd_standby.ini
81
root@bitarena /var/lib/postgresql/PITRtools# cd ~/GIT/PITRtools/
82
root@bitarena ~/GIT/PITRTools# chown -R postgres.postgres /var/lib/postgresql/PITRtools
83
root@bitarena:~#</pre>
84
85
h1. SSH Key-based Login for PITRtools
86
87
PITRtools relies on rsync and SSH heavily to do its work, e.g. making a base backup and shipping WAL log files from master to slave server -- all that happens over an SSL-protected communication channel. This is the area where PITRtools makes one's life easier, because otherwise you'd have to find a way to copy log files to a slave server somehow (most likely it would be some sort of networking mount point).
88
89
Therefore one of the prerequisites is to configure SSH key-based logins between the two hosts for postgres system user that don't require a password or a passphrase.
90
91
*Master*
92
<pre>root@bitarena:~# su - postgres
93
94
postgres@bitarena:~$ ssh-keygen -t rsa
95
... 
96
postgres@bitarena:~$ ls -la /var/lib/postgresql/.ssh/
97
total 16
98
drwx------ 2 postgres postgres 4096 Sep 28 09:17 .
99
drwxr-xr-x 5 postgres postgres 4096 Sep 28 09:17 ..
100
-rw------- 1 postgres postgres 1675 Sep 28 09:17 id_rsa
101
-rw-r--r-- 1 postgres postgres  399 Sep 28 09:17 id_rsa.pub
102
postgres@bitarena:~#
103
</pre>
104
105
*Slave*
106
<pre>root@bitarena-clone:~# su - postgres
107
postgres@bitarena-clone:~$ ssh-keygen -t rsa
108
... </pre>
109
110
Answer all the questions and ssh-keygen will create both private and public (*.pub file) RSA keys. For now just create the key pair, one on on each host (master and slave). When done, proceed to exchanging public keys between the hosts like this:
111
112
*Master*
113
<pre>postgres@bitarena:~$ exit
114
root@bitarena:~# scp /var/lib/postgresql/.ssh/id_rsa.pub root@bitarena-clone:/var/lib/postgresql/.ssh/authorized_keys2
115
root@bitarena-clone's password: 
116
id_rsa.pub                                                                               100%  399     0.4KB/s   00:00
117
root@bitarena:~#</pre>
118
119
This will copy postgres system user's public SSH key on master to standby into a file authorized_keys2, which will allow postgres on master to login to slave host without a password and also in a secure fashion.
120
121
Here we check that authorized_keys2 has indeed been created on slave host, and we also set correct ownership information for the file.
122
123
*Slave*
124
<pre>root@bitarena-clone:~# ls -la /var/lib/postgresql/.ssh/
125
total 20
126
drwx------ 2 postgres postgres 4096 Sep 28 09:30 .
127
drwxr-xr-x 5 postgres postgres 4096 Sep 28 09:23 ..
128
-rw-r--r-- 1 root     root      399 Sep 28 09:30 authorized_keys2
129
-rw------- 1 postgres postgres 1675 Sep 28 09:23 id_rsa
130
-rw-r--r-- 1 postgres postgres  405 Sep 28 09:23 id_rsa.pub
131
root@bitarena-clone:~# chown postgres.postgres /var/lib/postgresql/.ssh/authorized_keys2
132
root@bitarena:~#</pre>
133
134
Now, to check if it actually works we go back to master server, become postgres user and try to log into slave. As you can see RSA key is used this time and no password is prompted for. This is exactly what we need to make sure is configured on both hosts for PITRtools to work properly.
135
136
*Master*
137
<pre>root@bitarena:~# su - postgres
138
139
postgres@bitarena:~$ ssh bitarena-clone
140
The authenticity of host 'bitarena-clone (10.0.3.3)' can't be established.
141
RSA key fingerprint is dd:78:8e:fb:d6:c4:25:88:d9:57:b4:fb:49:22:de:de.
142
Are you sure you want to continue connecting (yes/no)? yes
143
Warning: Permanently added 'bitarena-clone,10.0.3.3' (RSA) to the list of known hosts.
144
Linux bitarena 2.6.32-5-686 #1 SMP Sun May 6 04:01:19 UTC 2012 i686
145
146
The programs included with the Debian GNU/Linux system are free software;
147
the exact distribution terms for each program are described in the
148
individual files in /usr/share/doc/*/copyright.
149
150
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
151
permitted by applicable law.
152
postgres@bitarena-clone:~$ exit
153
logout
154
Connection to bitarena-clone closed.
155
root@bitarena:~#</pre>
156
157
158
Remember that this has been done on master server only. In a similar manner, you should take care of the slave host. The steps are identical, you just copy *.pub file to a master host and do the rest as described above.
159
160
It's worth noting that PITRtools runs some actions remotely. For example, when a base backup action is run on a slave host, cmd_standby script establishes SSH session to a master host and runs various psql commands to deal with checkpoints, copy log files, etc. This also requires PostgreSQL user password to access the database, and it is often needed to be entered 4 and more times for a base backup action to complete. 
161
162
Once you played around with PITRtools enough to get hang of things, you could avoid having to enter password manually each time by either using .pgpass file (which is a "standard feature of PostgreSQL":http://www.postgresql.org/docs/8.4/static/libpq-pgpass.html) or make sure there's a "trust relationship configured for localhost in pg_hba.conf file":http://www.postgresql.org/docs/8.4/static/auth-methods.html.
163
164
In the console output examples you're going to see below I entered password manually, but this, of course, is really inconvenient in production environment.
165
166
167
h1. Master Configuration File
168
169
Sample configuration files are pretty good as they are with the defaults they come. Chances are you're not going to change a lot in there. Make sure you read all *.README files, though, because they contain helpful extra information about PITRtools and configuration parameters that will help you decide how to best configure your servers.
170
171
We start with the master host by editing PITRtools configuration file for master/archiver.
172
173
*Master*
174
<pre>postgres@bitarena:~$ vim PITRtools/cmd_archiver.ini
175
	
