diff --git a/docs/solutions/pgbackrest.md b/docs/solutions/pgbackrest.md index bf4cc8287..62aa9cc6e 100644 --- a/docs/solutions/pgbackrest.md +++ b/docs/solutions/pgbackrest.md @@ -1,17 +1,23 @@ # pgBackRest setup -pgBackRest is the backup tool used to perform Postgres database backup, restoration, and point-in-time recovery. It is a server-client application, where the server runs on a dedicated host and a client runs on every PostgreSQL node. +[pgBackRest](https://pgbackrest.org/) is a backup tool used to perform PostgreSQL database backup, archiving, restoration, and point-in-time recovery. While it can be used for local backups, this procedure shows how to deploy a [pgBackRest server running on a dedicated host](https://pgbackrest.org/user-guide-rhel.html#repo-host) and how to configure PostgreSQL servers to use it for backups and archiving. You also need a backup storage to store the backups. It can either be a remote storage such as AWS S3, S3-compatible storages or Azure blob storage, or a filesystem-based one. ## Configure backup server +To make things easier when working with some templates, run the commands below as the root user. Run the following command to switch to the root user: + +```{.bash data-prompt="$"} +$ sudo su - +``` + ### Install pgBackRest 1. Enable the repository with [percona-release](https://www.percona.com/doc/percona-repo-config/index.html) ```{.bash data-prompt="$"} - $ sudo percona-release setup ppg-11 + $ percona-release setup ppg-{{pgversion}} ``` 2. Install pgBackRest package @@ -19,123 +25,261 @@ You also need a backup storage to store the backups. It can either be a remote s === "Debian/Ubuntu" ```{.bash data-prompt="$"} - $ sudo apt install percona-pgbackrest + $ apt install percona-pgbackrest ``` === "RHEL/derivatives" ```{.bash data-prompt="$"} - $ sudo yum install percona-pgbackrest + $ yum install percona-pgbackrest ``` ### Create the configuration file 1. Create environment variables to simplify the config file creation: - ```bash + ```{.bash data-prompt="$"} export SRV_NAME="bkp-srv" export NODE1_NAME="node-1" export NODE2_NAME="node-2" export NODE3_NAME="node-3" + export CA_PATH="/etc/ssl/certs/pg_ha" ``` -2. Create the `pgBackRest` repository +2. Create the `pgBackRest` repository, *if necessary* + + A repository is where `pgBackRest` stores backups. In this example, the backups will be saved to `/var/lib/pgbackrest`. - A repository is where `pgBackRest` stores backups. In this example, the backups will be saved to `/var/lib/pgbackrest` + This directory is usually created during pgBackRest's installation process. If it's not there already, create it as follows: ```{.bash data-prompt="$"} - $ sudo mkdir -p /var/lib/pgbackrest - $ sudo chmod 750 /var/lib/pgbackrest - $ sudo chown postgres:postgres /var/lib/pgbackrest + $ mkdir -p /var/lib/pgbackrest + $ chmod 750 /var/lib/pgbackrest + $ chown postgres:postgres /var/lib/pgbackrest ``` -3. The default pgBackRest configuration file location is `/etc/pgbackrest/pgbackrest.conf`. If it does not exist, then `/etc/pgbackrest.conf` is used next. Edit the `pgbackrest.conf` file to include the following configuration: +3. The default `pgBackRest` configuration file location is `/etc/pgbackrest/pgbackrest.conf`, but some systems continue to use the old path, `/etc/pgbackrest.conf`, which remains a valid alternative. If the former is not present in your system, create