PostGreSQL Jail in FreeBSD 7.0

We create open-source because we love it, and we share our finding so everyone else can benefit as well.

freebsd

PostGreSQL Jail in FreeBSD 7.0

Since the release of FreeBSD 7.0 many things have been changed to allow PostGres to run better than any other database under FreeBSD. To take advantage of this, I’ll show how to setup a PostGreSQL jail in FreeBSD. Of course, the same method is used to install on your main system as well.

Preparing the Kernel

First off, we need to compile our kernel with a few different options to support a PostGreSQL jail.

# Shared Memory
options         SHMMAXPGS=400000  # Maximum size of shared memory segment (in pages)
options         SHMSEC=512    # Maximum number of shared memory segments per process
options         SEMMNI=512    # Maximum number of semaphore identifiers
options         SEMMNS=1024   # Maximum number of semaphores system-wide
options         SEMUME=200    # Maximum number of undo entries per process
options         SEMMNU=512    # number of undo structures in system

You may notice later that after installing PostGreSQL, it will mention the same thing, but with lesser amounts. Using the amounts given by the port won’t allow as many connections, and is optimized for a system with roughly around 256M of memory. The system I’m building this how-to around has over 2 gigabytes of RAM, and allocating 1.6 gigabytes for PostGreSQL in shared memory. If you are using less, you might want to divide SHMMAXPGS accordingly. The others, if you are using one gigabyte total, you might cut those in half. Keep in mind, this setup is fairly light on the server, considering it’s not meant to be a full-fledged PostGreSQL server.

For use of shared memory for jails, be sure to add this to your /etc/sysctl.conf:

security.jail.sysvipc_allowed=1

Compile your new kernel, reboot, and then on to ports. If you want to check your allocated shared memory, you can check with:

$ sysctl -a | grep shmmax

The settings above will show:

'kern.ipc.shmmax: 1638400000'

Preparing the PostgreSQL Jail

If you are planning to compile the database in a jail, be sure to mount the nullfs ports to the ports directory of the jail (if you need a refresher, check out the article on FreeBSD Jails). Next we go to the /usr/ports/databases/postgresql83-server directory, and make install clean. Once it is finished building, add the following to your /etc/rc.conf:

postgresql_enable="YES"

Note: If you don’t add this, the rc.d script will NOT work.

Next we need to initialize the database, so run:

/usr/local/etc/rc.d/postgresql initdb

With this done, it’s time to change the setup of the database. First, we go to /usr/local/pgsql/data, and edit the postgresql.conf. In here, we’ll set the bind-address, port, and whatever else we need. If you plan to have other jails, or the base system access the database, set the bind-address to the IP of the jail itself.

Next we move to the pg_hba.conf file. Here we set what hosts, and users we want to allow access to the database.

To start, we’ll add some sort of remote access, say, via VPN (10.211.0.0/16).

host all all 10.211.0.0/16  password md5

With that in place, we restart the server so that the rules are initialized. Now to create a user.

PostGreSQL Database Setup

First we log into the pgsql account.

$ su pgsql

Next we create our user:

$ createuser
Enter name of role to add: testing
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) y
Shall the new role be allowed to create more new roles? (y/n) n

Let’s use our new user, create a table, and then view it:

psql -d template1 -U testing
template1=> create database testing;
CREATE DATBASE

template1=> l
List of databases
Name    |  Owner  | Encoding
-----------+---------+-----------
postgres  | pgsql   | SQL_ASCII
template0 | pgsql   | SQL_ASCII
template1 | pgsql   | SQL_ASCII
testing   | testing | SQL_ASCII
(4 rows)

template1=> c testing;
You are now connected to database "testing".
testing=> create table public.test_table ( id char(2), name varchar(40));
CREATE TABLE
testing=> d
List of relations
Schema |    Name    | Type  |  Owner
--------+------------+-------+---------
public | test_table | table | testing
(1 row)
testing=> 

For future reference we’ll see how to view users as well as change the password of users. The database template1 is the main default database for PostGreSQL which holds the user configurations:

testing=> c template1
 You are now connected to database "template1".
template1=> alter user testing with password 'testme';
 ALTER ROLE

Testing the PostGreSQL Jail

Since we added a role in the pg_hba.conf file, we can connect remotely with the following syntax:

$ psql -h <hostname> -U <user> -d <database> 

You should now have a basic understanding of the PostGreSQL jail setup, and have the ability to install it with full optimization in FreeBSD. Enjoy!

No Comments

Add your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.