176
	[DEFAULT]
177
	; online or offline
178
	state: online					
179
	
180
	; The base database directory
181
	
182
	pgdata: /var/lib/postgresql/8.4/main
183
	
184
	; where to remotely copy archives
185
	r_archivedir: /var/lib/postgresql/archive
186
	
187
	; where to locally copy archives
188
	l_archivedir: /var/lib/postgresql/archive
189
	
190
	; where is rsync				
191
	rsync_bin: /usr/bin/rsync			
192
	
193
	; extra rsync flags
194
	rsync_flags: -z
195
	
196
	; option 2 or 3, if running RHEL5 or similar it is likely 2
197
	; if you are running something that ships remotely modern software
198
	; it will be 3
199
	
200
	rsync_version = 3
201
	
202
	; IP of slave					
203
	slaves: bitarena-clone
204
	
205
	; the user that will be using scp				
206
	user: postgres				
207
	
208
	; if scp can't connect in 10 seconds error
209
	ssh_timeout: 10
210
	
211
	; command to process in ok					
212
	notify_ok: echo OK
213
	
214
	; command to process in warning
215
	notify_warning:  echo WARNING
216
	
217
	; command to process in critical
218
	notify_critical: echo CRITICAL
219
	
220
	; if you want to debug on/off only		 	
221
	debug: on
222
	
223
	; if you want ssh debug (warning noisy)
224
	ssh_debug: off
225
</pre>
226
227
228
Note that you can use domain names instead of IP addresses for slaves: parameter, it works either way just fine. You might also want to turn debugging on while you're learning PITRtools. It helps to see what software does, if you try to understand better how it works.
229
230
231
h1. Turn On and Configure Archiving
232
233
When your master configuration file has been created, we need to turn on archiving functionality in PostgreSQL. This is purely a PostgreSQL feature, but we can also take advantage of using PITRtools thanks to flexible design of PostgreSQL.