the latter. + Access the file's parent directory (either `cd /etc/` or `cd /etc/pgbackrest/`), and make a backup copy of it: + + ```{.bash data-prompt="$"} + $ cp pgbackrest.conf pgbackrest.conf.bak ``` - [global] - - # Server repo details - repo1-path=/var/lib/pgbackrest - - ### Retention ### - # - repo1-retention-archive-type - # - If set to full pgBackRest will keep archive logs for the number of full backups defined by repo-retention-archive - repo1-retention-archive-type=full - - # repo1-retention-archive - # - Number of backups worth of continuous WAL to retain - # - NOTE: WAL segments required to make a backup consistent are always retained until the backup is expired regardless of how this option is configured - # - If this value is not set and repo-retention-full-type is count (default), then the archive to expire will default to the repo-retention-full - # repo1-retention-archive=2 - - # repo1-retention-full - # - Full backup retention count/time. - # - When a full backup expires, all differential and incremental backups associated with the full backup will also expire. - # - When the option is not defined a warning will be issued. - # - If indefinite retention is desired then set the option to the max value. - repo1-retention-full=4 - - # Server general options - process-max=12 - log-level-console=info - #log-level-file=debug - log-level-file=info - start-fast=y - delta=y - backup-standby=y - - ########## Server TLS options ########## - tls-server-address=* - tls-server-cert-file=/pg_ha/certs/${SRV_NAME}.crt - tls-server-key-file=/pg_ha/certs/${SRV_NAME}.key - tls-server-ca-file=/pg_ha/certs/ca.crt - - ### Auth entry ### - tls-server-auth=${NODE1_NAME}=cluster_1 - tls-server-auth=${NODE2_NAME}=cluster_1 - tls-server-auth=${NODE3_NAME}=cluster_1 - - ### Clusters and nodes ### - [cluster_1] - pg1-host=${NODE1_NAME} - pg1-host-port=8432 - pg1-port=5432 - pg1-path=/var/lib/postgresql/11/ - pg1-host-type=tls - pg1-host-cert-file=/pg_ha/certs/${SRV_NAME}.crt - pg1-host-key-file=/pg_ha/certs/${SRV_NAME}.key - pg1-host-ca-file=/pg_ha/certs/ca.crt - pg1-socket-path=/var/run/postgresql - - - pg2-host=${NODE2_NAME} - pg2-host-port=8432 - pg2-port=5432 - pg2-path=/var/lib/postgresql/11/ - pg2-host-type=tls - pg2-host-cert-file=/pg_ha/certs/${SRV_NAME}.crt - pg2-host-key-file=/pg_ha/certs/${SRV_NAME}.key - pg2-host-ca-file=/pg_ha/certs/ca.crt - pg2-socket-path=/var/run/postgresql - - pg3-host=${NODE3_NAME} - pg3-host-port=8432 - pg3-port=5432 - pg3-path=/var/lib/postgresql/11/ - pg3-host-type=tls - pg3-host-cert-file=/pg_ha/certs/${SRV_NAME}.crt - pg3-host-key-file=/pg_ha/certs/${SRV_NAME}.key - pg3-host-ca-file=/pg_ha/certs/ca.crt - pg3-socket-path=/var/run/postgresql + + Then use the following command to create a basic configuration file using the environment variables we created in a previous step: + + === "Debian/Ubuntu" + + ``` + cat < pgbackrest.conf + [global] + + # Server repo details + repo1-path=/var/lib/pgbackrest + + ### Retention ### + # - repo1-retention-archive-type + # - If set to full pgBackRest will keep archive logs for the number of full backups defined by repo-retention-archive + repo1-retention-archive-type=full + + # repo1-retention-archive + # - Number of backups worth of continuous WAL to retain + # - NOTE: WAL segments required to make a backup consistent are always retained until the backup is expired regardless of how this option is configured + # - If this value is not set and repo-retention-full-type is count (default), then the archive to expire will default to the repo-retention-full + # repo1-retention-archive=2 + + # repo1-retention-full + # - Full backup retention count/time. + # - When a full backup expires, all differential and incremental backups associated with the full backup will also expire. + # - When the option is not defined a warning will be issued. + # - If indefinite retention is desired then set the option to the max value. + repo1-retention-full=4 + + # Server general options + process-max=12 + log-level-console=info + #log-level-file=debug + log-level-file=info + start-fast=y + delta=y + backup-standby=y + + ########## Server TLS options ########## + tls-server-address=* + tls-server-cert-file=${CA_PATH}/${SRV_NAME}.crt + tls-server-key-file=${CA_PATH}/${SRV_NAME}.key + tls-server-ca-file=${CA_PATH}/ca.crt + + ### Auth entry ### + tls-server-auth=${NODE1_NAME}=cluster_1 + tls-server-auth=${NODE2_NAME}=cluster_1 + tls-server-auth=${NODE3_NAME}=cluster_1 + + ### Clusters and nodes ### + [cluster_1] + pg1-host=${NODE1_NAME} + pg1-host-port=8432 + pg1-port=5432 + pg1-path=/var/lib/postgresql/{{pgversion}}/main + pg1-host-type=tls + pg1-host-cert-file=${CA_PATH}/${SRV_NAME}.crt + pg1-host-key-file=${CA_PATH}/${SRV_NAME}.key + pg1-host-ca-file=${CA_PATH}/ca.crt + pg1-socket-path=/var/run/postgresql + + pg2-host=${NODE2_NAME} + pg2-host-port=8432 + pg2-port=5432 + pg2-path=/var/lib/postgresql/{{pgversion}}/main + pg2-host-type=tls + pg2-host-cert-file=${CA_PATH}/${SRV_NAME}.crt + pg2-host-key-file=${CA_PATH}/${SRV_NAME}.key + pg2-host-ca-file=${CA_PATH}/ca.crt + pg2-socket-path=/var/run/postgresql + + pg3-host=${NODE3_NAME} + pg3-host-port=8432 + pg3-port=5432 + pg3-path=/var/lib/postgresql/{{pgversion}}/main + pg3-host-type=tls + pg3-host-cert-file=${CA_PATH}/${SRV_NAME}.crt + pg3-host-key-file=${CA_PATH}/${SRV_NAME}.key + pg3-host-ca-file=${CA_PATH}/ca.crt + pg3-socket-path=/var/run/postgresql + EOF + ``` + + === "RHEL/derivatives" + + ``` + cat < pgbackrest.conf + [global] + + # Server repo details + repo1-path=/var/lib/pgbackrest + + ### Retention ### + # - repo1-retention-archive-type + # - If set to full pgBackRest will keep archive logs for the number of full backups defined by repo-retention-archive + repo1-retention-archive-type=full + + # repo1-retention-archive + # - Number of backups worth of continuous WAL to retain + # - NOTE: WAL segments required to make a backup consistent are always retained until the backup is expired regardless of how this option is configured + # - If this value is not set and repo-retention-full-type is count (default), then the archive to expire will default to the repo-retention-full + # repo1-retention-archive=2 + + # repo1-retention-full + # - Full backup retention count/time. + # - When a full backup expires, all differential and incremental backups associated with the full backup will also expire. + # - When the option is not defined a warning will be issued. + # - If indefinite retention is desired then set the option to the max value. + repo1-retention-full=4 + + # Server general options + process-max=12 + log-level-console=info + #log-level-file=debug + log-level-file=info + start-fast=y + delta=y + backup-standby=y + + ########## Server TLS options ########## + tls-server-address=* + tls-server-cert-file=${CA_PATH}/${SRV_NAME}.crt + tls-server-key-file=${CA_PATH}/${SRV_NAME}.key + tls-server-ca-file=${CA_PATH}/ca.crt + + ### Auth entry ### + tls-server-auth=${NODE1_NAME}=cluster_1 + tls-server-auth=${NODE2_NAME}=cluster_1 + tls-server-auth=${NODE3_NAME}=cluster_1 + + ### Clusters and nodes ### + [cluster_1] + pg1-host=${NODE1_NAME} + pg1-host-port=8432 + pg1-port=5432 + pg1-path=/var/lib/pgsql/{{pgversion}}/data + pg1-host-type=tls + pg1-host-cert-file=${CA_PATH}/${SRV_NAME}.crt + pg1-host-key-file=${CA_PATH}/${SRV_NAME}.key + pg1-host-ca-file=${CA_PATH}/ca.crt + pg1-socket-path=/var/run/postgresql + + pg2-host=${NODE2_NAME} + pg2-host-port=8432 + pg2-port=5432 + pg2-path=/var/lib/pgsql/{{pgversion}}/data + pg2-host-type=tls + pg2-host-cert-file=${CA_PATH}/${SRV_NAME}.crt + pg2-host-key-file=${CA_PATH}/${SRV_NAME}.key + pg2-host-ca-file=${CA_PATH}/ca.crt + pg2-socket-path=/var/run/postgresql + + pg3-host=${NODE3_NAME} + pg3-host-port=8432 + pg3-port=5432 + pg3-path=/var/lib/pgsql/{{pgversion}}/data + pg3-host-type=tls + pg3-host-cert-file=${CA_PATH}/${SRV_NAME}.crt + pg3-host-key-file=${CA_PATH}/${SRV_NAME}.key + pg3-host-ca-file=${CA_PATH}/ca.crt + pg3-socket-path=/var/run/postgresql + EOF + ``` + + *NOTE*: The option `backup-standby=y` above indicates the backups should be taken from a standby server. If you are operating with a primary only, or if your secondaries are not configured with `pgBackRest`, set this option to `n`. + +### Create the certificate files + +1. Create the folder to store the certificates: + + ```{.bash data-prompt="$"} + $ mkdir -p ${CA_PATH} ``` + +2. Create the certificates and keys -4. Create the `systemd` unit file at the path `/etc/systemd/system/pgbackrest.service` + ```{.bash data-prompt="$"} + $ openssl req -new -x509 -days 365 -nodes -out ${CA_PATH}/ca.crt -keyout ${CA_PATH}/ca.key -subj "/CN=root-ca" + ``` + +3. Create the certificate for the backup and the PostgreSQL servers + + ```{.bash data-prompt="$"} + $ for node in ${SRV_NAME} ${NODE1_NAME} ${NODE2_NAME} ${NODE3_NAME} + do + openssl req -new -nodes -out ${CA_PATH}/$node.csr -keyout ${CA_PATH}/$node.key -subj "/CN=$node"; + done + ``` + +4. Sign the certificates with the `root-ca` key + + ```{.bash data-prompt="$"} + $ for node in ${SRV_NAME} ${NODE1_NAME} ${NODE2_NAME} ${NODE3_NAME} + do + openssl x509 -req -in ${CA_PATH}/$node.csr -days 365 -CA ${CA_PATH}/ca.crt -CAkey ${CA_PATH}/ca.key -CAcreateserial -out ${CA_PATH}/$node.crt; + done + ``` + +5. Remove temporary files, set ownership of the remaining files to the `postgres` user, and restrict their access: + + ```{.bash data-prompt="$"} + $ rm -f ${CA_PATH}/*.csr + $ chown postgres:postgres -R ${CA_PATH} + $ chmod 0600 ${CA_PATH}/* + ``` + +### Create the `pgbackrest` daemon service + +1. Create the `systemd` unit file at the path `/etc/systemd/system/pgbackrest.service` ```ini title="/etc/systemd/system/pgbackrest.service" [Unit] Description=pgBackRest Server After=network.target - StartLimitIntervalSec=0 [Service] Type=simple @@ -150,109 +294,122 @@ You also need a backup storage to store the backups. It can either be a remote s [Install] WantedBy=multi-user.target ``` + +2. Reload, start, and enable the service -### Create the certificate files - -1. Create the folder where to store the certificates. For example, `/pg_ha/certs` - -2. Define the variable for the certificates path: - - ```bash - export CA_PATH="/pg_ha/certs" + ```{.bash data-prompt="$"} + $ systemctl daemon-reload + $ systemctl start pgbackrest.service + $ systemctl enable pgbackrest.service ``` -3. Create the certificates and keys +## Configure database servers - ```{.bash data-prompt="$"} - $ sudo -iu postgres openssl req -new -x509 -days 365 -nodes -out ${CA_PATH}/ca.crt -keyout ${CA_PATH}/ca.key -subj "/CN=root-ca" - ``` +Run the following commands on `node1`, `node2`, and `node3`. -4. Create the certificate for the backup server +1. Install pgBackRest package - ```{.bash data-prompt="$"} - $ sudo -iu postgres openssl req -new -nodes -out ${CA_PATH}/${SRV_NAME}.csr -keyout ${CA_PATH}/${SRV_NAME}.key -subj "/CN=${SRV_NAME}" - ``` + === "Debian/Ubuntu" -5. Create the certificates for each node: `node1`, `node2`, `node3` + ```{.bash data-prompt="$"} + $ apt install percona-pgbackrest + ``` - ```{.bash data-prompt="$"} - $ sudo -iu postgres openssl req -new -nodes -out ${CA_PATH}/${NODE1_NAME}.csr -keyout ${CA_PATH}/${NODE1_NAME}.key -subj "/CN=${NODE1_NAME}" - $ sudo -iu postgres openssl req -new -nodes -out ${CA_PATH}/${NODE2_NAME}.csr -keyout ${CA_PATH}/${NODE2_NAME}.key -subj "/CN=${NODE2_NAME}" - $ sudo -iu postgres openssl req -new -nodes -out ${CA_PATH}/${NODE3_NAME}.csr -keyout ${CA_PATH}/${NODE3_NAME}.key -subj "/CN=${NODE3_NAME}" - ``` + === "RHEL/derivatives" -6. Sign the certificates with the `root-ca` key + ```{.bash data-prompt="$"} + $ yum install percona-pgbackrest + ``` + +2. Export environment variables to simplify the config file creation: ```{.bash data-prompt="$"} - $ sudo -iu postgres openssl x509 -req -in ${CA_PATH}/${SRV_NAME}.csr -days 365 -CA ${CA_PATH}/ca.crt -CAkey ${CA_PATH}/ca.key -CAcreateserial -out ${CA_PATH}/${SRV_NAME}.crt - $ sudo -iu postgres openssl x509 -req -in ${CA_PATH}/${NODE1_NAME}.csr -days 365 -CA ${CA_PATH}/ca.crt -CAkey ${CA_PATH}/ca.key -CAcreateserial -out ${CA_PATH}/${NODE1_NAME}.crt - $ sudo -iu postgres openssl x509 -req -in ${CA_PATH}/${NODE2_NAME}.csr -days 365 -CA ${CA_PATH}/ca.crt -CAkey ${CA_PATH}/ca.key -CAcreateserial -out ${CA_PATH}/${NODE2_NAME}.crt - $ sudo -iu postgres openssl x509 -req -in ${CA_PATH}/${NODE3_NAME}.csr -days 365 -CA ${CA_PATH}/ca.crt -CAkey ${CA_PATH}/ca.key -CAcreateserial -out ${CA_PATH}/${NODE3_NAME}.crt + $ export NODE_NAME=`hostname -f` + $ export SRV_NAME="bkp-srv" + $ export CA_PATH="/etc/ssl/certs/pg_ha" ``` - -7. Remove temporary files + +3. Create the certificates folder: ```{.bash data-prompt="$"} - $ rm ${CA_PATH}/*.csr - ``` + $ mkdir -p ${CA_PATH} + ``` -8. Reload, enable, and start the service +4. Copy the `.crt`, `.key` certificate files and the `ca.crt` file from the backup server where they were created to every respective node. Then change the ownership to the `postgres` user and restrict their access. Use the following commands to achieve this: ```{.bash data-prompt="$"} - $ sudo systemctl daemon-reload - $ sudo systemctl enable --now pgbackrest + $ scp ${SRV_NAME}:${CA_PATH}/{$NODE_NAME.crt,$NODE_NAME.key,ca.crt} ${CA_PATH}/ + $ chown postgres:postgres -R ${CA_PATH} + $ chmod 0600 ${CA_PATH}/* ``` + +5. Edit or create the configuration file which, as explained above, can be either at the `/etc/pgbackrest/pgbackrest.conf` or `/etc/pgbackrest.conf` path: -## Configure database servers + === "Debian/Ubuntu" -Run the following command on `node1`, `node2` and `node3`. + ```ini title="pgbackrest.conf" + cat < pgbackrest.conf + [global] + repo1-host=${SRV_NAME} + repo1-host-user=postgres + repo1-host-type=tls + repo1-host-cert-file=${CA_PATH}/${NODE_NAME}.crt + repo1-host-key-file=${CA_PATH}/${NODE_NAME}.key + repo1-host-ca-file=${CA_PATH}/ca.crt -1. Create the certificates folder. For example, `/pg_ha/certs` - - ```{.bash data-prompt="$"} - $ sudo mkdir -p /pg_ha/certs - ``` + # general options + process-max=16 + log-level-console=info + log-level-file=debug + + # tls server options + tls-server-address=* + tls-server-cert-file=${CA_PATH}/${NODE_NAME}.crt + tls-server-key-file=${CA_PATH}/${NODE_NAME}.key + tls-server-ca-file=${CA_PATH}/ca.crt + tls-server-auth=${SRV_NAME}=cluster_1 + + [cluster_1] + pg1-path=/var/lib/postgresql/{{pgversion}}/main + EOF + ``` -2. Export environment variables to simplify config file creation - ```bash - export NODE_NAME=`hostname -f` - ``` + === "RHEL/derivatives" -3. Create the configuration file. The default path is `/etc/pgbackrest.conf` - - ```ini title="/etc/pgbackrest.conf" - [global] - repo1-host=bkp-srv - repo1-host-user=postgres - repo1-host-type=tls - repo1-host-cert-file=/pg_ha/certs/${NODE_NAME}.crt - repo1-host-key-file=/pg_ha/certs/${NODE_NAME}.key - repo1-host-ca-file=/pg_ha/certs/ca.crt - - # general options - process-max=16 - log-level-console=info - log-level-file=debug - - # tls server options - tls-server-address=* - tls-server-cert-file=/pg_ha/certs/${NODE_NAME}.crt - tls-server-key-file=/pg_ha/certs/${NODE_NAME}.key - tls-server-ca-file=/pg_ha/certs/ca.crt - tls-server-auth=bkp-srv=cluster_1 - - [cluster_1] - pg1-path=/var/lib/postgresql/11 - ``` + ```ini title="pgbackrest.conf" + cat < pgbackrest.conf + [global] + repo1-host=${SRV_NAME} + repo1-host-user=postgres + repo1-host-type=tls + repo1-host-cert-file=${CA_PATH}/${NODE_NAME}.crt + repo1-host-key-file=${CA_PATH}/${NODE_NAME}.key + repo1-host-ca-file=${CA_PATH}/ca.crt + + # general options + process-max=16 + log-level-console=info + log-level-file=debug + + # tls server options + tls-server-address=* + tls-server-cert-file=${CA_PATH}/${NODE_NAME}.crt + tls-server-key-file=${CA_PATH}/${NODE_NAME}.key + tls-server-ca-file=${CA_PATH}/ca.crt + tls-server-auth=${SRV_NAME}=cluster_1 + + [cluster_1] + pg1-path=/var/lib/pgsql/{{pgversion}}/data + EOF + ``` -4. Create the `systemd` unit file at the path `/etc/systemd/system/pgbackrest.service` +6. Create the pgbackrest `systemd` unit file at the path `/etc/systemd/system/pgbackrest.service` ```ini title="/etc/systemd/system/pgbackrest.service" [Unit] Description=pgBackRest Server After=network.target - StartLimitIntervalSec=0 [Service] Type=simple @@ -268,45 +425,69 @@ Run the following command on `node1`, `node2` and `node3`. WantedBy=multi-user.target ``` -5. Reload, enable, and start the service +7. Reload, start, and enable the service ```{.bash data-prompt="$"} - $ sudo systemctl daemon-reload - $ sudo systemctl enable --now pgbackrest + $ systemctl daemon-reload + $ systemctl start pgbackrest + $ systemctl enable pgbackrest ``` -6. Change Patroni configuration to use pgBackRest. Run this command on one node only, for example, on `node1`. Edit the `/etc/patroni/patroni.yml` file : - - ```yaml title="/etc/patroni/patroni.yml" - loop_wait: 10 - maximum_lag_on_failover: 1048576 - postgresql: - parameters: - archive_command: pgbackrest --stanza=cluster_1 archive-push "/var/lib/postgresql/15/main/pg_wal/%f" - archive_mode: true - archive_timeout: 1800s - hot_standby: true - logging_collector: 'on' - max_replication_slots: 10 - max_wal_senders: 5 - wal_keep_size: 4096 - wal_level: logical - wal_log_hints: true - recovery_conf: - recovery_target_timeline: latest - restore_command: pgbackrest --config=/etc/pgbackrest.conf --stanza=cluster_1 archive-get %f "%p" - use_pg_rewind: true - use_slots: true - retry_timeout: 10 - slots: - percona_cluster_1: - type: physical - ttl: 30 + The pgBackRest daemon listens on port `8432` by default: + + ```{.bash data-prompt="$"} + $ netstat -taunp + Active Internet connections (servers and established) + Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name + tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd + tcp 0 0 0.0.0.0:8432 0.0.0.0:* LISTEN 40224/pgbackrest ``` +8. If you are using Patroni, change its configuration to use `pgBackRest` for archiving and restoring WAL files. Run this command only on one node, for example, on `node1`: + + ```{.bash data-prompt="$"} + $ patronictl -c /etc/patroni/patroni.yml edit-config + ``` + + === "Debian/Ubuntu" + + ```yaml title="/etc/patroni/patroni.yml" + postgresql: + (...) + parameters: + (...) + archive_command: pgbackrest --stanza=cluster_1 archive-push /var/lib/postgresql/{{pgversion}}/main/pg_wal/%f + (...) + recovery_conf: + (...) + restore_command: pgbackrest --config=/etc/pgbackrest.conf --stanza=cluster_1 archive-get %f %p + (...) + ``` + + === "RHEL/derivatives" + + ```yaml title="/etc/patroni/patroni.yml" + postgresql: + (...) + parameters: + archive_command: pgbackrest --stanza=cluster_1 archive-push /var/lib/pgsql/{{pgversion}}/data/pg_wal/%f + (...) + recovery_conf: + restore_command: pgbackrest --config=/etc/pgbackrest.conf --stanza=cluster_1 archive-get %f %p + (...) + ``` + + Reload the changed configurations: + + ```{.bash data-prompt="$"} + $ patronictl -c /etc/patroni/postgresql.yml reload + ``` + + :material-information: Note: When configuring a PostgreSQL server that is not managed by Patroni to archive/restore WALs from the `pgBackRest` server, edit the server's main configuration file directly and adjust the `archive_command` and `restore_command` variables as shown above. + ## Create backups -Run the following commands on the **backup server** +Run the following commands on the **backup server**: 1. Create the stanza. A stanza is the configuration for a PostgreSQL database cluster that defines where it is located, how it will be backed up, archiving options, etc. @@ -320,22 +501,16 @@ Run the following commands on the **backup server** $ sudo -iu postgres pgbackrest --stanza=cluster_1 --type=full backup ``` -3. Create an incremental backup - - ```{.bash data-prompt="$"} - $ sudo -iu postgres pgbackrest --stanza=cluster_1 --type=incr backup - ``` - -4. Check backup info +3. Check backup info ```{.bash data-prompt="$"} $ sudo -iu postgres pgbackrest --stanza=cluster_1 info ``` -5. Expire (remove) a backup. Be careful with removal, because removing a full backup also removes dependent incremental backups +4. Expire (remove) a backup: ```{.bash data-prompt="$"} - $ sudo -iu postgres pgbackrest --stanza=cluster_1 expire --set=20230617-021338F + $ sudo -iu postgres pgbackrest --stanza=cluster_1 expire --set= ``` [Test PostgreSQL cluster](ha-test.md){.md-button} \ No newline at end of file